Writing Secure Code - ASP.NET (C#) Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

In Writing Secure Code - ASP.NET (C#) training course, you will gain an understanding of the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. You will work through hands-on code examples that highlight issues and prescribe solutions. You will also cover both the current version of the .NET framework and relevant security features in the .NET updates.

Upon completion of Writing Secure Code - ASP.NET (C#) workshop, delegates will learn:

The process and techniques of writing secure code
Effective authentication and authorization techniques
The most frequent web application vulnerabilities and how to avoid them
Secure user management systems
Data validation strategies
Effective error handling and exceptions management
Software security testing techniques

A comprehensive knowledge of the .NET framework, the C# language, and web technology is required.

This Writing Secure Code - ASP.NET (C#) class is for professional software developers or software security auditors who have been working with the .NET framework and developing ASP.NET web application using C# code for at least one year.

.NET Platform Security

.NET Language Security Features
Strong Name Signing
.NET Common Language Runtime (CLR) Security Mechanisms
Code Access Security (CAS)

Advanced .NET Security

Concepts
Partial Trust ASP.NET
Code Access Security
Microsoft Windows CardSpace

Cryptography

.NET System Cryptography Namespace
Common Cryptographic Mistakes
Other Cryptographic Features in .NET
.NET Algorithm Recommendations

Authentication

ASP.NET Authentication
Forms Authentication
Windows Authentication/Kerberos
Code Signing (Authenticate)
Impersonation and Delegation

User Management

Password Storage and Quality
Account Lockout Schemes
Strategies for Password Reset
Membership API

Authorization

Access Control Models
Session Management
Common Authorization Flaws
Role Manager
ASP.NET/IIS Authorization

Data Validation

Input and Output Validation
Regular Expressions
SQL Injection, Cross-Site Scripting (XSS), and Other Attacks
Data Validation Controls and Libraries
Preventing Validation Attacks
Canonicalization Issues

Client-Side Security

Client-Side Security Mistakes
Licensing Schemes
Security Objectives for Thick Clients
Secure Code Protection
Reverse Engineering
Code Access Security on the Client
Byte Code Manipulation
Secure Design Patterns

Security Testing

White Box Techniques
Black Box Techniques
Unit Testing

Web Services

Web Services Risks
Web Service Attacks
Web Service Defense Techniques
Survey of Security Technologies
Windows Communication Foundation
Web Services Security Patterns

Error Handling and Exception Management

Exception Handling Patterns and Anti-Patterns
ASP.NET Exception Frameworks
Best Practices for Handling User Errors

Logging and Auditing

Common Mistakes with Logging
Logging Best Practices

Secure Code Review

Threat Modeling
Secure Code Review Methodology
Manual Code Review
Automated Code Scanning Tools
Practical Strategies for Conducting Code Reviews

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

Writing Secure Code - ASP.NET (C#)

COURSE AGENDA

Introduction