Certification for Web Application Security
Anurag is the man behind a new web application security certification. Offered as a joint WASC/SANS cert, it’s aiming to be the de-facto web application certification program for people in our field. Regulating the industry may not be all that bad of an idea, given that I see more bad security people than good. But beyond that it’s cool to see the industry growing up where it needs full fledged certification.
Anyway, if you want to have some input on things that you’d like to see in the cert, now’s your chance. Click the link above and go to his surveymonkey link and spend a few minutes filling it out if this is at all interesting to you. Speak now or forever hold your peace.
Now the real question is, I wonder if I’ll pass this cert. 
Hey, Anurag, can I get some sort of an exemption? I never was very good at test taking!
February 28th, 2008 at 6:17 pm
Cmon, didn’t you pass the CISSP?
February 28th, 2008 at 7:37 pm
Heh, thats the word on the street anyways….. or so the Germans would have us believe!
February 28th, 2008 at 9:56 pm
I am glad to finally see this. As a contractor the lack of an industry certification has made it difficult to “sell” web security services in certain spaces. Especially spaces where your average contracting officer may not be aware of WebAppSec issues, such as the government space.
While I generally am not a fan of certifications this will certainly allow people to “feel” better about hiring a competent web security officer and in the long run will help expand awareness and remediation of flaws. In the end that’s what we should all be striving for.
March 4th, 2008 at 12:31 pm
“Same Origin Policy” did not appear anywhere in the summary. d’oh.
March 4th, 2008 at 12:32 pm
um, that should have said “survey” not “summary”. Sorry.
March 5th, 2008 at 3:50 am
Certifications from SANS.org are relatively expensive and can’t be suitable for the Poor and the Haves-Not. OWASP cert should also be available through Prometric and Pearson VUE.