Welcome to AspireNetix Global Solutions
  • 203 Learners

COURSE INTRODUCTION

CASE Java online certification training at AspireNetix follows the complete curriculum of the EC-council Certified Application Security Engineer course. Our trainers are the expert in this field and will help you to enhance your knowledge of Core Java 8, operators, arrays, loops, methods, and constructors. We will also help you to experience the JDBC and J Unit framework. Java is the most common programming language in software development and our Certified Application Security Engineer Java online training will help you to gain expertise in web application development for virtually any computing platform. This training course includes the concepts of Java from introductory techniques to advanced programming skills, which you can learn at your own pace. During this training, you will also understand the importance of the implementation of secure methodologies and practices in today’s operating environment prone to vulnerabilities. This will further help you to learn the critical security skills and knowledge needed throughout a typical software development life cycle. AspireNetix’s EC-Council CASE Java Online Training is a complete package to be prepared for CASE Certification.

BENEFITS OF THE COURSE

Our CASE Java online certification training focuses on training the aspirant about each phase of the Software Development Lifecycle (SDLC) which are:

  • Planning,
  • Creating,
  • Testing, and
  • Deploying an application

This training will not only enhance your knowledge about Java but will also improve your abilities to create secure applications, which is one of the most important qualities of software professionals. After the completion of this online training, you will be able to :

  • Anticipate application security threats, risks, and attacks
  • Collect the requirements for application security
  • Build highly secure application design and architecture
  • Perform practices for secure coding that would validate inputs
  • Perform practices to secure coding for cryptography, enforcing session management, and effortless error handling
  • Understand the techniques to perform static and dynamic application security testing (sast and dast)
  • Securely deploy and maintain applications

Course Content

Understanding Application Security, Threats and Attacks

  • What is a Secure Application
  • Need for Application Security
  • Most Common Application Level Attacks
  • Why Applications become Vulnerable to Attacks
  • What Consistutes Comprehensive Application Security
  • Insecure Application: A Software Development Problem
  • Software Security Standards, Models and Frameworks

Security Requirements Gathering

  • Importance of Gathering Security Requirements
  • Security Requirement Engineering (SRE)
  • Abuse Case and Security Use Case Modeling
  • Abuser amd Security Stories
  • Security Quality Requirements Engneering (SQUARE)
  • Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)

Secure Application Design and Architecture

  • Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
  • Secure Application Design and Architecture
  • Goal of Secure Design Process
  • Secure Design Actions
  • Secure Design Principles
  • Threat Modeling
  • Decompose Application
  • Secure Application Architecture

Secure Coding Practices for Input Validation

  • Input Validation Pattern
  • Validation and Security Issues
  • Impact of Invalid Data Input
  • Data Validation Techniques
  • Input Validation using Frameworks and APIs
  • Open Source Validation Framework for Java
  • Servlet Filters Validation Filters for Servlet
  • Data Validation using OWASP ESAPI
  • Data Validation: Struts Framework
  • Data Validation: Spring Framework
  • Input Validation Errors
  • Common Secure Coding Practices

Secure Coding Practices for Authentication and Authorization

  • Introduction to Authentication
  • Types of Authentication
  • Authentication Weaknesses and Prevention
  • Introduction to Authorization
  • Access Control Model
  • EJB Authorization
  • Java Authentication and Authorization (JAAS)
  • Java EE Security
  • Authorization Common Mistakes and Countermeasures
  • Authentication and Authorization in Spring Security Framework
  • Defensive Coding Practices against Broken Authentication and Authorization
  • Secure Development Checklists: Broken Authentication and Session Management

Secure Coding Practices for Cryptography

  • Java Cryptographic
  • Encryption and Secret Keys
  • Cipher Class
  • Digital Signatures
  • Secure Socket Layer (SSL)
  • Key Management
  • Digital Signatures
  • Signed Code Sources
  • Hashing
  • Java Card Cryptography
  • Spring Security: Crypto Module
  • Do's and Dont's in Java Cryptography
  • Best Practices for Java Cryptography

Secure Coding Practices for Session Management

  • Session Management
  • Session Tracking
  • Session Management in Spring Security
  • Session Vulnerabilities and their Mitigation Techniques
  • Best Practices and Guidelines for Secured Sessions Management
  • Checklist to Secure Credentials and Session ID's
  • Guidelines for Secured Session Management

Secure Coding Practices for Error Handling

  • Introduction to exceptions
  • Erroneous Exceptional Behaviors
  • Dos and Don'ts in Error Handling
  • Spring MVC Error Handling
  • Exception Handling in Struts 2
  • Best Practices for Error Handling
  • Introduction to Logging
  • Logging using Log4j
  • Secure Coding in Logging

Static and Dynamic Application Security Testing (SAST and DAST)

  • Static Application Security Testing
  • Manual Secure Code Review for Most Common Vulnerabilities
  • Code Review: Check List Approach
  • SAST Finding
  • SAST Report
  • Dynamic Application Security Testing
  • Automated Application Vulnerability Scanning Tools
  • Proxy-based Security Testing Tools
  • Choosing between SAST and DAST

Secure Deployment and Maintenance

  • Secure Deployment
  • Prior Deployment Activity
  • Deployment Activities: Ensuring Security at Various Levels
  • Ensuring Security at Host Level
  • Ensuring Security at Network Level
  • Ensuring Security at Application Level
  • Ensuring Security at Web Container Level (Tomcat)
  • Ensuring Security in Orcale
  • Security Maintenance and Monitoring

COURSE PREREQUISITE

  • There is no prerequisite for this course but we recommend to have a basic understanding of Java programming, application development, and SDLC. This will help in understanding the training and earning your certification easier for you.

TARGET AUDIENCE

This course is the most suitable for

  • Java Developers with a minimum of 2 years of experience
  • aspirants who are interested in becoming application security engineers/analysts/testers
  • professionals involved in the role of developing, testing, managing, or protecting the wide area of applications

EXAM DETAILS

  • Certification Name:Certified Application Security Engineer (CASE) Java
  • Duration:2 Hours
  • Number of questions:50
  • Passing Score: 70%
  • Format: Multiple Choice Questions

WHAT PEOPLE SAYS