Mobile technology is becoming more integrated in our daily lives than we can ever imagine. There seems to be a mobile application for everything. The joke that “there’s a mobile app to do that” is no longer funny. We also hear about many ugly information leaks from mobile phones, with celebrities’ nude pictures being the least of the damage. Does this mean that mobile apps cannot be secured enough?
The short answer is YES. Mobile apps are not secure enough. Despite the fact that developers spend a lot of money on their products and companies cannot stress enough how important mobile app security is, there is still a significant gap in this area. Mobile app security specialists are in high demand. This is an exciting field that requires more than a formal credential. You need to be curious and eager to learn as there are many breakthroughs and discoveries in this field. If you are interested in this career, professional credentials and mobile app security certifications will be your best bet.
CompTIA Mobile app Security+, CompTIA Mobil+, and the newly launched Certified Secure Software Lifecycle Professional credential CSSLP by (ISC.2) are all worth considering.
According to (ISC), CSSLP validates the holders’ abilities to develop an application security program within their organization; reduce production costs, application vulnerabilities, delivery delay; enhance the credibility of the organization, its development team; and reduce revenue loss and reputation due to insecure software.
This is the new approach: to prepare developers and team leaders to plug the inevitable holes in app security.
CSSLP(r), Certified Secure Software Lifecycle Professional. Take a closer look
The CSSLP(r), an industry-leading certification from (ISC),2, helps candidates to establish themselves as leaders in application security. The following are the expected capabilities of CSSLP certified holders:
Develop an application security program for your organization
Reduce production costs, application vulnerabilities, and delivery delays
Increasing the credibility of your organization as well as its development team
Reduced revenue loss and reputation damage due to insecure software
The Certified Secure Software Lifecycle Professional, (CSSLP), is the perfect certification for anyone involved in the SDLC (software design lifecycle). This certification is for those with at least 4 years cumulative paid full-time experience in one or more domains of CSSLP CBK. The following are examples of CSSLP professional experience:
Software developers
Engineers and architects
Product managers
Project managers
Software Quality Assurance
QA testers
Business analysts
These professionals manage these stakeholders
CSSLP Exam Outline
Domain 1: Secure Software Concepts
Module 1: Concepts of Secure Software
Module 2: Principles of Security Design
Module 3: Security Privacy
Module 4: Governance and Risk Management and Compliance
Module 5: Methodologies in Software Development
Domain 2: Security Software Requirements
Module 1: Policy Decomposition
Module 2: Categorization and Classification
Module 3: Functional Requirements- Use Cases and Abuse cases
Module 4: Operational Requirements for Secure Software
Domain 3: Secure Software Design
Module 1: The importance of secure design
Module 2: Design Considerations
Module 3: Design Process
Module 4: Securing Commonly Using Architectures
Domain 4: Secure Software Implementation/coding
Module 1: Fundamental Programming Concepts
Module 2: Code Access Security
Module 3: Vulnerability Databases & Lists
Module 4: Defensive Coding Techniques and Controls
Module 5: Secure Software Processes
Domain 5: Security Software Testing
Module 1: Artifacts of Testing
Module 2: Testing for Secure Quality Assurance
Module 3: Types and types of testing
Module 4: Impact Assist