Certified Application Security Engineer Java (CASE JAVA)

Overview

The Certified Application Security Engineer (CASE) credential equips software professionals with critical security skills and knowledge required throughout the software development lifecycle (SDLC). Developed in collaboration with global application and software development experts, CASE emphasizes the implementation of secure methodologies and practices in today’s insecure operating environments.

Unlike other application security trainings, CASE covers secure requirement gathering, robust application design, and handling security issues post-development, making it one of the most comprehensive application security certifications available. This course is desired by software application engineers, analysts, and testers worldwide and is respected by hiring authorities.

Duration

24 hours

Objectives

Upon completion of this course, students will be able to:

  • Gain an in-depth understanding of secure SDLC and its models.
  • Familiarize with OWASP Top 10, threat modeling, SAST, and DAST.
  • Capture security requirements during application development.
  • Define, maintain, and enforce application security best practices.
  • Perform manual and automated code reviews.
  • Conduct application security testing for web applications.
  • Develop a holistic application security program.
  • Rate defect severity and publish comprehensive reports.
  • Work in teams to improve security posture.
  • Utilize application security scanning technologies.
  • Follow secure coding standards based on industry best practices.
  • Establish a software source code review process integrated into development cycles (SDLC, Agile, CI/CD).

Intended Audience

  • Java Developers with a minimum of 2 years of experience
  • Individuals aspiring to become application security engineers, analysts, or testers.
  • Professionals involved in developing, testing, managing, or protecting applications.

Course Outline

  1. Understanding Application Security, Threats, and Attacks
  • Importance and benefits of application security
  • Common application-level attacks and vulnerabilities
  • Integrating security into SDLC
  • Software security reference standards, models, and frameworks

2. Security Requirements Gathering

    • Importance of gathering security requirements
    • Security requirement engineering (SRE) and its phases
    • Abuse case modeling and security stories
    • Security quality requirement engineering (SQUARE) model
    • Operationally Critical Threat Asset, and Vulnerability Evaluation (OCTAVE) Model

    3. Secure Application Design and Architecture

      • Secure design principles
      • Threat modeling process (STRIDE and DREAD Model)
      • Secure Application Architecture Design

      4. Secure Coding Practices for Input Validation

        • Data validation techniques in Java
        • Common input validation errors and secure coding practices
        • Input validation in frameworks like Struts and Spring

        5. Secure Coding Practices for Authentication and Authorization

          • Authentication and authorization concepts and implementation in Java
          • Access Control Model and EJB authorization
          • Authentication and authorization in Spring Security Framework

          6. Secure Coding Practices for Cryptography

            • Fundamental concepts and need of cryptography in Java
            • Encryption, digital signatures, SSL, and Java Card Cryptography
            • Secure Key Management and digital certificates

            7. Secure Coding Practices for Session Management

              • Session management in Java and Spring framework
              • Session vulnerabilities and mitigation techniques
              • Best practices and guidelines for secure session management

              8. Secure Coding Practices for Error Handling

                • Exception and error handling in Java
                • Do’s and don’ts in error handling
                • Logging in Java and best practices for secure logging

                9. Static and Dynamic Application Security Testing (SAST & DAST)

                  • Static Application Security Testing (SAST) and manual code review techniques
                  • Dynamic Application Security Testing (DAST) and automated vulnerability scanning tools
                  • Proxy-based security testing tools for DAST

                  10. Secure Deployment and Maintenance

                  • Secure deployment practices at various levels (host, network, application, etc.)
                  • Security maintenance and monitoring activities
                  • Security practices at the web container level (Tomcat) and database levels (Oracle, SQL Server)

                    Conclusion

                    The CASE JAVA certification provides Java developers with the essential skills and knowledge to ensure the security of applications throughout the SDLC. Covering secure coding practices, testing methodologies, and deployment strategies specific to Java environments, CASE JAVA prepares professionals to address the unique challenges of application security in Java-based applications.