Security training: Writing Secure Code in .NET Training Course JBI Training JB International London UK onsite custom public

Print this Download course (pdf/doc)

I need more information

If you would like to speak to a member of our specialist team, please feel free to call our freephone number or email us directly:

0800 028 6400

enquires@jbinternational.co.uk

Quote me | Enrol me

Secure coding with .NET 4.0

Course code:	SECNET
Details:	25 June, 2 days, £1495 + VAT
Onsite	Enquire about bringing this course to your offices
Who should attend:	.NET Developers who need to ensure their applications are as secure as possible through developing and testing robust, secure code
Prerequisite skills:	Experience of programming in a .NET Language (e.g. C# / VB.NET)

Course Outline

This course will provide delegates with a sound understanding of modern day requirements for building secure applications from the ground up, by looking at the Secure Development Lifecycle, and using sound Testing and Documentation techniques.

Course Content

Our hands-on .NET Security training course has been developed for real-world, commercial scenarios by our expert instructors. See below for detailed syllabus, or if you have a technical question, please email sales@jbinternational.co.uk

What you will learn

At the end of this course delegates will be able to:

1. Security Principles
2. SD3
3. A rich list of security techniques
4. Writing secure .net code
5. How to test security
6. How to build privacy into you application
7. How to secure installations
8. How to write secure documentation and error messages.

Secure coding with .NET 4.0 Training Course Outline

Security Overview

The Need for Secure Systems
Trustworthy Computing
Proactive Security Development
SD 3 : Secure by Design, by Default, and in Deployment
Security Principles
Threat Modelling

Security Techniques

Preventing Buffer Overruns
Determining Appropriate Access Control
Running with Least Privilege
Cryptographic Techniques
Protecting Secret Data
Guarding against Input
Canonical Representation Issues
Database Input Issues
Web-Specific Input Issues
Internationalization Issues
Socket Security
Securing RPC, ActiveX Controls, and DCOM
Protecting Against Denial of Service Attacks

Writing Secure .NET Code

Code Access Security Overview
Using FxCop
Strong-Named Assemblies
Specifying Assembly Permission Requirements
Use of Assert
Demands and Link Demands
Limiting Who Uses Your Code
XML and Configuration Files
Partial Trust Assemblies
Issues with Delegates
Issues with Serialization
The Role of Isolated Storage
Tracing and Debugging
General Good Practices

Security Testing

The Role of the Security Tester
Building Security Test Plans from a Threat Model
Testing Clients with Rogue Servers
Determining Attack Surface
Performing a Security Code Review

Secure Software Installation

Principle of Least Privilege
Using the Security Configuration Editor
Low-Level Security APIs

Building Privacy into Your Application

Malicious vs. Annoying Invasions of Privacy
Major Privacy Legislation
Privacy vs. Security
Building a Privacy Infrastructure
Designing Privacy-Aware Applications

Writing Security Documentation and Error Messages

Security Issues in Documentation
Security Issues in Error Messages
Information Disclosure Issues
Security Usability

TRUSTED IT TRAINING - SINCE 1995

RELEVANT COURSE CONTENT

EXPERT TUITION - SMALL CLASSES

ONSITE & CUSTOMISED COURSES