SSI Secure Software Programmers Certificates

25 Nov 2007

The Software Security Institute is granting "Secure Software Programmers certiļ¬cation". Right now, tests exists for Java/J2EE and C, but other tests are coming for C++, PHP, perl, and .NET/ASP.

The C/C++ mostly covers low-level programming and bad system calls (more on this in another post). The Java one looks at correct configuration of J2EE and threading. I think the php or perl tests will cover Cross Site Scripting and SQL injection issues once it comes out.

Normally I think programming certificates are worthless since most of them cover stuff you have to know just to do your regular job. But security is a little different since it's issues around the edges and if you never seen the issue it's unlikely you'll think about it. Even better, it's a sure-thing your employer will pay for it ($500)!

Check it out and let me know what you think.