EC-Council Certified Application Security Engineer (CASE).NET

Price
$2,097.00 USD

Duration
3 Days

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information

Download Course Details

Course Details Only
Course Details & Schedule

Skip to Class Dates

Course Overview

The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally. The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment. The CASE certified training program is developed concurrently to prepare software professionals with the necessary capabilities that are expected by employers and academia globally. It is designed to be a hands-on, comprehensive application security course that will help software professionals create secure applications. The training program encompasses security activities involved in all phases of the Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application. Unlike other application security trainings, CASE goes beyond just the guidelines on secure coding practices and includes secure requirement gathering, robust application design, and handling security issues in post development phases of application development. This makes CASE one of the most comprehensive certifications on the market today. It is desired by software application engineers, analysts, testers globally, and respected by hiring authorities.

Course Objectives

In-depth understanding of secure SDLC and secure SDLC models
Knowledge of OWASP Top 10, threat modelling, SAST and DAST
Capturing security requirements of an application in development
Defining, maintaining, and enforcing application security best practices
Performing manual and automated code review of application
Conducting application security testing for web applications to assess the vulnerabilities
Driving development of a holistic application security program
Rating the severity of defects and publishing comprehensive reports, detailing associated risks and mitigations
Working in teams to improve security posture
Application security scanning technologies such as AppScan, Fortify, WebInspect, static application security testing (SAST), dynamic application security testing (DAST), single signon, and encryption
Following secure coding standards that are based on industry-accepted best practices such as OWASP Guide, or CERT Secure Coding to address common coding vulnerabilities.
Creating a software source code review process that is a part of the development cycles (SDLC, Agile, CI/CD)

Who Should Attend?

Individuals who want to become application security engineers/analysts/testers. Individuals involved in the role of developing, testing, managing, or protecting wide area of applications

Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Learning Credits: Learning Credits can be purchased well in advance of your training date to avoid having to commit to specific courses or dates. Learning Credits allow you to secure your training budget for an entire year while eliminating the administrative headache of paying for individual classes. They can also be redeemed for a full year from the date of purchase. If you have previously purchased a Learning Credit agreement with New Horizons, you may use a portion of your agreement to pay for this class.

If you have questions about Learning Credits, please contact your Account Manager.

Corporate Tech Pass: Our Corporate Tech Pass includes unlimited attendance for a single person, in the following Virtual Instructor Led course types: Microsoft Office, Microsoft Technical, CompTIA, Project Management, SharePoint, ITIL, Certified Ethical Hacker, Certified Hacking Forensics Investigator, Java, Professional Development Courses and more. The full list of eligible course titles can be found at https://www.newhorizons.com/eligible.

If you have questions about our Corporate Tech Pass, please contact your Account Manager.

Course Prerequisites

.NET Developers with a minimum of 2 years of experience

Agenda

1 - Understanding Application Security, Threats, and Attacks

What is a Secure Application
Need for Application Security
Most Common Application Level Attacks
Why Applications become Vulnerable to Attacks
What Constitutes a Comprehensive Application Security?
Insecure Application: A Software Development Problem
Software Security Standards, Models, and Frameworks

2 - Security Requirements Gathering

Importance of Gathering Security Requirements
Security Requirement Engineering (SRE)
Abuse Case and Security Use Case Modeling
Abuser and Security Stories
Security Quality Requirements Engineering (SQUARE)
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

3 - Secure Application Design and Architecture

Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
Secure Application Design and Architecture
Goal of Secure Design Process
Secure Design Actions
Secure Design Principles
Threat Modeling
Decompose Application
Secure Application Architecture

4 - Secure Coding Practices for Input Validation

Input Validation
Why Input Validation?
Input Validation Specification
Input Validation Approaches
Input Filtering
Secure Coding Practices for Input Validation: Web Forms
Secure Coding Practices for Input Validation: ASP.NET Core
Secure Coding Practices for Input Validation: MVC

5 - Secure Coding Practices for Authentication and Authorization

Authentication and Authorization
Common Threats on User Authentication and Authorization
Authentication and Authorization: Web Forms
Authentication and Authorization: ASP.NET Core
Authentication and Authorization: MVC
Authentication and Authorization Defensive Techniques: Web Forms
Authentication and Authorization Defensive Techniques: ASP.NET Core
Authentication and Authorization Defensive Techniques: MVC

6 - Secure Coding Practices for Cryptography

Cryptographic
Ciphers
Block Cipher Modes
Symmetric Encryption Keys
Asymmetric Encryption Keys
Functions of Cryptography
Use of Cryptography to Mitigate Common Application Security Threats
Cryptographic Attacks
Techniques Attackers Use to Steal Cryptographic Keys
What should you do to Secure .NET Applications from Cryptographic Attacks?
.NET Cryptography Namespaces
.NET Cryptographic Class Hierarchy
Symmetric Encryption
Symmetric Encryption: Defensive Coding Techniques
Asymmetric Encryption
Asymmetric Encryption: Defensive Coding Techniques
Hashing
Digital Signatures
Digital Certificates
XML Signatures
ASP.NET Core Specific Secure Cryptography Practices

7 - Secure Coding Practices for Session Management

Session Management
ASP.NET Session Management Techniques
Defensive Coding Practices against Broken Session Management
Cookie-based Session Management
ViewState-based Session Management
ASP.NET CORE: Secure Session Management Practices

8 - Secure Coding Practices for Error Handling

What are Exceptions/Runtime Errors?
Need of Secure Error/Exception Handling
Consequences of Detailed Error Message
Exposing Detailed Error Messages
Considerations: Designing Secure Error Messages
Secure Exception Handling
Handling Exceptions in an Application
Defensive Coding practices against Information Disclosure
Defensive Coding practices against Improper Error Handling
ASP.NET Core: Secure Error Handling Practices
Secure Auditing and logging
Tracing in .NET
Auditing and Logging Security Checklists

9 - Static and Dynamic Application Security Testing (SAST & DAST)

Static Application Security Testing
Manual Secure Code Review for Most Common Vulnerabilities
Code Review: Check List Approach
SAST Finding
SAST Report
Dynamic Application Security Testing
Automated Application Vulnerability Scanning Tools
Proxy-based Security Testing Tools
Choosing Between SAST and DAST

10 - Secure Deployment and Maintenance

Secure Deployment
Prior Deployment Activity
Deployment Activities: Ensuring Security at Various Levels
Ensuring Security at Host Level
Ensuring Security at Network Level
Ensuring Security at Application Level
Web Application Firewall (WAF)
Ensuing Security at IIS level
Sites and Virtual Directories
ISAPI Filters
Ensuring Security at .NET Level
Ensuring Security at SQL Server Level
Security Maintenance and Monitoring

Get in touch to schedule training for your team
We can enroll multiple students in an upcoming class or schedule a dedicated private training event designed to meet your organization’s needs.

Do You Have Additional Questions? Please Contact Us Below.

Contact Us about Starting Your Business Training Strategy with New Horizons