EC-Council, the world’s leading information security certification body, in its global mission to mitigate risks from cyber attacks, has introduced a brand-new application security training and certification program – Certified Application Security Engineer (C|ASE) for .NET and Java programming languages, on 20th June, 2018, in their live webcasted global launch. This program is said to be one of the most comprehensive application security training programs encompassing security requirements beyond secure coding.
In this training and certification program, EC-Council will train future application security engineers to generate secure applications, thereby generating fewer vulnerabilities and less risk for the consumer.
Despite there being over 21 million software developers globally, all web applications still remain vulnerable, meaning application security should be foremost on the security industry’s mind. .
The training program was designed to ensure that organizations mitigate the risk of losing millions of dollars to security compromises that may arise in every step of the application development process. The program is also designed to help individuals focus on security in their day-to-day job roles (in the Software Development Life Cycle (SDLC)), therefore ensuring that security is part of testers’, developers’, and network administrators’ daily work.
“Until a few years ago, network perimeter defense was considered to be the king of security. However today, that is just not enough,” says Jay Bavisi, President and CEO of the EC-Council Group, “This is 2018 and the hackers are smarter than before. They don’t just target the external layer of your network, which is already well-protected, rather they target internal vulnerabilities, in your application code.”
This certification was built in accordance with the NICE 2.0 Framework, “Securely Provision” category, to provide for the Job Task Analysis (JTA) of roles involved in application security.
While designing C|ASE, EC-Council focused on solving the problems that organizations face while dealing with application insecurity by highlighting application security threats and countering them through 10 comprehensive modules and 36 interactive labs.
The program includes detailed security requirements for every stage of the SDLC including understanding application security, threats, and attacks, security requirements gathering, secure application design and architecture, secure coding practices for input validation, secure coding practices for authentication and authorization, secure coding practices for cryptography, secure coding practices for session management, secure coding practices for error handling, static and dynamic application security testing (SAST and DAST), and secure deployment and maintenance.