Paid Advertising
web application security lab

Certification for Web Application Security

Anurag is the man behind a new web application security certification. Offered as a joint WASC/SANS cert, it’s aiming to be the de-facto web application certification program for people in our field. Regulating the industry may not be all that bad of an idea, given that I see more bad security people than good. But beyond that it’s cool to see the industry growing up where it needs full fledged certification.

Anyway, if you want to have some input on things that you’d like to see in the cert, now’s your chance. Click the link above and go to his surveymonkey link and spend a few minutes filling it out if this is at all interesting to you. Speak now or forever hold your peace.

Now the real question is, I wonder if I’ll pass this cert. ;) Hey, Anurag, can I get some sort of an exemption? I never was very good at test taking!

8 Responses to “Certification for Web Application Security”

  1. Jeremiah Grossman Says:

    Cmon, didn’t you pass the CISSP? :)

  2. Jon A. Longoria Says:

    Heh, thats the word on the street anyways….. or so the Germans would have us believe!

  3. Mark Says:

    I am glad to finally see this. As a contractor the lack of an industry certification has made it difficult to “sell” web security services in certain spaces. Especially spaces where your average contracting officer may not be aware of WebAppSec issues, such as the government space.

    While I generally am not a fan of certifications this will certainly allow people to “feel” better about hiring a competent web security officer and in the long run will help expand awareness and remediation of flaws. In the end that’s what we should all be striving for.

  4. rezn Says:

    “Same Origin Policy” did not appear anywhere in the summary. d’oh.

  5. rezn Says:

    um, that should have said “survey” not “summary”. Sorry.

  6. aung khant Says:

    Certifications from are relatively expensive and can’t be suitable for the Poor and the Haves-Not. OWASP cert should also be available through Prometric and Pearson VUE.

  7. bert Says:

    I ended a bit by chance in this blog but maybe you are willing to help: Was is the best way to make a (new) web application fraud and hack proof? What is the most relevant certification to be obtained? The best US service provider to work with?

  8. martin Says:

    I am also looking for some good certificates in web app security field but SANS seem to be very expensive..any idea abt a cheaper one?