Scribd
Upload
218 views5 pages

Security Specialization Detail Sheet - EN

The document provides information about the Security Specialization exam requirements and format. It details that candidates must first obtain the Associate Reactive Developer Certification. The multiple choice exam has 25 questions over 90 minutes and focuses on security topics like authentication, authorization, and sensitive data handling. It also provides exam preparation resources and information on registration, rescheduling, fees, and repeating the exam.

Uploaded by

bloodscream
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
218 views5 pages

Security Specialization Detail Sheet - EN

The document provides information about the Security Specialization exam requirements and format. It details that candidates must first obtain the Associate Reactive Developer Certification. The multiple choice exam has 25 questions over 90 minutes and focuses on security topics like authentication, authorization, and sensitive data handling. It also provides exam preparation resources and information on registration, rescheduling, fees, and repeating the exam.

Uploaded by

bloodscream
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Security Specialization

Detail Sheet

Requirements
To take the Security Specialization exam you must have obtained the Associate Reactive
Developer Certification.

Exam
Format: Multiple choice

Number of questions: 25

Passing score: 70% (18/25)

Exam duration: 90 minutes (if needed)

The exam focuses on practical knowledge and scenarios that validate your knowledge and
professional experience in critical fields of expertise such as authentication, authorization and
access control, handling sensitive data and others.

Exam Topics
The Security Specialization Exam focuses on the fundamental knowledge related to reactive
web security fundamentals, authentication, access control, secure connection, handling
sensitive data and other OWASP vulnerabilities and some recommendations / built-in
protections OutSystems offers.

More details about the exam topics are in the Preparation section below.
Categories & Topics # of Questions % of Score

Access Control 3/4 12%/16%

Handling Sensitive Data 3 12%

Authentication 6/7

External Authentication 2
24%/28%
Session Cookies 2

Authentication Flow Protection 2/3

Other OWASP Vulnerabilities 5

Logging 1

External Components 1 20%


Security Misconfigurations 1

Cross-site Scripting/Injection 2

Secure Connections 2 8%

Security Fundamentals 5 20%

Preparation
The best way to prepare for the Security Specialization exam is to study the topics listed in the
online resources section, together with some experience in this area of expertise. We also
recommend the OutSystems Security Specialist Boot Camp by Code for All. You can find more
information about it at https://outsystems.codeforall.com/.

1
Online Resources
We encourage you to review the following online resources which include guided paths, the
online documentation and technical notes. Note that the exam questions cover only Reactive
Web related matters, so topics related with Traditional Web or Mobile can be skipped.

● [Online Course] Role-based Security


● [Online Course] Authentication
● [Documentation] Reactive web security best practices
● [Documentation] Develop Secure OutSystems Apps
● [Video] Implementing Password Recovery in OutSystems
● [Documentation] Secure Cookies
● [Documentation] End-Users and related articles in the section
○ [Documentation] End-User Authentication and related articles in the section
● [Documentation] User Roles and related articles in the section
● [Documentation] Protection Against Brute Force Attack
● [Documentation] How the OutSystems Platform Helps You Develop Secure Applications
○ Protecting OutSystems apps from access control / permissions vulnerabilities
○ Protecting OutSystems Apps From Authentication Vulnerabilities
○ Protecting OutSystems apps from code injection / Cross Site Scripting attacks
○ Protecting OutSystems apps using encryption and SSL/TLS
○ Protecting OutSystems apps from Cross Site Request Forgery attacks
○ Protecting OutSystems Apps From Redirects / Forwarders Vulnerabilities
● [Documentation] Injection and Cross Site Script (XSS)
○ SQL Injection Warning
○ HTML Injection Warning
○ JavaScript Injection Warning
● [Documentation] Apply Content Security Policy
● [Documentation] OutSystems Platform Server hardening
● [Documentation] HIPAA compliance - how OutSystems can help
○ Checklist of HIPAA safeguards

2
Registration
Registration for the exam is available in the OutSystems Certification page:
https://www.outsystems.com/learn/certifications/

Find the exam on the page, select one of the languages available for the exam, and click on the
Pre-register button. Then, fill the Form with your data and follow the steps to register for the
exam.

Rescheduling the Exam


It is possible to reschedule the exam up to 48 hours before the exam scheduled date. Just
access the OutSystems Certification Page and select the Reschedule option you will find next to
the exam in question. Less than 48 hours before the exam it is no longer possible to
reschedule it, so you have to take the exam or you will lose your exam attempt.

You can reschedule the exam free of charge up to 15 days before the original schedule date.
When rescheduling the exam 14 days before the original date, and until the 48 hour period
mentioned above, there will be an extra fee of 25 US$.

Taking the Exam


The exam is available online, which means you can take the exam at your own convenience
and without traveling. The exams are proctored by a third party, which ensures the integrity of
your physical and virtual environments and monitors the exam to guarantee the fair and
honest completion of the exam. You can find all about the online exams in Prometric’s user
guide: https://www.prometric.com/sites/default/files/2019-10/PrometricProUserGuide.pdf

Note that for online exams the proctor support is only available in English. If you select a
language different from English for your exam, that refers exclusively to the exam content.
Therefore it is still relevant that you have a certain level of proficiency in the language, to be
able to communicate with the proctor during the exam setup, or in need of assistance.

The exam is also available in Test Centers. When registering for the exam you can check for
the test center closest to you and find an available date. This is the most complete experience,

3
since you will be in an environment fully prepared to host the exam and with support from the
staff in the local language.

Exam Fee
The respective exam fee will be charged during the registration process. You will not be able to
proceed until the payment is complete.

No shows

If you fail to take your exam before the expiration date, you will still be charged for the exam.

Repeating the Exam

If you fail your exam attempt, you can always register again for a new exam, paying the regular
exam fee. To register for the new attempt, register through our Certification Page. In case you
find any issues please contact [email protected].

Specialization Version
Your specialization is associated with a specific version of OutSystems. For example, you
can get the Security Specialization for OutSystems 11.

Certifications and specializations will be associated with major release versions. If you want to
be certified on the latest version, you must pass the exam for that version.

Good luck on your exam!

You might also like