The Certified Application Security Specialist (CASS) certification is designed to assess the knowledge and skill set of candidates within application security and secure programing realm. Candidates should have experience in the following areas in order to sit for the exam:
- Secure Programming Throughout the Application Development Lifecycle
- Confronting Flawed Input Data
- Implementation Best Practices
- Source code analysis scanning software
- Code Origin Access Control Methods
- Network Transmission Security
- WS Security, XKMS, and WS-I Basic security profiles
- SecureXML Libraries
- Privilege Escalation Opportunities
- Race Conditions
- Cross Site Scripting Injection
- .Net Secure Remoting
- Windows Forms Security
- SQL Server: Exploitation and Defense
- Fault Injection and Fuzzing
- Java security managers, policy files, and JAAS
- ASP.NET Security
- XOR, Base64 and Garbage Data Obfuscation
- Securely Maintaining Session State – Best Practices
- Session fixation
- Vulnerabilties in AJAX-enabled applications
- Advanced SQL Injection
- Oracle PL/SQL Injection
- .Net Security tokens, XML signature, XML canonicalization, and XML encryption
- .Net WS-Trust and WS-SecureConversation
- Error Control Verbosity Abuse
The IACRB is:
- An industry standard organization.
- Formed by information security professionals.
- A not-for-profit legal entity with a sole mission to certify individuals.
- Requires all exam candidates to pass a hands-on practical examination.
All certifications offered by the IACRB are composed of a traditional multiple choice exam, as well as a hands-on practical exam. The goal of this two step process is to determine if a certification candidate possesses the required knowledge of theories and concepts. Additionally, the second step is designed to rigorously test the ability of the candidate to perform job relevant, hands-on technical skills related to information assurance.
Skilled information assurance professionals are the most important piece in the information security puzzle. Candidates that achieve a certification that requires proficiency beyond book knowledge is a valuable method of differentiating skill levels of information assurance professionals.
Benefits of IACRB certification to the Professional:
- Demonstrates theoretical knowledge of information assurance.
- Confirms commitment to information assurance profession.
- Serves as a differentiator in the highly competitive information security job market.
- Provides access to a network of certified individuals.
Benefits of IACRB certification to the Employers:
- Establishes a base-line skill level requirement for highly technical positions.
- Ensures that individuals have required hands-on skills to perform on the job.
- Access to a network of subject matter experts.