EC-Council Authorized Partner
Lifetime access to learning resources
Post training support
- Understanding a secure SDLC.
- Learning the OWASP Top 10, threat modeling, SAST, and DAST.
- Capturing the security requirements of an application in development.
- Defining, maintaining, and enforcing application security best practices.
- Performing manual/automated code reviews of applications.
- Conducting application security testing for web applications to assess vulnerabilities.
- Developing a holistic application security program.
- Rating the severity of defects.
- Publishing comprehensive reports detailing associated risks and mitigations.
- Working in teams to improve the security posture.
- Exploring application security scanning technologies like AppScan, Fortify, WebInspect, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Single Sign-on, and Encryption.
- Adopting secure coding standards based on industry-accepted best practices (OWASP Guide or CERT Secure Coding) for addressing common coding vulnerabilities.
- Creating a software source code review process as a part of development cycles (SDLC, Agile, CI/CD).
- .NET Developers with at least 2 years of experience.
- Individuals willing to become Application Security Engineers, Analysts, and Testers.
- The ones involved in developing, testing, managing, or protecting a wide area of applications.
- Those who wish to complete EC-Council's Application Security Engineer (CASE .NET) certification.
- Basic knowledge of the .NET framework, application development, and SDLC.
About the Exam
- Exam: 312-95: EC-Council CASE .NET.
- Skills Tested: Handling Common Application Security Vulnerabilities.
- Certification Awarded: Certified Application Security Engineer (CASE .NET).
- Exam Format: 50 Multiple-choice Questions and a 70% Passing Score.
- Duration: 2 Hours.
- Cost: (Training Provider Specific). Please verify for Vinsys.
Virtual Instructor-led Sessions
- 2 days Instructor-led Online Training
- Experienced Subject Matter Experts
- Approved and Quality Ensured training Material
- 24*7 leaner assistance and support
- Understanding the needs and benefits of application security.
- Understanding common application-level attacks.
- Describing the causes of application-level vulnerabilities.
- Explaining the components of comprehensive application security.
- Describing the needs and advantages of integrating security in the Software Development Life Cycle (SDLC).
- Differentiating functional vs. security activities in SDLC.
- Explaining the Microsoft Security Development Lifecycle.
- Understanding the software security reference standards, models, and frameworks.
- Understanding the importance of gathering security requirements.
- Describing Security Requirement Engineering (SRE) and its phases.
- Understanding Abuse Cases and Abuse Case Modeling.
- Understanding Security Use Cases and Security Use Case Modeling.
- Understanding Abuser and Security stories.
- Describing the Security Quality Requirements Engineering (SQUARE) model.
- Explaining Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) model.
- Understanding the importance of secure application design.
- Describing secure design principles.
- Understanding threat modeling.
- Explaining the threat modeling process.
- Describing STRIDE and DREAD models.
- Understanding the Secure Application Architecture Design.
- Understanding the relevance of robust input validation.
- Learning secure input validation techniques in Web Forms, ASP.NET Core, and MVC.
- Understanding defensive coding techniques against SQL Injection, XSS, Parameter Tampering, and Directory Traversal attacks.
- Understanding defensive coding techniques against Open Redirect vulnerabilities.
- Understanding authentication and authorization issues.
- Describing authentication/authorization in Web Forms, ASP.NET Core and MVC.
- Understanding authentication/authorization techniques in Web Forms, ASP.NET Core and MVC.
- Understanding cryptography in .NET.
- Describing symmetric encryption.
- Understanding defensive coding practices using symmetric encryption.
- Explaining asymmetric encryption.
- Understanding defensive coding practices using asymmetric encryption.
- Describing Hashing, Digital Signatures, and Digital Certificates.
- Understanding ASP.NET Core-specific secure cryptography practices.
- Understanding session management concepts.
- Describing session management techniques.
- Understanding defensive coding practices against hijacking, session replay, and session fixation attacks.
- Understanding the techniques for preventing sessions from cross-site scripting, client-side scripts, and CSRF attacks.
- Learning the techniques for preventing session attacks on ViewState.
- Understanding ASP.NET Core-specific secure session management techniques.
- Understanding error and exception handling concepts.
- Describing the need for secure exception handling.
- Learning defensive coding practices against information disclosure and improper error handling.
- Understanding secure error handling practices in ASP.NET Core.
- Explaining secure auditing and logging best practices.
- Describing Static Application Security Testing (SAST) concepts.
- Understanding manual secure code review techniques for common vulnerabilities.
- Explaining the Dynamic Application Security Testing.
- Acquiring the knowledge of automated application vulnerability scanning and proxy-based security testing tools for performing DAST.
- Understanding the importance of secure deployment.
- Describing security practices at host, network, application, IIS, .NET, and SQL Server levels.
- Acquiring knowledge of security maintenance and monitoring activities.
Applications and software are the keys to success for most organizations across sectors. Less than properly-secured or vulnerable apps and unsafe coding/deployment practices pose severe threats to businesses. Nearly 75% of all cyberattacks target web applications.
In spite of these alarming facts, many enterprises allow security considerations to take a backseat, resulting in frequent data breaches and information theft.
.NET is the preferred choice for application developers because of its open-source nature, interoperability, language independence, library of codes, and convenience of deployment. However, there is a substantial gap between the patching software and its security.
Most developers are not fully equipped to ensure their code is secure while being correct simultaneously, which often translates into damaging gaps in application development and deployment processes.
EC-Council's partnership with prominent application/software development experts.
Ensuring app-security is no longer considered an afterthought, and laying the foundations for application developers or development organizations to produce secure, stable, and less-risky applications.
The purpose also comprises enabling organizations to mitigate risks of losing millions due to security compromises, and encouraging individuals to give importance to security sacrosanct of their job roles in the SDLC.
Unlike other similar offerings, the CASE .NET training does not restrict itself to the guidelines on secure coding practices. Instead, it moves ahead for covering secure requirement-gathering, robust application-designing, and the correct handling of security issues in the post-development phases of application development.
Managing security in every phase of the SDLC is the most efficient way of creating highly secure applications. Security-focused solid design principles, rigorous coding, testing, and deployment practices enable applications to stand up to malicious attacks and reduce end-user/application-vendor ownership costs.
You and your employees add to their application security knowledge, gain multi-faceted skills, develop a holistic outlook incorporating pre/post-deployment techniques, successfully build secure applications, and establish strong credibility as App-security experts.
It is hands-on training with access to iLabs (EC-Council’s cloud-driven lab environment).
No. However, in such a scenario, to take the CASE .NET exam, you must validate yourself as an ECSP (.NET) member in good standing or bring a minimum 2 years' worth of experience working in the InfoSec/Software domain or hold other industry-equivalent certifications such as the GSSP .NET.
Besides being a globally-respected Individual/Corporate IT training provider, Vinsys is also admired as the top EC-Council Accredited Training Partner (ATP). Its unmatchable offerings, accredited instructors, customizable skilling programs and round-the-clock learner support ensure the most detailed upskilling experiences, a must for capitalizing on valuable .NET application security opportunities.