OWASP Certified Secure Software Developer
Friday, October 3, 2025
To develop applications we need code. To write code we need developers. And to develop secure applications, developers need to write code that does not result in or have vulnerabilities.
OWASP is about application security - be it web application, mobile application, applications developed with low-code-no-code, infrastructure-as-code, etc.
OWASP is currently working on a new initiative to create a certification program for developers. It is named OWASP Certified Secure-Software Developer - OCSD.
This certification is aimed to help developers to showcase their skills in writing secure code.
The certification program is an answer to the questions a hiring manager may have, when interviewing a developer. It is also for the developers who want to showcase their skills in developing secure code.
Remember:
- Writing secure code != testing the security of code with tools
- If developers do not put security in the code, no one else will
The questions we may want to ask are:
- If I am hiring an application developer, what are the security related skills I would look for?
- If I were an application developer what security skills would I like to be validated for?
This certification program seeks to provide answers to these questions.
Stay tuned for more updates in this space.