Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Certified Application Security Engineer (CASE)
The Certified Application Security Engineer (CASE .NET) is a hands-on, comprehensive certification program designed to equip software developers with the skills to build secure .NET applications. The course focuses on integrating security practices throughout the Software Development Life Cycle (SDLC), including planning, development, testing, and deployment. It emphasizes secure coding, threat modeling, and application security testing, making it ideal for today’s insecure operating environments.
Who It’s For:
This course is intended for .NET developers with at least two years of experience, application security engineers, analysts, testers, and anyone involved in the secure development of software applications. It is also suitable for federal employees and contractors responsible for developing or auditing secure software systems.
What You’ll Learn:
Participants will learn how to identify and mitigate application vulnerabilities, implement secure coding practices, and apply security controls across the SDLC. The course includes practical labs and real-world scenarios to reinforce learning.
Course Outline:
Understanding Application Security, Threats, and Attacks
Security Requirements Gathering
Secure Application Design and Architecture
Secure Coding Practices for Input Validation
Secure Coding Practices for Authentication and Authorization
Secure Coding Practices for Cryptography
Secure Coding Practices for Session Management
Secure Coding Practices for Error Handling
Static and Dynamic Application Security Testing (SAST & DAST)
Secure Deployment and Maintenance
Why It’s Valuable for Federal Employees and Contractors:
CASE .NET aligns with the NICE Cybersecurity Workforce Framework and supports federal initiatives for secure software development. It helps federal professionals ensure that applications meet security standards and are resilient against modern cyber threats. This is especially important for agencies developing or managing mission-critical software systems.
Delivery Formats:
The CASE .NET program is available in multiple formats: In-Person Training, Online Self-Paced, and Online Instructor-Led.
Course Overview
none
Learning Objectives
Understand application security threats and secure SDLC practices
Gather and define security requirements for software projects
Design secure application architectures and components
Apply secure coding practices in .NET environments
Implement authentication, authorization, and session management
Use cryptographic techniques to protect data
Handle errors and exceptions securely
Conduct static and dynamic application security testing
Secure application deployment and maintenance processes
Prepare for secure software development roles in federal settings
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.