Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Secure .Net Coding

( Duration: 3 Days )

In Secure .Net Coding training course, you will learn the best practices for designing, implementing, and deploying secure programs in .NET. You will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course explores well beyond basic programming skills, teaching developers sound processes and practices to apply to the entire software development lifecycle.

By attending Secure .Net Coding workshop, delegates will learn:

  • Concepts and terminology behind defensive coding
  • Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against assets
  • Entire spectrum of threats and attacks that take place against software applications in today’s world
  • Threat Modeling to identify potential vulnerabilities in a real life case study
  • Static code reviews and dynamic application testing for uncovering vulnerabilities in .NET applications
  • Vulnerabilities of the .NET programming language and the runtime environment as well as how to harden both
  • Work with .NET platform security to gain an appreciation for what is protected and how
  • Cryptography and encryption and where they fit in the overall security picture
  • .NET Cryptographic services
  • How role-based security works in .NET and use it to control access
  • How Code Access Security (CAS) works and use it to control access
  • Mechanics of isolated storage
  • Fundamentals of XML Digital Signature and XML Encryption

  • Familiarity with Java programming language is required
  • Programming experience is highly recommended
  • Working knowledge in basic programming in .NET

This Secure .Net Coding class is intended for Application project stakeholders who wish to develop secure Java applications.

COURSE AGENDA

1

Introduction: Misconceptions

  • Security: The Complete Picture
  • TJX: Anatomy of a Disaster?
  • Causes of Data Breaches
  • Heartland - Slipping Past PCI Compliance
  • Target’s Painful Christmas
  • Meaning of Being Compliant
  • Verizon’s 2013 Data Breach Report
2

Foundation

  • Security Concepts
    • Motivations: Costs and Standards
    • Open Web Application Security Project
    • Web Application Security Consortium
    • CERT Secure Coding Standards
    • Assets are the Targets
    • Security Activities Cost Resources
    • Threat Modeling
    • System/Trust Boundaries
  • Principles of Information Security
    • Security Is a Lifecycle Issue
    • Minimize Attack Surface Area
    • Layers of Defense: Tenacious D
    • Compartmentalize
    • Consider All Application States
    • Do Not Trust the Untrusted
  • Vulnerabilities
    • Unvalidated Input
    • Broken Access Control
    • Broken Authentication And Session
    • Management
    • Cross Site Scripting (XSS) Flaws
    • Injection Flaws
    • Error Handling And Information Leakage
    • Insecure Storage
    • Insecure Management of Configuration
    • Direct Object Access
    • Spoofing and Redirects
  • Understanding What’s Important
    • Common Vulnerabilities and Exposures
    • OWASP Top Ten for 2013
    • CWE/SANS Top 25 Most Dangerous SW Errors
    • Monster Mitigations
    • Strength Training: Project Teams/Developers
    • Strength Training: IT Organizations
3

Java Security

4

.NET Security Fundamentals

  • .NET Security Overview
    • Services Provided
    • Code Protections
    • Data Protections
  • .NET Assembly Security
    • The role of Application Domains
    • Protecting assemblies from tampering
    • Using obfuscation
    • Using publisher certificates
    • Using FxCop.exe
5

Cryptography Overview

  • Strong Encryption
    • Message digests
    • Keys and key management
    • Certificate management
    • Encryption/Decryption
  • .NET Cryptographic Services
    • The role of cryptographic services
    • Hash algorithms and hash codes
    • Encrypting data symmetrically
    • Encrypting data asymmetrically
  • Understanding Role Based Security
    • Using role based security
    • Creating and administering roles
    • Principals, identity and roles
    • Determining role membership
    • Restricting actions based on roles
  • Code Access Security
    • What is Code Access Security (CAS)
    • CAS components
    • Using CAS to secure applications
    • Interacting with CAS
  • Isolated Storage
    • The purpose of Isolated Storage
    • Levels of isolated storage
    • Using isolated storage administrative tools
    • Working with isolated storage programmatically
6

Defending XML and Services

  • Defending XML
    • XML Signature
    • XML Encryption
    • XML Attacks: Structure
    • XML Attacks: Injection
    • Safe XML Processing
  • Defending Web Services
    • Web Service Security Exposures
    • When Transport-Level Alone is NOT Enough
    • Message-Level Security
    • WS-Security Roadmap
    • XWSS Provides Many Functions
    • Web Service Attacks
    • Web Service Appliance/Gateways

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X