,

Secure Coding in .NET: Developing Defensible Applications Training

Secure Coding in .NET: Developing Defensible Applications Training: ASP.NET and the .NET framework have provided web developers with tools that allow them an unprecedented degree of flexibility and productivity. However, these sophisticated tools make it easier than ever to miss the little details that allow security vulnerabilities to creep into an application.

Since ASP.NET 2.0, Microsoft has done a fantastic job of integrating security into the ASP.NET framework, but the responsibility is still on application developers to understand the limitations of the framework and ensure that their own code is secure.

Have you ever wondered if the built-in ASP.NET validation is effective? Have you been concerned that web services might be introducing unexamined security issues into your application? Should you feel uneasy relying solely on the security controls built into the ASP.NET framework? The Secure Coding in .NET course will help students leverage built-in and custom defensive technologies to integrate security into their applications.

Secure Coding in .NET: Developing Defensible Applications TrainingDuration: 5 days

RESOURCES
RELATED COURSES
CUSTOMIZE It
  • We can adapt this Secure Coding in .NET: Developing Defensible Applications Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Secure Coding in .NET: Developing Defensible Applications Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Secure Coding in .NET: Developing Defensible Applications Training Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in .NET: Developing Defensible Applications course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this Secure Coding in .NET: Developing Defensible Applications course:

This Secure Coding in .NET: Developing Defensible Applications course is intended for:

  • ASP.NET developers who want to build more secure web applications
  • .NET framework developers
  • Software engineers
  • Software architects
  • Developers who need to be trained in secure coding techniques to meet PCI compliance

This class is focused specifically on software development, but it is accessible enough for anyone who’s comfortable working with code and has an interest in understanding the developer’s perspective. This could include:

  • Application security auditors
  • Technical project managers
  • Senior software QA specialists
  • Penetration testers who want a deeper understanding of how to target ASP.NET web applications or who want to provide more detailed vulnerability remediation options
CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this Secure Coding in .NET: Developing Defensible Applications course are:

  • At least one year of experience working with ASP.NET and the .NET framework
  • Experience with programming in ASP.NET using either Visual Basic or C#. All class work will be performed in C#
  • A thorough knowledge of Web technology
  • While this class briefly reviews basic web attacks, a prior understanding of web application vulnerabilities (i.e., the OWASP Top 10) is recommended.
Secure Coding in .NET: Developing Defensible Applications Training - OBJECTIVES

Upon completing this Secure Coding in .NET: Developing Defensible Applications Training course, learners will be able to meet these objectives:

  • Understand attacker’s methodology and how they will attack your web application
  • Apply defensive coding techniques to prevent your application from being compromised
  • Safeguard your sensitive information using approved cryptography standards
  • Find vulnerabilities in your application using code review and basic penetration testing techniques
  • Integrate security into your software development lifecycle
Secure Coding in .NET: Developing Defensible Applications Training - COURSE SYLLABUS

Data Validation

  • Web Application Attacks
  • Web Application Proxies
  • Parameter Manipulation
  • Cross-Site Scripting (XSS)
  • Open Redirect
  • Unvalidated Forwards
  • SQL Injection
  • HTTP Response Splitting
  • Input Validation
  • Indirect Selection
  • Blacklists
  • Whitelists
  • Regular Expressions
  • Event Validation
  • Character Encoding
  • Command Encoding
  • Content Security Policy
  • LINQ and Entity Framework

Authentication and Session Management

  • Authentication Factors
  • Authentication Attacks
  • Authorization Attacks
  • Password Management
  • ASP.NET Identity
  • Forms Authentication and Membership Provider
  • Race Conditions
  • Session Identifiers
  • Man-in-the-middle Attacks
  • Cross-Site Request Forgery (CSRF)
  • Clickjacking
  • Session Hijacking
  • Session Fixation
  • Session Management
  • Cookie Security

.NET Framework Security

  • Cryptography
  • Password Storage
  • PCI Compliance
  • Threading
  • String Immutability
  • Numeric Overflow
  • Risks of Malicious Code
  • Exception Handling
  • Auditing and Logging
  • Web Services

Secure Software Development Lifecycle

  • Security Training
  • Security Requirements
  • Secure Design
  • Threat Modeling
  • Implementation
  • Static Analysis
  • Peer Reviews
  • Secure Code Review
  • Verification
  • Dynamic Analysis
  • Penetration Test Reports
  • Release
  • Response
Secure Coding in .NET: Developing Defensible Applications Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: