EC-Council 312-96 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Secure Deployment andMaintenance | - Understand the importance of secure deployment -Explain security practices at host level -Explain security practices at network level -Explain security practices at application level -Explain security practices at web container level (Tomcat) -Explain security practices at Oracle database level -Demonstrate the knowledge of security maintenance and monitoring activities | 10% |
| Secure Coding Practices for Input Validation | - Understand the need of input validation -Explain data validation techniques -Explain data validation in strut framework -Explain data validation in Spring framework -Demonstrate the knowledge of common input validation errors -Demonstrate the knowledge of common secure coding practices for input validation | 8% |
| Secure Coding Practices for Cryptography | - Understand fundamental concepts and need of cryptography In Java -Explain encryption and secret keys -Demonstrate the knowledge of cipher class Implementation -Demonstrate the knowledge of digital signature and Its Implementation -Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation -Explain Secure Key Management -Demonstrate the knowledgeofdigital certificate and its implementation - Demonstrate the knowledge of Hash implementation -Explain Java Card Cryptography -Explain Crypto Module in Spring Security -Demonstrate the understanding of Do's and Don'ts in Java Cryptography | 6% |
| Secure Application Design and Architecture | - Understand the importance of secure application design -Explain various secure design principles -Demonstrate the understanding of threat modeling -Explain threat modeling process -Explain STRIDE and DREAD Model -Demonstrate the understanding of Secure Application Architecture Design | 12% |
| Secure Coding Practices for Authentication and Authorization | - Understand authentication concepts -Explain authentication implementation in Java -Demonstrate the knowledge of authentication weaknesses and prevention -Understand authorization concepts -Explain Access Control Model -Explain EJB authorization -Explain Java Authentication and Authorization (JAAS) -Demonstrate the knowledge of authorization common mistakes and countermeasures -Explain Java EE security -Demonstrate the knowledge of authentication and authorization in Spring Security Framework -Demonstrate the knowledge of defensive coding practices against broken authentication and authorization | 4% |
| Static and Dynamic Application Security 'resting (SAST & DAST) | - Understand Static Application Security Testing (SAST) -Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities -Explain Dynamic Application Security Testing -Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST -Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST | 8% |
| Security Requirements Gathering | -Understand the importance of gathering security requirements -Explain Security Requirement Engineering (SRE) and its phases -Demonstrate the understanding of Abuse Cases and Abuse Case Modeling - Demonstrate the understanding of Security Use Cases and Security Use Case Modeling -Demonstrate the understanding of Abuser and Security Stories -Explain Security Quality Requirements Engineering (SQUARE) Model -Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model | 8% |
| Understanding Application Security, Threats, and Attacks | -Understand the need and benefits of application security -Demonstrate the understanding of common application-level attacks -Explain the causes of application-level vulnerabilities -Explain various components of comprehensive application security -Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ) -Differentiate functional vs security activities in SDLC -Explain Microsoft Security Development Lifecycle (SDU) -Demonstrate the understanding of various software security reference standards, models, and frameworks | 18% |
| Secure Coding Practices for Session Management | - Explain session management in Java -Demonstrate the knowledge of session management in Spring framework -Demonstrate the knowledge of session vulnerabilities and their mitigation techniques -Demonstrate the knowledge of best practices and guidelines for secure session management | 10% |
| Secure Coding Practices for Error Handling | - Explain Exception and Error Handling in Java -Explain erroneous exceptional behaviors -Demonstrate the knowledge of do's and don'ts in error handling -Explain Spring MVC error handing -Explain Exception Handling in Struts2 -Demonstrate the knowledge of best practices for error handling -Explain to Logging in Java -Demonstrate the knowledge of Log4j for logging -Demonstrate the knowledge of coding techniques for secure logging -Demonstrate the knowledge of best practices for logging | 16% |
EC-Council CASE Java Exam Certification Details:
| Passing Score | 70% |
| Exam Price | $450 (USD) |
| Schedule Exam | Pearson VUE OREC-Council Store,ECC Exam Center |
| Sample Questions | EC-Council CASE Java Sample Questions |
| Number of Questions | 50 |
| Exam Code | 312-96 |
| Duration | 120 mins |
| Exam Name | EC-Council Certified Application Security Engineer (CASE) - Java |
| Books / Training | Master Class |
Do you meet a lion on the way when passing 312-96 exam as you want to gain the ECCouncil Application Security and be a leader in IT field? If you really want to pass Certified Application Security Engineer (CASE) JAVA exam as soon as possible, TestPassed 312-96 test dump will be your best helper. We are a strong company selling all test passed dumps of all IT certifications examinations published by almost all largest companies. We are the leading position in this area because of our very accurate 312-96 test dump, high passing rate and good pass score. We devote ourselves to providing the best test questions and golden customer service.
Three versions: PDF version, SOFT (PC Test Engine), APP (Online Test Engine)
Our 312-96 test dump has three versions for your choose. Many candidates are not sure which they should choose. Statistically speaking, the APP (Online Test Engine) of 312-96 test dump is popular by more than 60% of examinees. Let's tell something about the details.
PDF version of 312-96 test dump is suitable for printing out unlimited times and number of copies. It is available for examinees that who are used to studying on paper.
SOFT (PC Test Engine) of 312-96 test dump is downloaded and installed unlimited times and number of personal computers. It can imitate the real test scene on the computer and have some special methods to help you master the test dumps questions and answers. The disadvantage is that SOFT (PC Test Engine) of 312-96 test dump is only available for Window system (personal computer).
APP (Online Test Engine) of 312-96 test dump contains all the functions of the SOFT (PC Test Engine). The difference is that APP (Online Test Engine) is available for all electronic products such as MP4, MP5, Mobile phone, Iwatch, not just for personal computer.
Best 312-96 test dump help you pass exam definitely
Our company employs well-paid experts team from the largest companies respectively which were engaged in editing the real test in previous companies. They are really skilled in 312-96 test dump and have rich information sources and good relationship. They always can get the first-hand news about the real test changes. We are strict with education experts in providing stable and high-quality 312-96 test dump all the time. The products are the root and most valued by our company. We ensure that 312-96 test dump whenever you purchase is the latest, valid and helpful for your exam. Other companies can imitate us but can't surpass us. We believe our best 312-96 test dump help you pass exam definitely.
Golden customer service guarantee you worry-free shopping
Firstly, we have professional customer attendants about 312-96 test dump and provide 7/24hours on-line service all the year round. We request every email & on-line news should be replied in two hours. After payment we will send you the latest 312-96 test dump in half an hour.
Secondly, we support Credit Card payment for 312-96 test dump; your money will be safe surely. Also we have a strict information system to make sure that your information will be safe and secret.
Thirdly, we assure examinees will pass exam definitely if you purchase our 312-96 test dump, if you fail the ECCouncil Certified Application Security Engineer (CASE) JAVA, we will refund the cost of our test questions by Credit Card. Please be worry-free shopping in our website.
After purchase, Instant Download: Upon successful payment, Our systems will automatically send the product you have purchased to your mailbox by email. (If not received within 12 hours, please contact us. Note: don't forget to check your spam.)
Kelly 
Veromca 
Colby 
Dempsey 
Dolores 
Godfery 
Leonard 
Glenn 
Horace 
Sandy 
Blanche 
June 
Sigrid 
Augus 
Murphy 
Douglas 
Julius 
Daniel 
Clarence 
Annabelle 
Mandel 
