Course essentials
Boot camp at a glance
-
Method
Online, in-person, team onsite
-
Duration
3 days
-
Experience
1-3 years
What you'll learn
Training overview
This comprehensive three-day Secure Coding for .NET (ASP.NET/C#/VB.NET) Boot Camp is designed to educate professional programmers on the skills necessary to develop and deploy secure applications. You will learn about potential security issues through concrete, hands-on examples of vulnerable code.
You’ll learn which poor programming practices lead to vulnerable code, how to code securely and how to maintain secure development practices throughout the development life cycle. You’ll sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing and securing real-world applications. You’ll also be given the opportunity to participate in securing and testing applications through a progression of “challenge scenarios” alternating assignments as “attackers” and “defenders” of applications.
Award-winning training you can trust
What's included
Everything you need to know
- 90-day extended access to Boot Camp components, including class recordings
- 100% Satisfaction Guarantee
- Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
- Hands-on cyber ranges and labs
- Knowledge Transfer Guarantee
Before your boot camp
Prerequisites
Prior to enrolling in the Secure Coding for .NET Training Boot Camp, you must have:
- Roughly 12-24 months of experience working with .NET applications (recommended)
- An understanding of web applications, web programming concepts and experience building web applications using the .NET Framework
- A basic understanding of IT security principles (recommended)
Syllabus
Training schedule
Day 1
Course introduction
- Web application environment and components
- General web application security concepts
- .NET framework security features
Input validation and encoding
- Input-driven attacks
- Validation best practices
- Output encoding
Authentication, authorization and session management
- Common authentication weaknesses
- Authorization best practices
- Controlling application access
- Password security
- Session hijacking and trapping
- Protecting user sessions and tokens
- Canonicalization problems
- Parameter manipulation
Day 2
Encryption, confidentiality and data protection
- Cookie-based attacks
- Protecting application variables
- Cache control issues
- SSL best practices
- Protecting usernames, passwords and personally identifiable information
- Common cryptography pitfalls
Data access
- Secure database programming
- Database permissions best practices
- Parameterized queries
- Common stored procedure flaws
Error handling and logging
- Attacking via error messages
- Secure logging and error handling
Server configuration and code management
- Common web and app server mis-configurations
- Common database server mis-configurations
- Protecting application code
Day 3
XML web services
- Overview of WSDL, SOAP and AJAX
- Web service attacks
- AJAX pitfalls
- Web service best practices
Application threat modeling
- Threat modeling concepts
- Application context
- Identifying attacks, vulnerabilities and countermeasures
- Threat modeling tools
Practical security testing techniques for developers
- Useful web application assessment tools
- Determining the severity of vulnerabilities
- Dealing with time constraints
Guaranteed results
Our boot camp guarantees
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Unlock team training discounts
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.
You're in good company
The instructor was able to take material that prior to the class had made no sense, and explained it in real world scenarios that were able to be understood.
Erik Heiss, United States Air Force
I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.
Michelle Jemmott, Pentagon
The course was extremely helpful and provided exactly what we needed to know in order to successfully navigate the exam. Without this I am not confident I would have passed.
Robert Caldwell, Salient Federal Solutions
Enroll in a boot camp
Explore our top boot camps
More learning opportunities
-
Most popularBoot camp
CompTIA Security+ Training Boot Camp
Infosec’s CompTIA Security+ Boot Camp teaches you information security theory and reinforces that theory with hands-on exercises to help you learn by doing. You’ll learn how to configure and operate many different technical security controls — and leave prepared to pass your Security+ exam.
Learn More
-
#1 FOR BEGINNERSBoot camp
Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification
Infosec’s authorized CCNA Dual Certification Boot Camp helps you build your knowledge of networking and provides hands-on experience installing, configuring and operating network devices — all while preparing you to earn two Cisco certifications.
Learn More
-
Most requestedBoot camp
(ISC)² CISSP® Certification Training and Boot Camp
Take your career to the next level by earning one of the most in-demand cybersecurity certifications. Infosec’s CISSP training provides a proven method for mastering the broad range of knowledge required to become a Certified Information Systems Security Professional.
Learn More