India’s talent pipeline in information security-skills emerges at its weakest with just under a percentage of student population in engineering equipped with basic skills in information security. This report by EC-Council, the global professional certification body for IT security related programmes, looks into the skill gaps gaps and its consequences.
| ALL INDIA Skill Level Analysis (in %) | |
| Skilled | 0.97 |
| Trainable | 12.74 |
| Ineligible | 86.29 |
In the individual skill categories too, candidates have performed poorly
| Performance of the candidates in individual skill categories (in %) | ||
| Category | Pass | Fail |
| Application Architecture | 38.99 | 61.01 |
| Authentication & Authorisation | 28.14 | 71.86 |
| Code Review | 29.71 | 70.29 |
| Cryptography | 28.23 | 71.77 |
| Error Handling | 25.14 | 74.86 |
| File Handling | 26.58 | 73.42 |
| Fundamentals | 35.42 | 64.58 |
| Input Validation | 28.96 | 71.04 |
| Session Management | 34.11 | 65.89 |
EC Council said that Improper handling of errors and exception makes you vulnerable to
-Disclosure of sensitive information
-Denial-of-service attacks
Distributed denial of service attacks have been used to divert security personnel attention while millions of dollars were stolen from banks, according to a security researcher
Improper authentication and authorization makes you vulnerable to credential theft, eavesdropping, brute-force and dictionary attacks, account hijacking, information leakage, disclosure of confidential data among others.
Improper input validation makes you vulnerable to cross-site request forgery, cookie manipulation, form field manipulation among others.
To fill this gap, EC-Council has comprehensive secure programming training programmes through its EC Council Certified Secure Programmer (ECSP).
Source: EC-Council
