Is a SANS certification worth it?

Never heard of it!

If you don't have experience, certifications are an option. Personally I wouldn't pay it. If you're serious about doing security full-time, it may be advisable but if your goal is to stay a dev, a full SANS bootcamp is probably not for you.

A sans boot camp is the best 5-6 days of security instruction you can buy. Highly respected by the industry. A great investment for an organization that has no cyber talent. Now that being said just because you go to a boot camp doesn't mean you learned anything.

I wouldn't pay out of pocket for a sans class/cert. Get the company to pay or teach yourself from the numerous free resources online

You can't go wrong with SANS

If you're looking to move into an entry-level security position, the SANS cert can be a good foothold at some companies (and there are other people who will say they view them neutrally or negatively). If you just want to learn security stuff, figure out which certification you'd find most valuable to your role, and use material found online, books, and cheaper trainings to get a good foundation. For example, many computer security conferences will offer cheap or free trainings to attendees. Attending computer security conferences and meetups can also be valuable. There is possibly a "citysec" Meetup near you, if you're in any kind of city with a tech scene (I don't know where you live).

There is a Humble Bundle security books bundle available for the next ten days. Of the included books, for what you described, I would say the "Threat Modeling", "Web Application Hacker's Handbook", "Unauthorized Access", and "Cryptography Engineering" books would be most useful to you!