Certified Application Security Engineer (CASE) Java

4.5/5

The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally. The CASE exam ensures that candidates are familiar with the OSSTMM methodology and have a mastery of various framework, secure coding techniques, and best practices throughout the SDLC; furthermore, it validates an individual’s ability to adhere to secure design standards as established by industry leaders in numerous disciplines including software architecture, code assessment, threat discovery/mitigation, security training, testing & authentication and penetration testing. 

The CASE certified training program was developed in concurrent with the software industry itself – to prepare for what companies and academic institutions alike were looking for. The course is hands-on, comprehensive, and involves security activities that take place throughout application development lifecycle. You can learn how to create applications that are secure, beginning with planning all the way up to deployment – the whole Software Development Lifecycle.

EC-Council-removebg-preview

Training Options

Classroom Training

Online Instructor Led

Onsite Training

Course Information

Understanding Application Security, Threats and Attacks

  • What is a Secure Application
  • Need for Application Security
  • Most Common Application Level Attacks
  • Why Applications become Vulnerable to Attacks
  • What Consistutes Comprehensive Application Security
  • Insecure Application: A Software Development Problem
  • Software Security Standards, Models and Frameworks

Security Requirements Gathering

  • Importance of Gathering Security Requirements
  • Security Requirement Engineering (SRE)
  • Abuse Case and Security Use Case Modeling
  • Abuser amd Security Stories
  • Security Quality Requirements Engneering (SQUARE)
  • Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)

Secure Application Design and Architecture

  • Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
  • Secure Application Design and Architecture
  • Goal of Secure Design Process
  • Secure Design Actions
  • Secure Design Principles
  • Threat Modeling
  • Decompose Application
  • Secure Application Architecture

Secure Coding Practices for Input Validation

  • Input Validation Pattern
  • Validation and Security Issues
  • Impact of Invalid Data Input
  • Data Validation Techniques
  • Input Validation using Frameworks and APIs
  • Open Source Validation Framework for Java
  • Servlet Filters Validation Filters for Servlet
  • Data Validation using OWASP ESAPI
  • Data Validation: Struts Framework
  • Data Validation: Spring Framework
  • Input Validation Errors
  • Common Secure Coding Practices

» Show More 👇

Secure Coding Practices for Authentication and Authorization

  • Introduction to Authentication
  • Types of Authentication
  • Authentication Weaknesses and Prevention
  • Introduction to Authorization
  • Access Control Model
  • EJB Authorization
  • Java Authentication and Authorization (JAAS)
  • Java EE Security
  • Authorization Common Mistakes and Countermeasures
  • Authentication and Authorization in Spring Security Framework
  • Defensive Coding Practices against Broken Authentication and Authorization
  • Secure Development Checklists: Broken Authentication and Session Management

Secure Coding Practices for Cryptography

  • Java Cryptographic
  • Encryption and Secret Keys
  • Cipher Class
  • Digital Signatures
  • Secure Socket Layer (SSL)
  • Key Management
  • Digital Signatures
  • Signed Code Sources
  • Hashing
  • Java Card Cryptography
  • Spring Security: Crypto Module
  • Do's and Dont's in Java Cryptography
  • Best Practices for Java Cryptography

Secure Coding Practices for Session Management

  • Session Management
  • Session Tracking
  • Session Management in Spring Security
  • Session Vulnerabilities and their Mitigation Techniques
  • Best Practices and Guidelines for Secured Sessions Management
  • Checklist to Secure Credentials and Session ID's
  • Guidelines for Secured Session Management

Secure Coding Practices for Error Handling

  • Introduction to exceptions
  • Erroneous Exceptional Behaviors
  • Dos and Don'ts in Error Handling
  • Spring MVC Error Handling
  • Exception Handling in Struts 2
  • Best Practices for Error Handling
  • Introduction to Logging
  • Logging using Log4j
  • Secure Coding in Logging

Static and Dynamic Application Security Testing (SAST and DAST)

  • Static Application Security Testing
  • Manual Secure Code Review for Most Common Vulnerabilities
  • Code Review: Check List Approach
  • SAST Finding
  • SAST Report
  • Dynamic Application Security Testing
  • Automated Application Vulnerability Scanning Tools
  • Proxy-based Security Testing Tools
  • Choosing between SAST and DAST

Secure Deployment and Maintenance

  • Secure Deployment
  • Prior Deployment Activity
  • Deployment Activities: Ensuring Security at Various Levels
  • Ensuring Security at Host Level
  • Ensuring Security at Network Level
  • Ensuring Security at Application Level
  • Ensuring Security at Web Container Level (Tomcat)
  • Ensuring Security in Oracle
  • Security Maintenance and Monitoring

» Show Less 👆

Audience Profile

Individuals involved in the role of developing, testing, managing, or protecting a wide area of applications or individuals hoping to become application security engineers/analysts/testers.

100% Business Fulfilment

Request more Information

    Corporate Training Options

    Online Instructor Led

    Live, Online Training by top Instructors and practitioners across the globe.

    Onsite
    Training

    Conduct training at the work location you desired.

    Classroom Training

    The Venue will be ideally located and easy to access with covid-19 SOP's.

    Overseas Training

    Travel to any desired location for your training.

    What People say?

    Mohammed Aljbreen Operation Specialist, SAMA

    The Clarity of the Content was very good. The explanation of the trainer with in-depth knowledge in a proper flow really impressed me to give 5 star rating.

    Arindam Chakraborty Systems Specialist, King Abdullah University of Sciences & Technology

    The Instructor was really impressive. Clear cut explanation of every topic he covered with real time scenarios.

    Sher Afzal Khan Cloud Engineer, Cloud 9 Networks

    The Trainer and the Course Material, both are good. Good flow of explanation with simple examples. The complete training was focused on current industry challenges.

    Jawed Ahmad Siddiqui Sr. System Administrator, Saudi Ceramics

    The Trainer’s presentation was impressed me to continue the course till end. Never feel bore till the entire sessions. She studied our mindset and follows.

      Not sure,
      which course to choose?

      Our Clients across the Globe!

      Our Corporate Clients