Last month, Microsoft started beefing up its security coverage in the developer side of its certification exams. Both of the two new exams aim squarely at developer knowledge about implementing application security for Microsoft's two primary programming languages (VB and C#) and its primary development environment (.NET):
* Exam 70-330: Implementing Security for Applications with Microsoft Visual Basic .NET
* Exam 70-340: Implementing Security for Applications with Microsoft Visual C#
The exams are scheduled to go into beta from late April through early May (the MS Web pages say "April 2004" but Pearson VUE Web pages say "April 21 through May 5"). In keeping with Microsoft's usual numbering scheme for beta exams, the current exam numbers show up as 71-330 and 71-340.
These exams look pretty intense -- at least, in their beta versions. Microsoft recommends that candidates have three or more years of relevant developer experience "developing n-tier applications" and "at least one year of experience using Visual Studio .NET 2003, including ASP.NET and ADO.NET." Likewise, candidates should have experience in developing both Windows- and Web-based applications "from start to finish." These represent some of the strongest background requirements I've seen for any of Microsoft's developer exams! As usual, passing either exam confers MCP status on those who pass, and each of the two exams applies to either the MCAD or the MCSD for Microsoft .NET certifications. The beta exams are slated to occupy four-hour time slots.
Each of the exams is backed up by no less than three instructor-led courses from the Microsoft curriculum:
* Course 2300: Developing Security-Enhanced Web Applications
* Course 2350: Developing and Deploying Secure Microsoft .NET Framework Applications
* Course 2805: Security Seminar for Developers
The exam objectives are also pretty demanding and focus on best security practices in application development, building security-enhanced .NET applications, configuring application security using the .NET framework and OS tools, and stabilizing and releasing applications to minimize security risks.
All in all, this represents a major thrust into applications security on Microsoft's part -- hopefully, one that will help to support and enable more secure applications from the company itself and those who use its programming languages and development environments. With another security element or two on the developer side of Microsoft's exam slate, can MCAD: Security and MCSD: Security specializations be too far behind? One wonders!
Ed Tittel is a long-time certification follower. He's series editor for Exam Cram 2, a popular assembly of cert prep books from Que Publishing, and a contributing editor for Certification Magazine. He also covers certification topics for InformIT.com, and numerous other TechTarget Web sites.