312-95
Coming Soon
Expected availability announced soon
This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.
ECCouncil CASE NET
The CASE .NET certification exam validates professionals’ mastery of .NET security fundamentals, ASP.NET Core authentication, input/output protection, secure data access, and robust error handling and logging.
120
Minutes
50
Questions
70/100
Passing Score
$250
Exam Cost
Who Should Take This
C# and ASP.NET Core developers who design, build, or maintain enterprise applications should pursue the CASE .NET exam. Candidates typically have at least three years of professional .NET experience and seek to demonstrate expertise in securing application code, data flows, and operational logging. Achieving certification supports career advancement into security‑focused or senior development roles.
What's Covered
1
.NET Security Fundamentals
2
ASP.NET Core Auth
3
Input and Output Security
4
Secure Data Access
5
Error Handling and Logging
6
API Security
7
Session and State
8
Configuration Security
9
Testing and Review
10
Deployment Security
What's Included in AccelaStudy® AI
Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats
Course Outline
60 learning goals
1
.NET Security Fundamentals
2 topics
CLR and framework
- Apply .NET runtime security including CLR model assembly signing strong naming and code access security policies.
- Analyze .NET security configurations to identify trust level issues assembly loading vulnerabilities and permission gaps.
- Design .NET security architectures incorporating assembly isolation trust boundaries and runtime protection mechanisms.
.NET cryptography
- Apply .NET cryptographic libraries including System.Security.Cryptography for AES RSA ECDSA hashing and key derivation.
- Analyze .NET crypto implementations to identify weak algorithms insufficient key sizes and improper IV generation.
- Design cryptographic strategies for .NET incorporating key management certificate handling and algorithm selection.
2
ASP.NET Core Auth
2 topics
Authentication
- Apply ASP.NET Core Identity and authentication including cookie JWT bearer token and external OAuth provider configuration.
- Analyze authentication to identify session management weaknesses token validation gaps and provider misconfigurations.
- Design authentication architectures for ASP.NET Core incorporating Identity multi-factor and federated authentication.
Authorization
- Apply ASP.NET Core authorization including policy-based role-based claims-based and resource-based authorization patterns.
- Analyze authorization to identify privilege escalation risks missing policy enforcement and role assignment issues.
- Design authorization frameworks for ASP.NET Core incorporating custom policies requirement handlers and resource auth.
3
Input and Output Security
2 topics
Model validation
- Apply ASP.NET Core model validation including data annotations custom validators FluentValidation and request filtering.
- Analyze input handling to identify missing validation mass assignment vulnerabilities and insufficient sanitization.
- Design input validation strategies for .NET incorporating model binding security custom validators and anti-forgery tokens.
Output encoding
- Apply output encoding in Razor using HTML helpers tag helpers and anti-XSS libraries to prevent injection in views.
- Analyze Razor views to identify raw output XSS vulnerabilities JavaScript injection and encoding bypass opportunities.
- Design output security strategies incorporating Razor encoding CSP headers and content type enforcement.
4
Secure Data Access
2 topics
Entity Framework
- Apply EF Core security including parameterized queries LINQ injection prevention and connection string protection.
- Analyze EF Core for raw SQL injection risks lazy loading vulnerabilities and data exposure patterns.
- Design secure data access using EF Core incorporating repository patterns query filtering and audit logging.
Data Protection API
- Apply ASP.NET Core Data Protection API for encryption key management purpose strings and data protection at rest.
- Analyze data protection configurations to identify key rotation issues insufficient scope and storage vulnerabilities.
- Design data protection strategies incorporating DPAPI key management Azure Key Vault integration and lifecycle.
5
Error Handling and Logging
2 topics
Exception management
- Apply .NET exception handling including structured exception management custom error pages and global exception filters.
- Analyze exception handling to identify information disclosure stack trace leakage and insufficient error classification.
- Design exception management incorporating centralized handling security event logging and user-safe responses.
Security logging
- Apply Serilog NLog and Application Insights for security event monitoring and audit trails in .NET applications.
