Introduction to Application Security for .NET
Course Format: Instructor-led
Course Duration: 2 days
Course Description: Introduction to Application Security for .NET provides developers with a comprehensive look at developing secure web applications using the ASP.NET platform. Students are first led through the basics of secure application development to provide a fundamental understanding of the security implications of systems they are building. Then they are led through a number of interactive exercises where they attack a flawed web application. The implications of insecure coding and design practices are explained, and more secure practices, rooted in the .NET platform, are presented and discussed. The course is targeted toward software architects, developers and quality assurance personnel building software with the .NET platform as well as security professionals who want an in-depth understanding of threats to web-based applications.
Schedule
Day 1
- Basic Security Principles
- Elements of a Secure Design
Authentication, Authorization and Data Confidentiality and Integrity - Threat Modeling
- Web Proxy Introduction
- Overview of Secure Session Management
Day 2
- OWASP Top 10 Review
- Unvalidated Input
- Broken Access Control
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Buffer Overflows
- Injection Flaws
- Improper Error Handling
- Insecure Storage
- Denial of Service
- Insecure Configuration Management
- Deployment Configuration
For more information on this course, or to request training on another topic, contact Denim Group.