Wednesday, April 01, 2009

New cert program for Application Security Specialists

So confirms The Institute for Certified Application Security Specialists.

Love them or hate them, certifications are a part of the information security industry. As waves of new comers flood into the emerging application security field, overwhelming hiring managers, it's imperative that true "specialists" distinguish themselves from the general InfoSec practitioner. Obtaining a respected certification is one way for a professional to do exactly that while simultaneously increasing their credibility. Still the challenge for many is a lack of time to study, attend classes, take exams, and the high costs involved -- not to mention healthy skepticism of the value provided by such programs. What we do know is the more exclusive and specialized a certification is, the more value it may hold. So that's when I heard about the The Institute for Certified Application Security Specialists (ASS) offering a program, I had to investigate.

After visiting their site and reading the literature, I must say I was thoroughly impressed. I was previously aware of the CSSLP program, but their process was a little too involved. Conversely the Institute created a streamlined program to meet the requirements of both organizations and individuals in today's fast evolving application security landscape. The ASS certification takes into account previous work experience, industry standards and best-practices, includes a sound Code of Ethics, and even a well thought out Oath of Office. That way certification holders can rest assured they'd be in good company. Should an applicant qualify for an official certification they can obtained one without examination in minutes with a 3-step process (see right-side column) at a cost anyone can easily afford. After successful completion a person may proudly proclaim they are a Certified ASS!

I'm confident this offering will become very popular after experiencing the process personally. Lastly, one must be aware though that according to the terms certifications are only valid up until the release of Web 3.0 where additional standards may apply.

11 comments:

Lucy Lee said...

I agree that this is important. In the current economic downturn companies are cutting budgets and having layoffs left and right. This certification creates a distinction these businesses need in order to hold on to their ASSes. And anyway, it's about time for recognition. I've always thought the app sec industry would turn around if the department heads spent more time listening to their ASSes.

blututh said...

Follow up to the Scanless PCI thingy of last year huh? Good April fool's joke :)

Sheran said...

Wow, this is awesome! I mean cutting down the effort involved in becoming certified is really evident when I explore ASS. I think this certification is a godsend for all of us professionals who aren't afraid to go where others have dared not to probe before. I shall be certifying myself in ASS before the day is out!

kuza55 said...

I personally always thought it was pretty obvious I was an ASS and had not considered that other people may not instantly recognise this.

Now with this new certification everyone will be able to tell I'm an ASS from miles off, thanks Jeremiah!

Karn Ganeshen said...

Lol. Social Engineering at play again!
Result: Successful April Fool's Day & some Certified ASS. :)

Thanks,
KG
http://ipositivesecurity.blogspot.com/

JWeiler said...

This increase in certified application specialists should immediately increase the security of all web applications. What a great mechanism. Do you think they accept the time I use web applications as CPEs?

wconway said...

Actually, the testimonials on the Association web page are the best. Good follow-up to Scanless PCI!

MustLive said...

I see Jeremiah became a Certified ASS :-). And RSnake too :-). My congratulations!

Anonymous said...

I've always been an ASS, I just didn't know it till know. With my new CERT everyone will know.

thanks CASS for this great honor

Blizard said...

You can always sniff out a true INFOSEC pro as the one with the ASS.

Anonymous said...

This makes a lot of sense to me. Many a time I've had to deal with situations where management mouths wrote security-related checks that there ASS couldn't cash...