- Analyze logging coverage to identify missing security events insufficient detail and log injection vulnerability risks.
- Design security logging incorporating structured logging centralized collection and tamper-resistant storage.
6
API Security
2 topics
Web API security
- Apply ASP.NET Core Web API security including JWT validation OAuth middleware CORS configuration and rate limiting.
- Analyze API implementations to identify authorization bypass input validation gaps and insufficient response filtering.
- Design API security architectures incorporating gateway patterns authentication federation and request validation.
gRPC and SignalR
- Apply gRPC and SignalR security including transport encryption authentication integration and message validation.
- Analyze real-time communication to identify authentication gaps message injection and insufficient authorization.
- Design real-time communication security incorporating TLS authentication authorization and message validation.
7
Session and State
2 topics
Session security
- Apply ASP.NET Core session management including secure cookie configuration distributed session and anti-forgery tokens.
- Analyze sessions to identify fixation risks insufficient expiration and cross-site request forgery vulnerabilities.
- Design session management incorporating distributed cache session binding and comprehensive CSRF protection.
Caching security
- Apply caching security including response caching output caching and distributed cache security in ASP.NET Core.
- Analyze caching configurations to identify sensitive data exposure cache poisoning and insufficient invalidation.
- Design caching security incorporating cache segmentation sensitive data exclusion and cache integrity controls.
8
Configuration Security
2 topics
Secrets management
- Apply .NET config security including user secrets Azure Key Vault environment variables and configuration encryption.
- Analyze configuration management to identify hardcoded secrets insecure storage and insufficient access controls.
- Design configuration security incorporating secret rotation key vault integration and environment-specific settings.
Middleware pipeline
- Apply ASP.NET Core middleware security including HTTPS enforcement HSTS security headers and request pipeline ordering.
- Analyze middleware configurations to identify security header gaps ordering vulnerabilities and missing protection.
- Design middleware pipeline security incorporating defense-in-depth header configuration and custom security middleware.
9
Testing and Review
2 topics
Security testing
- Apply .NET security testing including unit tests for auth integration tests for API security and vulnerability scanning.
- Analyze security test coverage to identify untested attack vectors missing assertions and gap areas.
- Design security testing strategies for .NET incorporating xUnit security tests static analysis and CI/CD integration.
Code review
- Apply .NET security code review including Roslyn analyzers CodeQL for C# and manual pattern identification.
- Analyze code review findings to prioritize security issues create remediation guidance and track fix verification.
- Design code review programs for .NET incorporating automated analyzers peer review and security champion roles.
10
Deployment Security
2 topics
Azure deployment
- Apply Azure App Service security including managed identity deployment slots configuration encryption and network restrictions.
- Analyze Azure deployments to identify excessive permissions insecure endpoints and missing network controls.
- Design Azure deployment security incorporating managed identity Key Vault integration and automated validation.
Container deployment
- Apply .NET container security including Docker image hardening Kubernetes deployment and health check protection.
- Analyze containerized .NET to identify image vulnerabilities runtime exposure and orchestration misconfigurations.
- Design .NET container strategies incorporating minimal images security scanning and runtime protection controls.
Scope
Included Topics
- .NET application security including CLR security ASP.NET Core authentication authorization and secure data access.
- ASP.NET Core security including Identity middleware pipeline Razor Pages security and API protection patterns.
- Secure data access including Entity Framework SQL injection prevention and .NET Data Protection API usage.
- .NET deployment security including Azure App Service containerized .NET and CI/CD security integration.
- Security testing and code review for .NET including Roslyn analyzers and automated vulnerability scanning.
Not Covered
- General secure programming covered by ECSP.
- Offensive web exploitation covered by CEH/WAHS.
- DevSecOps pipeline security covered by ECDE.
- Network defense covered by CND.
Official Exam Page
Learn more at EC-Council
312-95 is coming soon
Adaptive learning that maps your knowledge and closes your gaps.
Create Free Account to Be Notified