Secure Coding in .NET Developing Defensible Applications Training

Secure Coding in .NET Developing Defensible Applications Training

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

Secure Coding in .NET Developing Defensible Applications Training Course Description

ASP.NET and the .NET framework have provided web developers with tools that allow them an unprecedented degree of flexibility and productivity. However, these sophisticated tools make it easier than ever to miss the little details that allow security vulnerabilities to creep into an application. Since ASP.NET 2.0, Microsoft has done a fantastic job of integrating security into the ASP.NET framework, but the responsibility is still on application developers to understand the limitations of the framework and ensure that their own code is secure.

Have you ever wondered if the built-in ASP.NET validation is effective? Have you been concerned that web services might be introducing unexamined security issues into your application? Should you feel uneasy relying solely on the security controls built into the ASP.NET framework? Secure Coding in .NET Developing Defensible Applications Training course will help students leverage built-in and custom defensivie technologies to integrate security into their applications.

Customize It:

• If you are familiar with some aspects of this Secure Coding in .NET Developing Defensible Applications Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Secure Coding in .NET Developing Defensible Applications Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in .NET Developing Defensible Applications Training course in manner understandable to lay audiences.

Related Courses:

Secure Coding in Java/JEE: Developing Defensible Applications Training
Secure Coding for PHP Training

Audience / Target Group:

The target audience for this Secure Coding in .NET Developing Defensible Applications Training course:

• ASP.NET developers who want to build more secure web applications
• .NET framework developers
• Software engineers
• Software architects
• Developers who need to be trained in secure coding techniques to meet PCI compliance

This Secure Coding in .NET: Developing Defensible Applications Training class is focused specifically on software development, but it is accessible enough for anyone who’s comfortable working with code and has an interest in understanding the developer’s perspective. This could include:

• Application security auditors
• Technical project managers
• Senior software QA specialists
• Penetration testers who want a deeper understanding of how to target ASP.NET web applications or who want to provide more detailed vulnerability remediation options

What You Will Learn:

Upon completing this Secure Coding in .NET Developing Defensible Applications Training course, learners will be able to meet these objectives:

• Understand attacker’s methodology and how they will attack your web application
• Apply defensive coding techniques to prevent your application from being compromised
• Safeguard your sensitive information using approved cryptography standards
• Find vulnerabilities in your application using code review and basic penetration testing techniques
• Integrate security into your software development lifecycle

Secure Coding in .NET Developing Defensible Applications Training – Course Syllabus:

Data Validation

• Web Application Attacks
• Web Application Proxies
• Parameter Manipulation
• Cross-Site Scripting (XSS)
• Open Redirect
• Unvalidated Forwards
• SQL Injection
• HTTP Response Splitting
• Input Validation
• Indirect Selection
• Blacklists
• Whitelists
• Regular Expressions
• Event Validation
• Character Encoding
• Command Encoding
• Content Security Policy
• LINQ and Entity Framework

Authentication and Session Management

• Authentication Factors
• Authentication Attacks
• Authorization Attacks
• Password Management
• ASP.NET Identity
• Forms Authentication and Membership Provider
• Race Conditions
• Session Identifiers
• Man-in-the-middle Attacks
• Cross-Site Request Forgery (CSRF)
• Clickjacking
• Session Hijacking
• Session Fixation
• Session Management
• Cookie Security

.NET Framework Security

• Cryptography
• Password Storage
• PCI Compliance
• Threading
• String Immutability
• Numeric Overflow
• Risks of Malicious Code
• Exception Handling
• Auditing and Logging
• Web Services

Secure Software Development Lifecycle

• Security Training
• Security Requirements
• Secure Design
• Threat Modeling
• Implementation
• Static Analysis
• Peer Reviews
• Secure Code Review
• Verification
• Dynamic Analysis
• Penetration Test Reports
• Release
• Response

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Print Friendly, PDF & Email