by
Janet Pinkerton
| Oct 17, 2013
Update: CompTIA no longer offers Mobile App Security+.
When a developer prepares for and is able to pass the Mobile App Security+ certification exam, it shows employers and customers that she or he is a developer with important fundamental skills in developing secure apps for Android and iPhone.
Ted Eull, vice president of mobile services, viaForensics
The CompTIA Mobile App Security+ certification exam, created by CompTIA and its exam development partner viaForensics, is now available worldwide.
The exam is designed to validate that mobile application developers have the skills to securely create a native iOS or Android mobile app while also ensuring secure network communications and backend web services.
The Mobile App Security+ exam is available in an iOS edition and an Android edition. Candidates only have to pass one of the editions to become certified. The exam is ideal for individuals with at least 24 months of mobile application development experience, including mobile application developers, software developers, network security developers, and application management developers.
The 100-question, 90-minute exam is now available worldwide in English, priced at $284 per exam.
Securing Apps, Data and Networks from the Start
Mobile App Security+ is CompTIA’s first mobile device-centric exam, and its timing is critical.
Worldwide, mobile app store downloads (free and paid) are expected to increase from 102 billion in 2013 to nearly 269 billion by 2017, Gartner predicts.
If not securely built at code level, a mobile app can compromise the security of user data and any network—personal or enterprise—to which the mobile device connects.
“Many developers so far have fallen short in designing and building secure apps,” said Ted Eull, viaForensics’ vice president of mobile services.
As industry sectors such as financial, infrastructure, health and government move quickly into extensive use of mobile apps, “the secure development processes and principles that were used before have not always kept pace in the rush to produce mobile apps," Eull said.
Mobile App Security+ can validate a developer's understanding of key security principles, features, and APIs of the Android or iOS platforms, Eull says.
Prerequisite knowledge recommended for taking the exams includes Objective-C programming (for the iOS exam), Java programming (for the Android exam), plus SDK, SQL coding, mobile and app security essentials, and encryption implementation for the exam's specific operating system platform.
The CompTIA Mobile App Security+ exam objectives test a candidate's knowledge and skill regarding:
- Security principles, secure development life cycles, and threat models
- Security features of software development kits and APIs
- Service and network security
- Data security and implementing encryption
- Application hardening and reverse engineering
- Secure coding practices
“When a developer prepares for and is able to pass the Mobile App Security+ certification exam, it shows employers and customers that she or he is a developer with important fundamental skills in developing secure apps for Android and iPhone,” said Eull.
Training for the Test
Timed with the launch of the exam, CompTIA Authorized Learning Content Partner Logical Operations has released courseware for the iOS and Android exams. The courseware will be available in student and instructor editions through the CompTIA store and Logical Operations’ e-commerce store. Each version of the Logical Operations courseware includes pre-configured development tools and demonstration “sandbox” apps to support hands-on learning. The iOS courseware is compatible with Apple’s new iOS 7.
Pontiac, Mich.-based Mobile Comply will provide instructor-led courses for both the iOS and Android Mobile App Security+ exams. "The mobile industry has long awaited a certification of this type," said Mobile Comply CEO Elaina Farnsworth.
First of CompTIA’s Two New Mobile Credentials
CompTIA Mobile App Security+ is the first of two new mobile-centric certifications planned by CompTIA. The second will be the CompTIA Mobility+, a certification slated for a November release that is designed to validate an IT professional’s skills for integrating, deploying and managing a mobile computing environment.
“Mobile App Security+ is for software developers who know how to secure the app as they are developing it from the very start,” said Sharon Tierney, CompTIA senior product manager. “Mobility+ is for IT professionals working to ensure that the mobile devices that are brought into the workplace work securely with existing network infrastructure, despite the multiple mobile device types, a wide range of apps and user behavior.”
Businesses perceive high value in accommodating mobile devices for their employees, but balancing end user expectations with IT requirements for reliability and security is a major challenge for many organizations, said John McGlinchey, CompTIA senior vice president, global business development. “CompTIA’s new Mobility+ and Mobile App Security+ certifications were developed by the IT industry to meet these workforce needs," he said.