Overview

The Certified Application Security Engineer (CASE) credential was developed in collaboration with software development experts worldwide to address the critical security skills and knowledge required throughout the software development lifecycle (SDLC). Emphasizing the importance of secure methodologies and practices in today’s insecure operating environment, CASE prepares software professionals to create secure applications.

Unlike other application security trainings, CASE covers secure requirement gathering, robust application design, and handling security issues post-development. This comprehensive approach makes CASE one of the most sought-after certifications for secure software development, respected by employers globally.

Duration

24 hours

Objectives

Upon completion of this course, students will be able to:

• Gain an in-depth understanding of secure SDLC and its models.
• Familiarize with OWASP Top 10, threat modeling, SAST, and DAST.
• Capture security requirements during application development.
• Define, maintain, and enforce application security best practices.
• Conduct manual and automated code reviews.
• Perform application security testing for web applications.
• Develop a holistic application security program.
• Rate defect severity and produce comprehensive reports.
• Collaborate in teams to improve security posture.
• Utilize application security scanning technologies.
• Implement secure coding standards based on industry best practices.
• Establish a software source code review process integrated into development cycles (SDLC, Agile, CI/CD).

Intended Audience

• .NET Developers with a minimum of 2 years of experience
• Individuals aspiring to become application security engineers, analysts, or testers.
• Professionals involved in developing, testing, managing, or protecting applications.

Course Outline

1. Understanding Application Security, Threats, and Attacks

• Benefits of application security
• Common application-level attacks and vulnerabilities
• Integrating security into SDLC
• Software security reference standards, models, and frameworks

2. Security Requirements Gathering

• Importance of gathering security requirements
• Security requirement engineering (SRE)
• Abuse case modeling and security stories
• Security quality requirement engineering (SQUARE)

3. Secure Application Design and Architecture

• Secure design principles
• Threat modeling process (STRIDE and DREAD Model)
• Secure application architecture design

4. Secure Coding Practices for Input Validation

• Robust input validation techniques
• Defensive coding against common attacks

5. Secure Coding Practices for Authentication and Authorization

• Authentication and authorization issues and techniques
• Implementation in Web Forms, ASP.NET Core, and MVC

6. Secure Coding Practices for Cryptography

• Symmetric and asymmetric encryption
• Hashing, digital signatures, and certificates
• ASP.NET Core-specific cryptography practices

7. Secure Coding Practices for Session Management

• Session management concepts and techniques
• Preventing session-related attacks

8. Secure Coding Practices for Error Handling

• Error and exception handling concepts
• Secure error handling practices

9. Static and Dynamic Application Security Testing (SAST & DAST)

• Static Application Security Testing (SAST)
• Manual code review techniques and automated scanning tools for DAST

10. Secure Deployment and Maintenance

• Security practices at various levels (host, network, application, etc.)
• Security maintenance and monitoring activities

Conclusion

The CASE .NET certification equips professionals with the knowledge and skills required to ensure the security of applications throughout their lifecycle. By covering secure coding practices, testing methodologies, and deployment strategies, CASE .NET prepares individuals to address the evolving challenges of application security in today’s digital landscape.