EC-Council CASE Java Exam Syllabus

CASE Java PDF, 312-96 Dumps, 312-96 PDF, CASE Java VCE, 312-96 Questions PDF, EC-Council 312-96 VCE, EC-Council CASE Java Dumps, EC-Council CASE Java PDFUse this quick start guide to collect all the information about EC-Council CASE Java (312-96) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 312-96 EC-Council Application Security Engineer - Java exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual EC-Council CASE Java certification exam.

The EC-Council CASE Java certification is mainly targeted to those candidates who want to build their career in Application Security domain. The EC-Council Certified Application Security Engineer (CASE) - Java exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of EC-Council CASE Java.

EC-Council CASE Java Exam Summary:

Exam Name EC-Council Certified Application Security Engineer (CASE) - Java
Exam Code 312-96
Exam Price $450 (USD)
Duration 120 mins
Number of Questions 50
Passing Score 70%
Books / Training Master Class
Schedule Exam Pearson VUE OR EC-Council StoreECC Exam Center
Sample Questions EC-Council CASE Java Sample Questions
Practice Exam EC-Council 312-96 Certification Practice Exam

EC-Council 312-96 Exam Syllabus Topics:

Topic Details Weights
Understanding Application Security, Threats, and Attacks - Understand the need and benefits of application security
- Demonstrate the understanding of common application-level attacks
- Explain the causes of application-level vulnerabilities
- Explain various components of comprehensive application security
- Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ)
- Differentiate functional vs security activities in SDLC
- Explain Microsoft Security Development Lifecycle (SDU)
- Demonstrate the understanding of various software security reference standards, models, and frameworks
Security Requirements Gathering - Understand the importance of gathering security requirements
- Explain Security Requirement Engineering (SRE) and its phases
- Demonstrate the understanding of Abuse Cases and Abuse Case Modeling
- Demonstrate the understanding of Security Use Cases and Security Use Case Modeling
- Demonstrate the understanding of Abuser and Security Stories
- Explain Security Quality Requirements Engineering (SQUARE) Model
- Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model
Secure Application Design and Architecture - Understand the importance of secure application design
- Explain various secure design principles
- Demonstrate the understanding of threat modeling
- Explain threat modeling process
- Explain STRIDE and DREAD Model
- Demonstrate the understanding of Secure Application Architecture Design
Secure Coding Practices for Input Validation - Understand the need of input validation
- Explain data validation techniques
- Explain data validation in strut framework
- Explain data validation in Spring framework
- Demonstrate the knowledge of common input validation errors
- Demonstrate the knowledge of common secure coding practices for input validation
Secure Coding Practices for Authentication and Authorization - Understand authentication concepts
- Explain authentication implementation in Java
- Demonstrate the knowledge of authentication weaknesses and prevention
- Understand authorization concepts
- Explain Access Control Model
- Explain EJB authorization
- Explain Java Authentication and Authorization (JAAS)
- Demonstrate the knowledge of authorization common mistakes and countermeasures
- Explain Java EE security
- Demonstrate the knowledge of authentication and authorization in Spring Security Framework
- Demonstrate the knowledge of defensive coding practices against broken authentication and authorization
Secure Coding Practices for Cryptography - Understand fundamental concepts and need of cryptography In Java
- Explain encryption and secret keys
- Demonstrate the knowledge of cipher class Implementation
- Demonstrate the knowledge of digital signature and Its Implementation
- Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation
- Explain Secure Key Management
- Demonstrate the knowledgeofdigital certificate and its implementation
- Demonstrate the knowledge of Hash implementation
- Explain Java Card Cryptography
- Explain Crypto Module in Spring Security
- Demonstrate the understanding of Do's and Don'ts in Java Cryptography
Secure Coding Practices for Session Management - Explain session management in Java
- Demonstrate the knowledge of session management in Spring framework
- Demonstrate the knowledge of session vulnerabilities and their mitigation techniques
- Demonstrate the knowledge of best practices and guidelines for secure session management
Secure Coding Practices for Error Handling - Explain Exception and Error Handling in Java
- Explain erroneous exceptional behaviors
- Demonstrate the knowledge of do's and don'ts in error handling
- Explain Spring MVC error handing
- Explain Exception Handling in Struts2
- Demonstrate the knowledge of best practices for error handling
- Explain to Logging in Java
- Demonstrate the knowledge of Log4j for logging
- Demonstrate the knowledge of coding techniques for secure logging
- Demonstrate the knowledge of best practices for logging
Static and Dynamic Application Security 'resting (SAST & DAST) - Understand Static Application Security Testing (SAST)
- Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities
- Explain Dynamic Application Security Testing
- Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST
- Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST
Secure Deployment and Maintenance - Understand the importance of secure deployment
- Explain security practices at host level
- Explain security practices at network level
- Explain security practices at application level
- Explain security practices at web container level (Tomcat)
- Explain security practices at Oracle database level
- Demonstrate the knowledge of security maintenance and monitoring activities

To ensure success in EC-Council CASE Java certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for EC-Council Application Security Engineer - Java (312-96) exam.

Rating: 5 / 5 (33 votes)