Certified Application Security Engineer (CASE)

Inquire now

Duration 3 days – 21 hrs

 

Overview

 

The Certified Application Security Engineer (C|ASE) program by EC-Council is an advanced training that focuses on securing applications across the Software Development Lifecycle (SDLC). It provides developers, testers, and security professionals with in-depth knowledge and practical techniques to design, develop, test, and maintain secure applications. Participants will gain expertise in secure coding practices, application architecture, security requirements gathering, and advanced testing methodologies.

 

Objectives

 

  • Identify and mitigate application vulnerabilities and attack vectors.
  • Integrate security into every phase of the SDLC.
  • Apply secure coding standards for input validation, authentication, authorization, cryptography, session management, and error handling.
  • Conduct Static and Dynamic Application Security Testing (SAST & DAST).
  • Deploy applications securely and ensure long-term security mai

 

Audience

  • Software Developers (Java or .NET focus)
  • Application Security Engineers / Analysts
  • Software Testers and QA Professionals
  • Security Consultants and Auditors
  • System Architects involved in application design
  • Professionals seeking C|ASE certification

 

Prerequisites

  • Basic knowledge of programming (Java, .NET, or equivalent).
  • Familiarity with application development lifecycle.
  • Understanding of IT security fundamentals (recommended).

Course Content

 

Module 1: Understanding Application Security, Threats, and Attacks

 

  • Overview of Application Security
  • Common Vulnerabilities (OWASP Top 10)
  • Threat Modeling and Risk Analysis
  • Exploitation Techniques (SQL Injection, XSS, CSRF, etc.)
  • Case Studies of Real-World Breaches

 

Module 2: Security Requirements Gathering

 

  • Importance of Security in Requirements Phase
  • Identifying Security Goals and Constraints
  • Regulatory and Compliance Requirements (GDPR, HIPAA, PCI-DSS)
  • Security Requirements Traceability Matrix (SRTM)
  • Integrating Security in Agile and DevOps Environments

 

Module 3: Secure Application Design and Architecture

 

  • Principles of Secure Design
  • Defense in Depth and Layered Security
  • Secure Architectural Patterns (MVC, Microservices, Zero Trust)
  • Threat Modeling Tools (STRIDE, DREAD, PASTA)
  • Design Flaws vs Coding Flaws

 

Module 4: Secure Coding Practices – Input Validation

 

  • Input Validation Fundamentals
  • Whitelisting vs Blacklisting
  • Handling User Input and Sanitization
  • Preventing Injection Attacks (SQLi, Command Injection)
  • Secure File Uploads and Path Traversal Protection

]

Module 5: Secure Coding Practices – Authentication & Authorization

 

  • Strong Authentication Mechanisms (MFA, Tokens, SSO)
  • Secure Password Management and Storage
  • Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)
  • Preventing Broken Authentication and Privilege Escalation
  • Session Hijacking Prevention

 

Module 6: Secure Coding Practices – Cryptography

 

  • Cryptographic Principles (CIA Triad, Hashing, Symmetric/Asymmetric Encryption)
  • Secure Use of Cryptographic APIs
  • Common Pitfalls (Hardcoded Keys, Weak Algorithms)
  • Secure Key Management Practices
  • Ensuring Data Integrity and Confidentiality

 

Module 7: Secure Coding Practices – Session Management

 

  • Secure Session Lifecycle (Creation, Maintenance, Destruction)
  • Secure Cookie Attributes (HttpOnly, Secure, SameSite)
  • Preventing Session Hijacking and Replay Attacks
  • Best Practices for Session IDs and Tokens
  • Timeout and Re-authentication Policies

 

Module 8: Secure Coding Practices – Error Handling

 

  • Importance of Secure Exception Handling
  • Avoiding Information Disclosure in Error Messages
  • Logging Best Practices (Centralized, Secure Logging)
  • Secure Debugging and Stack Trace Management
  • Failing Securely vs Failing Open

 

Module 9: Static and Dynamic Application Security Testing (SAST & DAST)

 

  • Introduction to Application Security Testing
  • Static Application Security Testing (Code Analysis, Tools like SonarQube, Checkmarx)
  • Dynamic Application Security Testing (Runtime Testing, Tools like Burp Suite, OWASP ZAP)
  • Automated vs Manual Testing
  • Integrating Testing into CI/CD Pipelines (DevSecOps)

 

Module 10: Secure Deployment and Maintenance

 

  • Secure Build and Deployment Processes
  • Hardening Application Servers and Containers
  • Secure Configuration Management
  • Patch Management and Continuous Updates
  • Monitoring and Incident Response for Applications
  • Post-Deployment Security Reviews and Audits

 

Inquire now

Related Courses

Placeholder

CYBER SECURITY

Deep Security

Placeholder

CYBER SECURITY

Web Security and Penetration Testing

Placeholder

CYBER SECURITY

Certified Information System Security Professional

Placeholder

CYBER SECURITY

Beyond Ethical Hacking – Advanced Software Security

Placeholder

CYBER SECURITY

Application Security in the Cloud

Placeholder

CYBER SECURITY

Combined JAVA, PHP and Web Application Security

Placeholder

CYBER SECURITY

Cybersecurity Fundamentals

Placeholder

CYBER SECURITY

Security Analyst

Placeholder

CYBER SECURITY

Web Security

Placeholder

CYBER SECURITY

Standard Java Security

Placeholder

CYBER SECURITY

DevOps Security: Creating a DevOps Security Strategy

Placeholder

CYBER SECURITY

Web Application Security Testing

Placeholder

CYBER SECURITY

Android Java and Native Code Security

Placeholder

CYBER SECURITY

Cybersafe

Placeholder

CYBER SECURITY

Information Security Management Principles

Placeholder

CYBER SECURITY

Network Security and Secure Communication

Best selling courses

Placeholder

DEV OPS / CONTAINERS

Ansible Automation Tower Training

Placeholder

LOGISTICS

IMPEX Mastery: Import & Export Documentation and BESA Online PTAP System

Placeholder

DEV OPS / CONTAINERS

Gradle, Maven, and Selenium for Developers and QA Teams

Placeholder

BUSINESS INTELLIGENCE

Power Apps and Power Automate

Placeholder

DEV OPS / CONTAINERS

Kubernetes Fundamentals for Cloud-Native Applications

Placeholder

CLOUD COMPUTING

Enterprise Architecture

Training Inquiry Information

    We use cookies on our website to personalize your experience by storing your preferences and recognizing repeat visits. By clicking “Accept”, you agree to the use of all cookies. You can also select “Cookie Settings” to adjust your preferences and provide more specific consent. Cookie Policy

    More info Accept