ECSP-banner-full-length-01

DOWNLOAD OUR CERTIFICATION TRACK

Download Now
CAST-616

EC-COUNCIL
CERTIFIED SECURE PROGRAMMER (ECSP)

Software defects, bugs, and flaws in the logic of a program are consistently the cause for software vulnerabilities. Analysis by software security professionals has proven that most vulnerabilities are due to errors in programming. Hence, it has become crucial for organizations to educate their software developers about secure coding practices.

Attackers scan for security vulnerabilities in applications and servers and attempt to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Sound programming techniques and best practices should be used to develop high quality code to prevent web application attacks. Secure programming is a defensive measure against attacks targeted towards application systems.

 ECSPNET-Banner

ECSP .NET

Course Description

The ECSP.Net course will be invaluable to software developers and programmers alike to code and develop highly secure applications and web applications. This is done throughout the software life cycle that involves designing, implementing, and deployment of applications.

.Net is widely used by organizations as a leading framework to build web applications. ECSP.Net teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications.

EC-Council Certified Secure Programmer lays the foundation required by all application developers and development organizations to produce with greater stability and fewer security risks to the consumer. The Certified Secure Programmer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.

This course is built with tons of labs peppered throughout the three days of training, offering participants critical hands on time to fully grasp the new techniques and strategies in secure programming.

ECSP .net Brochure

ECSPNET-Banner

Course Outline

Course Objectives

This course will:

  • Familiarize you with .Net Application Security, ASP.Net Security Architecture and help you understand the need for application security and common security threats to .Net framework
  • Discuss security attacks on .Net framework and explain the secure software development life cycle
  • Help you to understand common threats to .Net assemblies and familiarize you with stack walking processes
  • Discuss the need for input validation, various input validation approaches, common input validation attacks, validation control vulnerabilities, and best practices for input validation
  • Familiarize you with authorization and authentication processes and common threats to authorization and authentication
  • Discuss various security principles for session management tokens, common threats to session management, ASP.Net session management techniques, and various session attacks
  • Cover the importance of cryptography in .Net, different types of cryptographic attacks in .Net, and various .Net cryptography namespaces
  • Explain symmetric and asymmetric encryption, hashing concepts, digital certificates, digital and XML signatures
  • Describe the principles of secure error handling, different levels of exception handling, and various .Net logging tools
  • Examine file handling concepts, file handling security concerns, path traversal attacks on file handling, and defensive techniques against path traversal attack

What Will You Learn?

Students in this course will acquire knowledge in the following areas:

  • .Net framework security features and various secure coding principles
  • .Net framework run time security model, role-based security, code access security (CAS), and class libraries security
  • Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
  • Defensive techniques against session attacks, cookie security, and View State security
  • Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
  • Defensive techniques against path traversal attacks and defensive techniques against canonicalization attack and file ACLs
  • Mitigating vulnerabilities in machine config files, mitigating the vulnerabilities in app config files, and security code review approaches
  • The importance of secure programmers and certified secure programmers, the career path of secure programmers, and the essential skill set of secure programmers

ECSP .Net Info

Prerequisites:

You must be well-versed with .NET programming language.

Who Should Attend:

The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET Framework. It is designed for developers who have .NET development skills.

Couse/ Class Duration:

3 Days (9:00 AM – 5:00 PM)

Exam info:

  • Number of Questions: 50
  • Passing Score: 70%
  • Test Duration: 2 Hours
  • Test Format: Multiple Choice
  • Test Delivery: EC-Council Exam Center
  • Exam Prefix: 312-93
ECSPJava-Banner

About ECSP Java

Course Description

ECSPJava-Banner

Java is embedded in more than 3 billion devices such as laptops, data centers, game consoles, super computers, mobile phones, smart cards, and many, more devices. Java is widely adopted because of its platform and architecture independent characteristics that encourage developers and industries alike.

ECSP-Java is comprehensive course that provides hands-on training covering Java security features, policies, strengths, and weaknesses. It helps developers understand how to write secure and robust Java applications and provides advanced knowledge in various aspects of secure Java development that can effectively prevent hostile and buggy code. The end result of security Java coding practices include saving valuable effort, money, time, and possibly the reputation of organizations using Java coded applications.

ECSP Java Brochure

Course Outline

What Will You Learn?

  • Students in this course will acquire knowledge in the following areas:
  • Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class loading, Bytecode verifier, Security Manager, security policies, and Java Security Framework
  • Secure Software Development Lifecycle, threat modelling, software security frameworks, and secure software architectures
  • Best practices and standards and guidelines for secure file input/output and serialization
  • Java input validation techniques, validation errors, and best practices
  • Java exceptions, erroneous behaviors, and the best practices to handle or avoid them
  • Secure authentication and authorization processes
  • Java Authentication and Authorization Service (JAAS), its architecture, Pluggable Authentication Module (PAM) Framework, and access permissions through Java Security Model
  • Secure Java concurrency and session management that includes Java Memory Model, Java Thread Implementation methods, secure coding practices, and guidelines for handling threads, race conditions, and deadlocks
  • Core security coding practices of Java Cryptography that includes Encryption, KeyGenerator, implementation of Cipher Class,
  • Digital Signatures, Secret Keys, and key management
  • Various Java application vulnerabilities such as Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Directory Traversal vulnerability, HTTP Response Splitting attack, Parameter Manipulation, Injection Attacks and their countermeasures Coding testing and review techniques and practices

ECSP Java Info

Prerequisites:

You must be well-versed with Java programming language.

Who Should Attend:

The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with Java. It is designed for developers who have Java development skills.

Couse/ Class Duration:

3 Days (9:00 AM – 5:00 PM)

Exam info:

  • Number of Questions: 50
  • Passing Score: 70%
  • Test Duration: 2 Hours
  • Test Format: Multiple Choice
  • Test Delivery: EC-Council Exam Center
  • Exam Prefix: 312-94

Certification:

The ECSP Java 312-94 exam will be conducted on the last day of training. Students need to pass the online exam to receive the ECSP certification.