Well, first off I would like to say that there is really no certification that will help you build a career in...
this field. Most of the people that I know barely look at certifications and even if they do it does not add much value in their decision on hiring. So then that lends the question what does help you advance your career in the field?
Then find a niche and get really good at it. For instance, you might focus on application security specifically on Oracle application server or Ruby on Rails or new technologies like Silverlight or Adobe Apollo. Then once you become that expert, start talking about it. Post on mailing lists. Write white papers. Speak at security conferences. At this point the jobs come to you. Prove your expertise and experience and that you're not just another 'security expert' and you won't be asking how to build a career in appsec -- you will have already done it.
Let's move on to certifications. Don't look at certifications as validation that you know something. Rather, view them as a method of learning. In this case SPI Dynamics has a great class on Web app security and SANS is very well known for having good classes (see related article in top sidebar.) In fact, I know the guys that teach the SANS Web application security class and they are great guys. I highly recommend it.
Your first step, of course, is to pick up some books. I recently came out with a book Hacking Exposed Web Applications, Second Edition (see lower sidebar to download a chapter for free) and I would also suggest picking up any book by Gary McGraw, David Leblanc and John Viega. By the time you finish 2-3 of their books you should be overloaded with knowledge of development security mistakes.
Good luck and let me know if you have any other questions.
Dig Deeper on Building Software Project Teams
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.