Code Highly Secure .NET Applications That Follow OWASP Standards And Protect Your Business From Cyber Attack

This course will provide delegates with a sound understanding of modern day requirements for building secure applications from the ground up, by looking at the Secure Development Lifecycle, and using sound Testing and Documentation techniques.

Course Content

Our hands-on .NET Security training course has been developed for real-world, commercial scenarios by our expert instructors. See below for detailed syllabus, or if you have a technical question, please email [email protected]

What you will learn

At the end of this course delegates will be able to:

1. Security Principles
2. SD3
3. A rich list of security techniques
4. Writing secure .net code
5. How to test security
6. How to build privacy into you application
7. How to secure installations
8. How to write secure documentation and error messages.

Secure coding with .NET 4.0 Training Course Outline

Security Overview

The Need for Secure Systems 
Trustworthy Computing 
Proactive Security Development 
SD 3 : Secure by Design, by Default, and in Deployment 
Security Principles 
Threat Modelling

Security Techniques

Preventing Buffer Overruns
Determining Appropriate Access Control 
Running with Least Privilege
Cryptographic Techniques
Protecting Secret Data 
Guarding against Input 
Canonical Representation Issues
Database Input Issues 
Web-Specific Input Issues
Internationalization Issues 
Socket Security 
Securing RPC, ActiveX Controls, and DCOM 
Protecting Against Denial of Service Attacks 

Writing Secure .NET Code

Code Access Security Overview
Using FxCop
Strong-Named Assemblies 
Specifying Assembly Permission Requirements 
Use of Assert 
Demands and Link Demands
Limiting Who Uses Your Code
XML and Configuration Files
Partial Trust Assemblies
Issues with Delegates 
Issues with Serialization 
The Role of Isolated Storage 
Tracing and Debugging
General Good Practices 

Security Testing

The Role of the Security Tester 
Building Security Test Plans from a Threat Model 
Testing Clients with Rogue Servers 
Determining Attack Surface
Performing a Security Code Review 

Secure Software Installation

Principle of Least Privilege 
Using the Security Configuration Editor 
Low-Level Security APIs 

Building Privacy into Your Application

Malicious vs. Annoying Invasions of Privacy 
Major Privacy Legislation 
Privacy vs. Security 
Building a Privacy Infrastructure 
Designing Privacy-Aware Applications

Writing Security Documentation and Error Messages

Security Issues in Documentation 
Security Issues in Error Messages 
Information Disclosure Issues 
Security Usability