Previous
Next

I need more information

If you would like to speak to a member of our specialist team, please feel free to call our freephone number or email us directly:

0800 028 6400

sales@jbinternational.co.uk

Quote me | Enrol me

Writing Secure ASP.NET Web Applications Training Course

Course code: SECASPNET
Details:
OnsiteEnquire about bringing this course to your offices
Who should attend: Developers who wish to know how to develop secure ASP.NET web applications.
Prerequisite skills: Delegates should have practical experience of writing web applications in VB.NET or C#

Course Outline

The increasing use of the Internet for commercial purposes has led to a need for web applications to operate correctly and securely. There are many people seeking to take advantage of poorly designed and badly configured applications, and today's developers need to know how to write secure applications, and how to guard against attacks. This course will show how security can (and must) be designed into a project from the start, and will then examine a number of the common attacks experienced by web applications.

Course Content

Our hands-on ASP.NET Security training course has been developed for real-world, commercial scenarios by our expert instructors. See below for detailed syllabus, or if you have a technical question, please email sales@jbinternational.co.uk

What you will learn

1. How to build security into a project
2. Secure coding guidelines
3. How to prevent and discover problems through testing
4. Secure deployment and authentication for ASP.NET applications
5. How to counter common attacks
6. How to use testing tools
7. effective auditing and logging

 

Writing Secure ASP.NET Web Applications

Introduction

Why web applications are insecure
Review of HTTP and web technologies
Proactive Security Development

Before Coding Starts...

Security throughout the lifecycle
Threat modelling (thinking like the enemy)

Writing Code

Coding best practices
Setting up a build process (TDD, unit tests, mock objects)
Source code analysis: static tools, build process etc

Web Application Specifics

Input validation
Authentication (protecting against brute force & phishing)
Session hijacking
Cross-site scripting
Cross-site request forgery
HTTP response splitting
Cryptography and protecting sensitive data
Buffer overruns
Injection attacks
Privilege escalation
Race conditions
Insecure error handling
Insecure configuration management
Denial of Service / Distributed Denial of Service (DoS / DDoS)
ASP.NET security

Testing Web Applications

Using a security proxy
Fault injection and fuzzing
Stress test
Load test
Effective auditing and logging