Certified Application Security Engineer Java (CASE JAVA)
Overview:
The Certified Application Security Engineer (CASE) credential was developed in partnership with application and software development experts globally.
The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.
The CASE certified training program was developed to prepare software professionals with the capabilities that are expected by employers and academia globally. It is designed to be a hands-on, comprehensive application security training course to teach software professionals to create secure applications.
The training program encompasses security activities involved in all phases of the secure SDLC: planning, creating, testing, and deploying an application.
Unlike other application security trainings, CASE goes beyond just the guidelines on secure coding practices and includes secure requirement gathering, robust application design, and handling security issues in the post development phases of application development.
This makes CASE one of the most comprehensive application security certifications for secure software development on the market today. It’s desired by software application engineers, analysts, and testers from around the world and is respected by hiring authorities.
Duration:
24 hours.
Objectives:
After completing this course, students will be able to:
- In-depth understanding of secure SDLC and secure SDLC models
- Knowledge of OWASP Top 10, threat modelling, SAST and DAST
- Capturing security requirements of an application in development
- Defining, maintaining, and enforcing application security best practices
- Performing manual and automated code review of application
- Conducting application security testing for web applications to assess the vulnerabilities
- Driving development of a holistic application security program
- Rating the severity of defects and publishing comprehensive reports, detailing associated risks and mitigations
- Working in teams to improve security posture
- Application security scanning technologies such as AppScan, Fortify, WebInspect, static application security testing (SAST), dynamic application security testing (DAST), single sign on, and encryption
- Following secure coding standards that are based on industry-accepted best practices such as
- OWASP Guide, or CERT Secure Coding to address common coding vulnerabilities.
- Creating a software source code review process that is a part of the development cycles (SDLC, Agile, CI/CD)
Intended Audience:
- Java Developers with a minimum of 2 years of experience and individuals who want to become application security engineers, analysts, or testers.
- Individuals involved in the role of developing, testing, managing, or protecting applications
Course outlines:
1. Understanding Application Security, Threats, and Attacks
After completing this course, students will be able to:
- Understand the need and benefits of application security
- Demonstrate the understanding of common application-level attacks
- Explain the causes of application-level vulnerabilities
- Explain various components of comprehensive application security
- Explain the need and advantages of integrating security in Software Development Life Cycle (SDLC)
- Differentiate functional vs security activities in SDLC
- Explain Microsoft Security Development Lifecycle (SDL)
- Demonstrate the understanding of various software security reference standards, models, and frameworks
2. Security Requirements Gathering
After completing this course, students will be able to:
- Understand the importance of gathering security requirements
- Explain security requirement Engineering (SRE) and its phases
- Demonstrate the understanding of Abuse Cases and Abuse Case Modeling
- Demonstrate the understanding of Security Cases and Security Case Modeling
- Demonstrate the understanding of Abuser and Security Stories
- Explain Security Quality Requirement Engineering (SQUARE) model
- Explain Operationally Critical Threat Asset, and Vulnerability Evaluation (OCTAVE) Model
3. Secure Application Design and Architecture
After completing this course, students will be able to:
- Understanding the importance of secure application design
- Explain various secure design principles
- Demonstrate the understanding of threat modeling
- Explain threat modeling process
- Explain STRIDE and DREAD Model
- Demonstrate the understanding of Secure Application Architecture Design
4. Secure Coding Practices for Input Validation
After completing this course, students will be able to:
- Understand the need of input validation
- Explain data validation techniques
- Explain data validation in strut framework
- Explain data validation in Spring framework
- Demonstrate the knowledge of common input validation errors
- Demonstrate the knowledge of common secure coding practices for input validation
5. Secure Coding Practices for Authentication and Authorization
After completing this course, students will be able to:
- Understand authentication concepts
- Explain authentication implementation in Java
- Demonstrate the knowledge of authentication weaknesses and prevention
- Understand authorization concepts
- Explain Access Control Model
- Explain EJB authorization
- Explain Java Authentication and Authorization (JAAS)
- Demonstrate the knowledge of authorization common mistakes and countermeasures
- Explain Java EE security
- Demonstrate the knowledge of authentication and authorization in Spring Security Framework
- Demonstrate the knowledge of defensive coding practices against broken authentication and authorization
6. Secure Coding Practices for Cryptography
After completing this course, students will be able to:
- Understanding fundamental concepts and need of cryptography in Java
- Explain encryption and secret keys
- Demonstrate the knowledge of cipher class implementation
- Demonstrate the knowledge of digital signature and its implementation
- Demonstrate the knowledge of Secure socket Layer (SSL) and its implementation
- Explain Secure Key Management
- Demonstrate the knowledge of digital certificate and its implementation
- Demonstrate the knowledge of Hash Implementation
- Explain Java Card Cryptography
- Explain Crypto Module in Spring Security
- Demonstrate the understanding of Do’s and Don’ts in Java Cryptography
7. Secure Coding Practices for Session Management
After completing this course, students will be able to:
- Explain various session management Java
- Demonstrate the knowledge of session management in Spring framework
- Demonstrate the knowledge of session vulnerabilities and their mitigation techniques
- Demonstrate the knowledge of best practices and guidelines for secure session management
8. Secure Coding Practices for Error Handling
After completing this course, students will be able to:
- Explain Exception and Error Handling in Java
- Explain erroneous exceptional behaviors
- Demonstrate the knowledge of do’s and don’ts in error handling
- Explain Spring MVC error handling
- Explain Exception Handling in struts2
- Demonstrate the knowledge of best practices for error handling
- Explain to Logging in Java
- Demonstrate the knowledge of Log4j for logging
- Demonstrate the knowledge of coding techniques for secure logging
- Demonstrate the knowledge of best practices for logging
9. Static and Dynamic Application Security Testing (SAST & DAST)
After completing this course, students will be able to:
- Understanding Static Application Security Testing (SAST)
- Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities
- Explain Dynamic Application Security testing
- Demonstrate the knowledge of automated application vulnerability scanning tools to DAST
- Demonstrate the knowledge of proxy-based security testing tools to DAST
10. Secure Deployment and Maintenance
After completing this course, students will be able to:
- Understanding the importance of secure deployment
- Explain security practices at host level
- Explain security practices at network level
- Explain security practices at application level
- Explain security practices at web container level (Tomcat)
- Explain security practices at Oracle database level
- Explain security practices at SQL server level
- Demonstrate the knowledge of security maintenance and monitoring activities
Học trực tuyến
Học tại Hồ Chí Minh
Học tại Hà Nội