"I've informed many colleagues of my ASS skills and have received nothing but support. Indeed, the world is confident that I'm a thorough ASS." - Omi
The Institute for
Certified Application Security Specialists

The leading application security certification that meets top industry standards from the comfort of your own office.
Lowest price. Guaranteed!
Published: April 1, 2009
Now Open! Our Institute Store!
Proudly display your ASS certification on our exclusive gear, including an official Certified ASS hat!
Certified Application Security Specialists are the leaders in application security, building the foundation of tomorrow's Internet.
News Flash! Our explosive growth and popularity has enabled The Institute to acquire the LAMN organization!
Join our LinkedIn Group!
What is the Institute for Certified Application Security Specialists?
The Institute is the industry's leading authority for Certified ASS's. Our curriculum complies with the highest industry standards while still reflecting the operational realities of securing applications in the modern enterprise. For far too long there's been no standard certification for those securing our most essential applications; the institute was created to fill this dangerous gap. By hiring Certified ASS's employers can be assured their critical applications are protected by experts meeting the top industry standards. Individuals can advance their careers and personal development by obtaining validated proof of their skills as an ASS.

Tell me more about the certification?
Certified ASS's are the industry's gold standard in application security. Candidates are required to prove they meet all industry requirements for application security, while demonstrating knowledge of real-world operational procedures and processes. The certification process itself is designed to meet the needs of both employers who require third-party assurances as to the quality of their employees, and employees required to prove their skills and experience as an ASS.

How can I get certified?
The certification process was carefully designed to meet the requirements of both organizations and individuals in today's hectic environment. Rather than requiring candidates to take extensive time off work for costly training and testing, potential ASS's first register with the Institute and submit a Stated History of Individual Training for self validation. This provides a formal record of their previous training experience. They then agree to the Institute's Code of Ethics. The Institute then issues an official web-based certificate to the newly Certified ASS, which is fully IETF RFC 3514 compliant. This certificate can be printed, or proudly displayed on personal websites, blogs, and online resumes.

What are the benefits to individuals?
As the premier application security certification program that also reflects real-world realities, certification provides the following benefits:

1. No need to study - Candidates use our exclusive certification process to prove their Stated History of Individual Training via self-validation, which reflects their real-world experiences.
2. No need to take exams - After self validation, candidates agree to the Oath of Office and Code of Ethics. This process ensures only the most experienced ASS achieve certified status, without the need for a test.
3. Lowest Cost - There is no cost to become a Certified ASS! While many candidates have long been considered ASS's, they can now validate that claim with true certification at no cost.
4. Reflects the real world of security - By eliminating costly training programs and standardized tests, the Institute created a process that matches the standard management, processes for enterprise application security, and consistent with today's industry best-practices.

What are the benefits to employers?
1. No need to pay for costly employee training.
2. Be assured that you only employ the highest quality ASS's.
3. Guarantee compliance with all regulations and industry standards.
Become Certified Today!
Email the Institute and submit a Stated History of Individual Training for self validation.

2. Vocally recite the Oath of Office and verbally agree to the Code of Ethics.

3. Proudly display your official certification by hanging it on your office wall or by posting the Website Badge Widget to
your blog.
Website Badge Widget
<div style="font-family: sans-serif; font-size: 12px; text-align: center;">
<img src="http://doiop.com/asscert.png" border="0"><br /><a href="http://www.asscert.com/">Certified Application Security Specialist</a></div>
Oath of Office:
I, <state your name>, do solemnly swear that I will maintain the integrity and security of all applications for which I am responsible, and advance the practice of application security. I will maintain my status as a Certified Application Support Specialist as proof of my knowledge and experience. I agree to abide by the principles of application security, Code of Ethics, and I will actively maintain my Stated History of Individual Training.

Code of Ethics:
1. I shall not compromise the security nor the integrity of applications I protect. My security controls shall not interfere with required business process nor reduce important functionality.
2. I will not engage in hacking activities.
3. I will never associate with anyone who engages in hacking activity.

Media & Testimonials
"Ever since I've become an ASS, my career has simply blossomed. With the increased credibility it offered, I've been able to command higher fees as well as gain the respect of vendors and merchants alike. Being an ASS is all it's cracked up to be!"
-Russ McRee (HolisticInfoSec)

"My ASS certification has gotten me into a lot of places I never expected to be.  All I do is say I'm an ASS and wow - people really start to treat me differently."
- Robert Hansen (SecTheory)

"As a researcher, I've always been curious about ASSs. Now, thanks to the Institute, I've fully explored the world of ASS and learned more than I could possibly have imagined." -Rich Mogull (Securosis)

"I was really itching to get a security certification but didn't see any good options for appsec. Lucky for me the ASS certification scratched my itch!" - Robert Auger (cgisecurity.com)
"With the ASS Certification and my new ASS Hat I finally achieve
recognition from others for who I am and what I do."

- Arian Evans

"As an application security professional it's extremely difficult to standout from the crowd. After obtaining the ASS Certification, I'm now at the front of the line while others are looking at my behind."
Jerry Mangiarelli
"I am very proud to be a Certified ASS  and it's a great pleasure to be a visible part of the ASS community!"
- Christian Gehrig

"I've informed many colleagues of my ASS skills and have received nothing but support. Indeed, the world is confident that I'm a thorough ASS." - Omi
"My reputation was always fairly streaky, which is why I love my ASS certification. I'm pushing the movement all over the Pacific Rim, so my colleagues can get their own instead of riding mine!"
- Arshan Dabirsiaghi

"I'm deeply honored to have become a certified ASS. I will now practice my profession in the admiration of all of my peers, which will have to go a long way before being ASS certifiable."
Gabriele Giuseppini
Once the Website Badge Widget is pasted into your site, the Institute will fully activate your Application Security Specialist (ASS) certification.
The ASS certification is valid so long as the code remains visible on your page, with continued certification contingent upon the official release of Web 3.0. Upon the release of Web 3.0, new certification standards may apply. Certified ASS's are guaranteed complete confidentiality and your information will not be used to solicit additional products or services. The Institute also guarantees that ASS certifications meet all applicable industry standards, including PCI (Pooma Card Industry) Section 6.6. Compliance with other standards or regulations is not offered nor implied. In the event of a repuational impact, the Institute may pay damages according to industry averages as not to exceed the cost of the certification, as determined in binding arbitration.

Copyright April 1, 2009