So confirms The Institute for Certified Application Security Specialists.
Love them or hate them, certifications are a part of the information security industry. As waves of new comers flood into the emerging application security field, overwhelming hiring managers, it's imperative that true "specialists" distinguish themselves from the general InfoSec practitioner. Obtaining a respected certification is one way for a professional to do exactly that while simultaneously increasing their credibility. Still the challenge for many is a lack of time to study, attend classes, take exams, and the high costs involved -- not to mention healthy skepticism of the value provided by such programs. What we do know is the more exclusive and specialized a certification is, the more value it may hold. So that's when I heard about the The Institute for Certified Application Security Specialists (ASS) offering a program, I had to investigate.
After visiting their site and reading the literature, I must say I was thoroughly impressed. I was previously aware of the CSSLP program, but their process was a little too involved. Conversely the Institute created a streamlined program to meet the requirements of both organizations and individuals in today's fast evolving application security landscape. The ASS certification takes into account previous work experience, industry standards and best-practices, includes a sound Code of Ethics, and even a well thought out Oath of Office. That way certification holders can rest assured they'd be in good company. Should an applicant qualify for an official certification they can obtained one without examination in minutes with a 3-step process (see right-side column) at a cost anyone can easily afford. After successful completion a person may proudly proclaim they are a Certified ASS!
I'm confident this offering will become very popular after experiencing the process personally. Lastly, one must be aware though that according to the terms certifications are only valid up until the release of Web 3.0 where additional standards may apply.