Secure Coding in .NET: Developing Defensible Applications Training

Print Friendly, PDF & Email
Introduction

Secure Coding in .NET: Developing Defensible Applications Training Course Description

Secure Coding in .NET: Developing Defensible Applications Training; ASP.NET and the .NET framework have provided web developers with tools that allow them an unprecedented degree of flexibility and productivity. However, these sophisticated tools make it easier than ever to miss the little details that allow security vulnerabilities to creep into an application.

Since ASP.NET 2.0, Microsoft has done a fantastic job of integrating security into the ASP.NET framework, but the responsibility is still on application developers to understand the limitations of the framework and ensure that their own code is secure.

Have you ever wondered if the built-in ASP.NET validation is effective? Have you been concerned that web services might be introducing unexamined security issues into your application? Should you feel uneasy relying solely on the security controls built into the ASP.NET framework? The Secure Coding in .NET course will help students leverage built-in and custom defensive technologies to integrate security into their applications.

Duration: 5 days

Secure Coding in .NET: Developing Defensible Applications Training Related Courses

Customize It

• If you are familiar with some aspects of this Secure Coding in .NET: Developing Defensible Applications Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Secure Coding in .NET: Developing Defensible Applications Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in .NET: Developing Defensible Applications Training course in manner understandable to lay audiences.

Audience / Target Group

This Secure Coding in .NET: Developing Defensible Applications Training course is intended for:

• ASP.NET developers who want to build more secure web applications
• .NET framework developers
• Software engineers
• Software architects
• Developers who need to be trained in secure coding techniques to meet PCI compliance

This Secure Coding in .NET: Developing Defensible Applications Training class is focused specifically on software development, but it is accessible enough for anyone who's comfortable working with code and has an interest in understanding the developer's perspective. This could include:

• Application security auditors
• Technical project managers
• Senior software QA specialists
• Penetration testers who want a deeper understanding of how to target ASP.NET web applications or who want to provide more detailed vulnerability remediation options

Secure Coding in .NET: Developing Defensible Applications Training - Objectives:

After completing this Secure Coding in .NET: Developing Defensible Applications Training course, attendees will be able to:

• Understand attacker's methodology and how they will attack your web application
• Apply defensive coding techniques to prevent your application from being compromised
• Safeguard your sensitive information using approved cryptography standards
• Find vulnerabilities in your application using code review and basic penetration testing techniques
• Integrate security into your software development lifecycle

Secure Coding in .NET: Developing Defensible Applications Training - Course Content:

Data Validation

• Web Application Attacks
• Web Application Proxies
• Parameter Manipulation
• Cross-Site Scripting (XSS)
• Open Redirect
• Unvalidated Forwards
• SQL Injection
• HTTP Response Splitting
• Input Validation
• Indirect Selection
• Blacklists
• Whitelists
• Regular Expressions
• Event Validation
• Character Encoding
• Command Encoding
• Content Security Policy
• LINQ and Entity Framework

Authentication and Session Management

• Authentication Factors
• Authentication Attacks
• Authorization Attacks
• Password Management
• ASP.NET Identity
• Forms Authentication and Membership Provider
• Race Conditions
• Session Identifiers
• Man-in-the-middle Attacks
• Cross-Site Request Forgery (CSRF)
• Clickjacking
• Session Hijacking
• Session Fixation
• Session Management
• Cookie Security

.NET Framework Security

• Cryptography
• Password Storage
• PCI Compliance
• Threading
• String Immutability
• Numeric Overflow
• Risks of Malicious Code
• Exception Handling
• Auditing and Logging
• Web Services

Secure Software Development Lifecycle

• Security Training
• Security Requirements
• Secure Design
• Threat Modeling
• Implementation
• Static Analysis
• Peer Reviews
• Secure Code Review
• Verification
• Dynamic Analysis
• Penetration Test Reports
• Release
• Response

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0