Last week, the latest CompTIA certification went live, as the Mobile App Security+ exam became available on October 15. This credential seeks to address the need to develop, test, and deliver native iOS or Android applications (the test comes in two flavors, one for each of these market-leading mobile device runtime environments) that are designed and built for security, including also secure network communications and back-end web services in the overall security frame.
There’s a strong industry movement afoot at the moment to boost security, not just for mobile applications in particular, but also for the ever-increasing number of web-based applications in everyday use. This applies to a large number of cloud-based applications (and is the typical foundation for Software-as-a-Service, or SaaS, offerings) but also to an even more sizeable population of custom code developed in businesses and organizations of all sizes and scales.
I alluded to this overall phenomenon in my Friday blog post right here, entitled “SANS Adds Web App Pen Test Cert to Line-Up,” which makes mention of 9 IT certifications from numerous organizations, all of which seek to boost security for Web-based applications, mobile and otherwise. I’d be very surprised if we don’t see more such certifications popping up on the security landscape, both with mobile and more general application orientations. Why? Because that’s where the real traction in application development, delivery, and deployment is nowadays, and thus also, where the biggest security risks lie (not to mention the added risks inherent to a highly distributed and Internet-based information architecture).