Course Summary
The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally. The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.
The CASE certified training program is designed to be a hands-on, comprehensive application security course that will help software professionals create secure applications. The training program encompasses security activities involved in all phases of the Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application.
Unlike other application security trainings, CASE goes beyond just the guidelines on secure coding practices and includes secure requirement gathering, robust application design, and handling security issues in post development phases of application development. This makes CASE one of the most comprehensive certifications on the market today. It is desired by software application engineers, analysts, testers globally, and respected by hiring authorities.
This training covers Application Security, Threats and Attacks
What is a Secure Application
Need for Application Security
Most Common Application Level Attacks
Why Applications become Vulnerable to Attacks
What Consistutes Comprehensive Application Security
Insecure Application: A Software Development Problem
Software Security Standards, Models and Frameworks
Security Requirements Gathering
Importance of Gathering Security Requirements
Security Requirement Engineering (SRE)
Abuse Case and Security Use Case Modeling
Abuser amd Security Stories
Security Quality Requirements Engneering (SQUARE)
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
Secure Application Design and Architecture
Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
Secure Application Design and Architecture
Goal of Secure Design Process
Secure Design Actions
Secure Design Principles
Threat Modeling
Decompose Application
Secure Application Architecture
Secure Coding Practices for Input Validation
Input Validation Pattern
Validation and Security Issues
Impact of Invalid Data Input
Data Validation Techniques
Input Validation using Frameworks and APIs
Open Source Validation Framework for Java
Servlet Filters Validation Filters for Servlet
Data Validation using OWASP ESAPI
Data Validation: Struts Framework
Data Validation: Spring Framework
Input Validation Errors
Common Secure Coding Practices
Secure Coding Practices for Authentication and Authorization
Introduction to Authentication
Types of Authentication
Authentication Weaknesses and Prevention
Introduction to Authorization
Access Control Model
EJB Authorization
Java Authentication and Authorization (JAAS)
Java EE Security
Authorization Common Mistakes and Countermeasures
Authentication and Authorization in Spring Security Framework
Defensive Coding Practices against Broken Authentication and Authorization
Secure Development Checklists: Broken Authentication and Session Management
Secure Coding Practices for Cryptography
Java Cryptographic
Encryption and Secret Keys
Cipher Class
Digital Signatures
Secure Socket Layer (SSL)
Key Management
Digital Signatures
Signed Code Sources
Hashing
Java Card Cryptography
Spring Security: Crypto Module
Do’s and Dont’s in Java Cryptography
Best Practices for Java Cryptography
Secure Coding Practices for Session Management
Session Management
Session Tracking
Session Management in Spring Security
Session Vulnerabilities and their Mitigation Techniques
Best Practices and Guidelines for Secured Sessions Management
Checklist to Secure Credentials and Session ID’s
Guidelines for Secured Session Management
Secure Coding Practices for Error Handling
Introduction to exceptions
Erroneous Exceptional Behaviors
Dos and Don’ts in Error Handling
Spring MVC Error Handling
Exception Handling in Struts 2
Best Practices for Error Handling
Introduction to Logging
Logging using Log4j
Secure Coding in Logging
Static and Dynamic Application Security Testing (SAST and DAST)
Static Application Security Testing
Manual Secure Code Review for Most Common Vulnerabilities
Code Review: Check List Approach
SAST Finding
SAST Report
Dynamic Application Security Testing
Automated Application Vulnerability Scanning Tools
Proxy-based Security Testing Tools
Choosing between SAST and DAST
Secure Deployment and Maintenance
Secure Deployment
Prior Deployment Activity
Deployment Activities: Ensuring Security at Various Levels
Ensuring Security at Host Level
Ensuring Security at Network Level
Ensuring Security at Application Level
Ensuring Security at Web Container Level (Tomcat)
Ensuring Security in Orcale
Security Maintenance and Monitoring
Other Popular Courses
Mastering Communication & Presentation Te...
- Duration: 4 Days
- Language: Danish
- Level: Intermediate
- Exam: MCPT
Next Generation Mindfulness
- Duration: 1 Days
- Language: English
- Level: Foundation
- Exam: NGM
Nutanix Multicloud Infrastructure Design (NMC...
- Duration: 1 Days
- Language: English
- Level: Advanced
- Exam: Nutanix Certifi