3 arrows

Summer-Ready Savings: Up To $500 Off Training 

closeClose

Secure .Net Coding

  • Tuition USD $2,095 GSA  $1,899.75
  • Reviews star_rate star_rate star_rate star_rate star_half 4119 Ratings
  • Course Code TT8200-N
  • Duration 3 days
  • Available Formats Classroom

Secure .Net Coding is a hands-on, lab-intensive .Net security, code-level training course that teaches you the best practices for designing, implementing, and deploying secure programs in .Net. This course explores well beyond basic programming skills, teaching developers sound processes and practices to apply to the entire software development lifecycle. You will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. Perhaps just as significantly, you will learn about current, real examples that illustrate the potential consequences of not following these best practices. The course provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. You will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities. This workshop is approximately 50% dynamic lab exercises and 50% lecture, providing in-depth, code-level labs. The second portion of the course steps through a series of vulnerabilities illustrating in very real terms the right way to implement secure .Net applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment. A key component to our Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is .Net-specific, it may also be presented using Java or other programming languages.

  • According to research by the National Institute of Standards, 92% of all security vulnerabilities are now considered application vulnerabilities and not network vulnerabilities.

Skills Gained

  • Concepts and terminology behind defensive coding
  • Using Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Threats and attacks that take place against software applications in today's world
  • Using Threat Modeling to identify potential vulnerabilities in a real-life case study
  • Static code reviews and dynamic application testing to uncover vulnerabilities in .Net applications
  • Vulnerabilities of the .Net programming language and the runtime environment as well as how to harden both
  • Working with .Net platform security to gain an appreciation for what is protected and how
  • Basics of Cryptography and Encryption and where they fit in the overall security picture
  • .Net Cryptographic services
  • How role-based security works in .Net and using it to control access
  • How Code Access Security (CAS) works and using it to control access
  • Mechanics of isolated storage
  • Fundamentals of XML Digital Signature and XML Encryption

Who Can Benefit

This intermediate-level .Net programming course is designed for developers who wish to get up and running on developing well-defended software applications.

Prerequisites

Familiarity with the C# programming language is required, and real-world programming experience is highly recommended.

Course Details

Defensive Coding Overview

  • Thriving Industry of Identify Theft
  • Dishonor Roll of Data Breaches
  • TJX: Anatomy of a Disaster
  • Heartland: What? Again?
  • Terminology and Players
  • Assets, Threats, and Attacks
  • OWASPCWE/SANS Top 25 Programming Errors
  • Categories
  • What They Mean to Your Applications
  • Security Is a Lifecycle Issue
  • Minimize Attack Surface
  • Manage Resources
  • Application States
  • Compartmentalize
  • Defense in Depth Layered Defense
  • Consider All Application States
  • Not Trusting the Untrusted
  • Security Defect Mitigation
  • Leverage Experience

Vulnerabilities

  • Unvalidated Input XSS/CSRF, Injection, and Others
  • Broken Authentication and Authorization
  • Information Leakage Error Handling, Logging, Insecure Storage, and Others
  • Spoofing Protecting Your Users and Your Applications

.Net Security Fundamentals

  • .Net Security Overview
  • Services Provided
  • Code Protections
  • Data Protections

.NET Assembly Security

  • The Role of Application Domains
  • Protecting Assemblies from Tampering
  • Using Obfuscation
  • Using Publisher Certificates
  • Using FxCop.exe

Cryptography Overview

  • Cryptography Defined
  • Strong Encryption
  • Ciphers and Algorithms
  • Message Digests
  • Keys and Key Management
  • Types of Keys
  • Key Management
  • Certificate Management
  • Encryption/Decryption

.NET Cryptographic Services

  • The Role of Cryptographic Services
  • Hash Algorithms and Hash Codes
  • Generating Hashed Data
  • Validating Hash Codes
  • Encryption and Decryption
  • Encrypting Data Symmetrically
  • Encrypting Data Asymmetrically

Understanding Role Based Security

  • Using Role Based Security
  • Creating and Administering Roles
  • Principals, Identity and Roles
  • Determining Role Membership
  • Restricting Actions Based on Roles

Code Access Security

  • What is Code Access Security (CAS)
  • CAS Components
  • Using CAS to secure Applications
  • Interacting with CAS

Isolated Storage

  • The Purpose of Isolated Storage
  • Levels of Isolated Storage
  • Using Isolated Storage Administrative Tools
  • Working with Isolated Storage Programmatically

Defending XML Processing

  • Understanding Common Attacks and How to Defend
  • Operating in Safe Mode
  • Using Standards-Based Security
  • XML-Aware Security Infrastructure

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals, and private on sites. View our group training page for more information.

ExitCertified was a great. They gave me all the materials and information I needed ahead of time to prepare for the course.

Instructor, Training material & span of the training is neatly planned.

Although there seemed to be too many links for the course, everything worked smoothly.

The labs and course material gave me valuable insights into cloud security architecture

The training was good but needed the basic skills of maximo before getting deep in the configuration of it.

0 options available

There are currently no scheduled dates for this course. If you are interested in this course, request a course date with the links above. We can also contact you when the course is scheduled in your area.

Contact Us 1-800-803-3948
Contact Us
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward