The Certified Application Security Engineer (CASE) focuses on secure application software development processes. It is a, hands-on, comprehensive application security course that will help you create a secure application software.
This course encompasses security activities involved in all phases of the Secure Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application.
Unlike other application security trainings, CASE goes beyond just the guidelines on secure coding practices to include secure requirement gathering, robust application design, and handling security issues in post development phases of application development.
The CASE certification exam and training program prepare application security engineers, analysts, testers, and anyone with exposure to any phase of SDLC to build secure applications that are robust enough to meet today’s challenging operational environment by focusing not just on secure coding, but much more.
This makes CASE one of the most comprehensive certifications on the market today.
It’s desired by software application engineers, analysts, testers globally, and respected by hiring authorities.
The Gap Between Patching Software and Security Is Vast! The .Net framework has increased in popularity because of its open source nature, interoperability, language independence, library of codes and ease of deployment.
It’s become the preferred choice for application developers. However, there are not many classes that teach developers how to ensure their code is secure as well as correct.
Moreover, any gap in the application development and deployment process can be damaging. .Net developers often learn security on the job.
This is primarily because the basic education of programming does not usually cover or emphasize security concerns.
Java Based Applications: The Most Popular and Yet the Most Vulnerable?
According to the 2017 State of Software Security Report, nearly 90% of Java applications contain one or more vulnerable component, making them ideal breach points for hostile attackers.
Although Java has come a long way from its development in 1995, cyber crime has also spread, reaching epidemic levels, increasing the need for secure Java developers, regardless of whether they’re creating a new program or upgrading an old one.
Course Outline of CASE
Understanding Application Security, Threats, and Attacks.
Security Requirements Gathering.
Secure Application Design and Architecture.
Secure Coding Practices for Input Validation.
Secure Coding Practices for Authentication and Authorization.
Secure Coding Practices for Cryptography.
Secure Coding Practices for Session Management.
Secure Coding Practices for Error Handling.
Static and Dynamic Application Security Testing (SAST & DAST).
Secure Deployment and Maintenance.
With the technology and pain points changing daily it is vital to make sure your education investment is well spent.
So, where do you start? We are so glad you asked.
Eligibility Criteria To be eligible to challenge the CASE Exam, the candidate must either:
Complete the official EC-Council CASE training through an accredited EC-Council Partner (Accredited Training Centre/ iWeek/ iLearn) (All candidates are required to pay the USD100 application fee unless your training fee already includes this) .
Be an ECSP (.NET/ Java) member in good standing (you need not pay a duplicate application fee, as this fee has already been paid).
Have a minimum of 2 years working experience in InfoSec/ Software domain (you will need to pay USD 100 as a non-refundable application fee).
Have any other industry equivalent certifications such as GSSP .NET/Java (you will need to pay USD 100 as a non-refundable application fee)