Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Writing Secure .NET Code – SS203
This technical course covers a wide range of application security topics related to .NET applications. During this hands-on course, students will examine actual .NET code, tools, and other resources that help them understand how hackers think, the techniques they use to attack their applications and the best countermeasures they can use to mitigate the risk of those attacks.
Target Audience § .NET Software Developers § Technical Leads § Software Architects
Course Requirements & Prerequisites § Application Security Fundamentals – SS101 § Intermediate to expert understanding of the web as well as the HTTP protocol. § Intermediate to expert experience with web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support
Writing Secure .NET Code SS-203
“My entire development had taken software security training from Sherif. The training provided very practical guidance on how to write secured software catered in the programming language we requested.
We had already made some changes based on what we learned.” Tongfeng Zhang - CIRA
2 Days Course
Writing Secure .NET Code – SS203
Course Contents § Introduction § Attacking & Securing Data Storages:
o SQL Injection o XML Injection o XPath Injection o Parameterization in .NET o Secure Stored Proc Usage
§ Attacking & Securing OS Calls o Path manipulation o Secure File Upload o Command Injection o Secure OS system calls
§ Attacking & Securing User Input o The 6 contexts of cross-site scripting o Whitelisting vs. blacklisting o Using Validators in .NET
§ Attacking & Securing Authentication and Authorization o Designing secure authentication process o Designing secure authorization process o Using .NET framework to secure authentication and authorization
§ Attacking & securing the software security supply chain § Exploiting & preventing cross-site request forgery using the synchronizer pattern § Attacking & securing direct object reference using indirect reference maps § Implementing secure cryptography § Securing the transport layer § Exception management and error handling § Securing redirect and forwards § Overview of a secure software development lifecycle. § Quick overview of effective security code review techniques. § Conclusion and closeout remarks