The need for qualified experts to support organizations in the development of secure software is now greater than ever. To meet this growing demand, we share solutions that are developed as part of our important research. The most effective way for developers to improve software security is to eliminate vulnerabilities during development—before the software is released to users. We offer two certificates in secure coding: Secure Coding in Java, described here, and Secure Coding in C and C++. Both certificates can be earned entirely through online training.
The CERT Secure Coding in Java Professional Certificate helps software developers increase security and reduce vulnerabilities in the Java programs they develop. It provides software developers with practical instruction based on the CERT Oracle Secure Coding Standard for Java, which was curated from the contributions of leading experts for the Java programming language.
The CERT Division has been extremely successful in developing secure coding standards, which have been adopted at the corporate level by companies such as Cisco and Oracle. The success of the secure coding standards contributed to the impetus for including software assurance requirements in the National Defense Authorization Act (NDAA) for Fiscal Year 2013.
Our certificate program helps organizations train their teams to eliminate vulnerabilities during development, which can result in reductions in the total cost of repairing code compared to making the repairs after development. In two courses, the CERT Secure Coding team teaches the essentials of designing and developing secure software in Java; participants demonstrate their comprehension of the concepts in an examination.
Completion of this professional certificate enables software developers to increase security and reduce vulnerability in the Java programs they develop. Participants acquire a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants learn how to
After completing the certificate, participants may choose to be listed on the SEI website as an SEI Certificate Holder.
The CERT Secure Coding in Java Professional Certificate does not expire.
Participants pay fees for courses and the exam; there is no additional fee for the certificate.
eLearning package: 1,250ドル
Organizations considering this training for a group of participants can take advantage of eLearning group discounts or schedule a private, instructor-led, onsite training delivery. Email course-info@sei.cmu.edu or telephone +1 412-268-1817 for details.
To earn this certificate, complete the following courses and the exam within 24 months:
Secure Software Concepts
Secure Software Concepts explores basic security concepts and how security design principles protect the organization. Risk assessment and management, regulatory requirements, and software design are examined within the context of the organization's acquisition and development lifecycles to prepare the student for a deeper study of secure coding. This eLearning course contains 2 hours of video instruction that may be studied incrementally.
Secure Coding in Java
Secure Coding in Java provides detailed instruction about common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries. This eLearning course contains 16 hours of video instruction, which may be studied incrementally, and 4 online exercises performed in the virtual lab environment.
Secure Coding in Java Examination
The CERT Secure Coding in Java Professional Certificate concludes with an examination of the student's comprehension of the concepts presented in the preceding courses. The exam consists of 40 multiple-choice questions. Students proceed through the exam at their convenience over 6 total hours. Students must achieve a passing score of 80%.
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in Java programming. This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure Java programs regardless of the specific application.
 Please note: you must bring a laptop computer equipped with the latest version of Adobe Reader and VMware Player. See the Prerequisites section for download information.
 The course assumes basic Java programming skills but does not assume an in-depth knowledge of software security. Material in this presentation was derived from the Addison-Wesley books The CERT Oracle Secure Coding Standard for Java and Java Coding Guidelines.
To learn more about the CERT Secure Coding eLearning and Professional Certificates, please go to: SEI Certificates 
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.