According to Gartner, an information technology (IT) research and consultancy company, “over 70% of breaches of security vulnerabilities exist at the application level.” This is because security is often not the first thought in the mind of software developers and vulnerabilities and exploitable holes might be present for a while before patches are finally issued. Application vulnerabilities are ranked today among the top cybersecurity threats to organizations in order of severity. So, without action, business will continue to be exposed to serious consequences, such as disruptions in its continuous operation.
An expert, like a Certified Secure Software Lifecycle Professional (CSSLP), can be called in to assume many roles: to implement software assurances; to incorporate application access controls; if not to execute programming that will improve the coding of scripts on-the-fly, or else to ensure the implementations of more secure applications. With the current dependence on Web applications and the rapid shift to virtual and mobile environments, an adequate number of CSSLPs who are dedicated to ensuring security through the software development lifecycle (SDLC) are a much-needed solution to pinpoint threats targeting web-based apps.
How can an IT professional prepare for this important role? The (ISC)² CSSLP might be the right answer as it is a base credential that tests a candidates’ competency against a measurable pattern of knowledge, skills, abilities (KSA) necessary to fulfill the software security needs of any company.
The International Information Systems Security Certification Consortium, Inc., (ISC)²® for short, sponsors the CSSLP certification and is working towards making the CSSLP the de facto industry standard for secure software development. “The CSSLP examination is designed to take a ‘People, Processes, Technology’ holistic view of software security that enables one to prevent many of the insecure problems that plague ubiquitous computing.” A CSSLP credential holder can (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Brecht. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/m651Dchew44/