Everything you need to earn your certification
- 1-Year access to all boot camp video replays and materials
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($299 value!)
- Hands-on cyber ranges and labs
- Knowledge Transfer Guarantee
What you'll learn
Training overview
This comprehensive three-day Secure Coding for .NET (ASP.NET/C#/VB.NET) Boot Camp is designed to educate professional programmers on the skills necessary to develop and deploy secure applications. You will learn about potential security issues through concrete, hands-on examples of vulnerable code.
You’ll learn which poor programming practices lead to vulnerable code, how to code securely and how to maintain secure development practices throughout the development life cycle. You’ll sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing and securing real-world applications. You’ll also be given the opportunity to participate in securing and testing applications through a progression of “challenge scenarios” alternating assignments as “attackers” and “defenders” of applications.
Before your boot camp
Prerequisites
Roughly 12-24 months of experience working with .NET applications is recommended. You should have an understanding of web applications, web programming concepts and experience building web applications using the .NET Framework. A basic understanding of IT security principles is recommended but not required.
-
Day 1
-
Course introduction
- Web application environment and components
- General web application security concepts
- .NET framework security features
Input validation and encoding
- Input-driven attacks
- Validation best practices
- Output encoding
Authentication, authorization and session management
- Common authentication weaknesses
- Authorization best practices
- Controlling application access
- Password security
- Session hijacking and trapping
- Protecting user sessions and tokens
- Canonicalization problems
- Parameter manipulation
-
-
Day 2
-
Encryption, confidentiality and data protection
- Cookie-based attacks
- Protecting application variables
- Cache control issues
- SSL best practices
- Protecting usernames, passwords and personally identifiable information
- Common cryptography pitfalls
Data access
- Secure database programming
- Database permissions best practices
- Parameterized queries
- Common stored procedure flaws
Error handling and logging
- Attacking via error messages
- Secure logging and error handling
Server configuration and code management
- Common web and app server mis-configurations
- Common database server mis-configurations
- Protecting application code
-
-
Day 3
-
XML web services
- Overview of WSDL, SOAP and AJAX
- Web service attacks
- AJAX pitfalls
- Web service best practices
Application threat modeling
- Threat modeling concepts
- Application context
- Identifying attacks, vulnerabilities and countermeasures
- Threat modeling tools
Practical security testing techniques for developers
- Useful web application assessment tools
- Determining the severity of vulnerabilities
- Dealing with time constraints
-
Syllabus
Syllabus
Training schedule
Guaranteed results
Our boot camp guarantees
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Unlock team training discounts
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.
