Secure Coding Techniques using .NET - SCT


During 5-day instructor-led training you will learn and practice all important .NET security features (with special focus on web applications), ways of hacking applications and reviewing the code with security in mind. We will start by talking about security as a process –covering most important aspects of latest Microsoft SDL guidance, tools, architecture and design practices. Then we will go through everything that each .NET developer needs to know about secure coding practiceswith newest tools and services (Visual Studio 2017, TFS 2018 or Azure DevOps).

We will spend most of our time talking about securing ASP.NET applications and issues frequently observed. You will learn about OWASP TOP 10 –most critical web application security vulnerabilities, see them in practice (in ASP.NET) and mitigate the risks. We will see how to hack web applications by using various techniques and learn how to prevent those risks. You will learn about the latest version of ASP.NET Identity –modern framework for securing ASP.NET applications. We will cover fundamentals of ASP.NET Web API and see modern ways of protecting them by OAUTH 2, OpenID and claims-based authentication. At the end you will see how to put all the knowledge in practice to conduct code reviews.After finishing the course, attendees will be up-to date with the latest security techniques used in .NET applications and will be able to conduct .NET application code reviews by themselves.

error_outline Wichtige Information

Dieses Seminar wird in ENGLISCH gehalten!

expand_more chevron_right Zielgruppe

Ideal candidate for this course:
  • Enterprise administrators
  • infrastructure architects
  • security professionals
  • systems engineers
  • network administrators
  • IT professionals
  • security consultants
  • other people responsible for implementing network and perimeter security

    expand_more chevron_right Vorkenntnisse

    The following knowledge is recommended for this seminar:
    • To attend this training, you should have a good hands-on experience in administering Windows infrastructure
    • At least 8 years in the field is recommended

    expand_more chevron_right Detail-Inhalte

    Module 1: Security as a process
    • Microsoft Security Development Lifecycle fundamentals (v 5.2)
    • Threat modeling

    Module 2: .NET Security Features
    • Code Access Security and other security features in .NET 4.7
    • Security features of .Net Core
    • Encryption
    • Protecting data
    • Obfuscation
    • Secure coding guidelines

    Module 3:General web application security issues
    • OWASP Top 10 by example
    • Hacking your web application

    Module 4: SQL Security
    • SQL Server security features
    • Security and encryption in SQL Server 2017

    Module 5: ASP.NET Security Features
    • ASP.NET MVC security
    • Web Forms security
    • ASP.NET Identity

    Module 6: Securing Web APIs
    • ASP.NET Web API 2 fundamentals, OWIN Exploit Guard (ASR)
    • Web API Security
    • OAUTH 2, OpenID Connect

    Module 7: Secure Web API Clients
    • Fundamentals and security of AngularJS applications
    • Mobile applications security
    • OAUTH 2, OpenID Connect

    Module 8: Code reviews
    • Conducting a code review -in practice
    • Security checklists
    • Code reviews -lessons learned
    • Working with Azure DevOps


      Durch Angabe Ihrer E-Mail-Adresse und Anklicken des Buttons „Newsletter abonnieren“ erklären Sie sich damit einverstanden, dass ETC Ihnen regelmäßig Informationen zu IT Seminaren und weiteren Trainings- und Weiterbildungsthemen zusendet. Die Einwilligung kann jederzeit bei ETC widerrufen werden.

    Ähnliche Seminare