Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

An Interesting Certification Challenge

In an industry where there are more certification and standardisation options than are really necessary comes a new certification effort which is looking to make web application security at least somewhat standardised.

On first look, this is a good idea and should provide a baseline level of competence for people looking to work in the field of web application security. Where it can lead to a trap for the unwary is that web application threats, attacks, and vulnerability types are in such a rapid state of flux that the moment anything is formalised for certification it risks becoming stale and out of date.

Having gained certification under this process it will signify that someone has reached what should be considered a bare essential level of knowledge and competence to work within the field of web application security. The risk is that recruiters, managers and HR representatives who know nothing about the certification other than it exists will see it as a solution for all the problems rather than as establishing a baseline. Those who are seeking to gain certification and then rest back on what they have achieved should be forewarned that web application security is a very fast moving target that will trap the unwary and cause havoc for even the well prepared.

The reaction so far is one of cautious interest and it will be worth watching to see how the Web Application Security Consortium and GIAC manage the certification without it becoming another one of the many on offer from the certification mills / rubber stamping agencies that have sprung up since certification took on such an important role for hiring and managing employees.

With examples such as this out there, perhaps a certification for baseline competence can not be created too soon.

4 March 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.