EC-Council Certified Application Security Engineer (CASE).NET
Module 1: Understanding Application Security, Threats, and Attacks
– Exploring Secure Applications
– Necessity of Application Security
– Common Application Level Attacks
– Factors Leading to Application Vulnerability
– Components of Comprehensive Application Security
– Addressing Insecure Applications in Software Development
– Standards, Models, and Frameworks for Software Security
Module 2: Security Requirements Gathering
– Significance of Collecting Security Requirements
– Security Requirement Engineering (SRE)
– Modeling Abuse Cases and Security Use Cases
– Developing Abuser and Security Stories
– Engineering Security Quality Requirements (SQUARE)
– Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
Module 3: Secure Application Design and Architecture
– Evaluating Costs of Vulnerability Fixing in SDLC Phases
– Designing Secure Applications and Architecture
– Objectives of Secure Design Process
– Actions for Secure Design
– Principles of Secure Design
– Implementing Threat Modeling
– Application Decomposition
– Establishing Secure Application Architecture
Module 4: Secure Coding Practices for Input Validation
– Understanding Input Validation
– Importance of Input Validation
– Specifications for Input Validation
– Approaches to Input Validation
– Input Filtering
– Secure Coding Practices for Input Validation in Web Forms
– Secure Coding Practices for Input Validation in ASP.NET Core
– Secure Coding Practices for Input Validation in MVC
Module 5: Secure Coding Practices for Authentication and Authorization
– Managing Authentication and Authorization
– Common Threats in User Authentication and Authorization
– Authentication and Authorization in Web Forms
– Authentication and Authorization in ASP.NET Core
– Authentication and Authorization in MVC
– Defensive Techniques for Authentication and Authorization in Web Forms
– Defensive Techniques for Authentication and Authorization in ASP.NET Core
– Defensive Techniques for Authentication and Authorization in MVC
Module 6: Secure Coding Practices for Cryptography
– Understanding Cryptography
– Types of Ciphers
– Symmetric and Asymmetric Encryption Keys
– Functions and Applications of Cryptography
– Utilizing Cryptography to Counter Application Security Threats
– Cryptographic Attacks and Key Protection Techniques
– Securing .NET Applications from Cryptographic Attacks
– Utilizing .NET Cryptography Namespaces
– Defensive Coding Techniques for Symmetric and Asymmetric Encryption
– Implementing Hashing, Digital Signatures, and Certificates
– ASP.NET Core Specific Secure Cryptography Practices
Module 7: Secure Coding Practices for Session Management
– Managing User Sessions
– Session Management Techniques in ASP.NET
– Defending Against Broken Session Management
– Cookie-based and ViewState-based Session Management
– Secure Session Management Practices in ASP.NET Core
Module 8: Secure Coding Practices for Error Handling
– Understanding Exceptions and Runtime Errors
– Importance of Secure Error/Exception Handling
– Risks of Detailed Error Messages
– Designing Secure Error Messages
– Implementing Secure Exception Handling
– Defensive Coding Practices against Information Disclosure and Improper Error Handling
– Secure Error Handling Practices in ASP.NET Core
Module 9: Static and Dynamic Application Security Testing (SAST & DAST)
– Static Application Security Testing
– Manual Secure Code Review for Common Vulnerabilities
– SAST Findings and Reports
– Dynamic Application Security Testing
– Automated Application Vulnerability Scanning Tools
– Proxy-based Security Testing Tools
– Choosing Between SAST and DAST
Module 10: Secure Deployment and Maintenance
– Implementing Secure Deployment
– Security Considerations at Various Deployment Levels
– Ensuring Security at Host, Network, and Application Levels
– Web Application Firewall (WAF)
– Security at IIS, .NET, and SQL Server Levels
– Security Maintenance and Monitoring