EXIN Secure Programming Foundation (SPF.EN)
The EXIN Secure Programming Foundation exam tests the knowledge of the candidate on the
basic principles of secure programming. The subjects of this module are Authentication and
Session Management; Handling User Input; Authorization; Configuration, Error Handling and
Logging; Cryptography; and Secure Software Engineering.
Cybercrime, data leaks and information security get more attention than ever in the news.
Governments and companies dedicate more and more resources to these areas. However, most of
that attention appears to be focused on reactive measures (“How do we catch the cyber
criminals?”) instead of on preventive measures (“How do we make our systems secure?”).
Although it is hard to measure, research reports indicate that building security in is worth the
investment. Key in the software building process is education. If programmers do not understand
the security of the software they are building, any additional investment in the process is useless.
The EXIN Secure Programming Foundation certification is part of the EXIN Secure Programming
qualification program. The content is related to the Framework Secure Software, which can be
downloaded from http://securesoftwarealliance.org/framework-secure-software/. (Please note
that this is not exam literature.)
This certificate is meant for:
- programmers and software developers who have an interest in developing secure (web)
- auditors who will work with the Framework Secure Software.
Requirements for Certification
• Successful completion of the EXIN Secure Programming Foundation exam.
A training Secure Programming Foundation and knowledge of software development is
|Examination type:||Multiple-choice Questions|
|Number of questions:||40|
|Pass mark:||65% (26 / 40 questions)|
|Electronic equipment/aides permitted:||No|
|Exam duration:||60 minutes|