Boot Camp

Secure Coding for .NET Training Boot Camp

Learn how to develop Secure .NET applications. This boot camp is designed for ASP.NET and C# developers that require effective, real-world, secure programming skills they can implement immediately at the workplace.

4.6 (28 ratings)

Everything you need to earn your certification

  • 1-Year access to all boot camp video replays and materials
  • 100% Satisfaction Guarantee
  • Free annual Infosec Skills subscription ($299 value!)
  • Hands-on cyber ranges and labs
  • Knowledge Transfer Guarantee
Wistia video thumbnail

What you'll learn

Training overview

This comprehensive three-day Secure Coding for .NET (ASP.NET/C#/VB.NET) Boot Camp is designed to educate professional programmers on the skills necessary to develop and deploy secure applications. You will learn about potential security issues through concrete, hands-on examples of vulnerable code.

You’ll learn which poor programming practices lead to vulnerable code, how to code securely and how to maintain secure development practices throughout the development life cycle. You’ll sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing and securing real-world applications. You’ll also be given the opportunity to participate in securing and testing applications through a progression of “challenge scenarios” alternating assignments as “attackers” and “defenders” of applications.

Before your boot camp

Prerequisites

Roughly 12-24 months of experience working with .NET applications is recommended. You should have an understanding of web applications, web programming concepts and experience building web applications using the .NET Framework. A basic understanding of IT security principles is recommended but not required.

    Syllabus

  • Day 1
    • Course introduction

      • Web application environment and components
      • General web application security concepts
      • .NET framework security features

      Input validation and encoding

      • Input-driven attacks
      • Validation best practices
      • Output encoding

      Authentication, authorization and session management

      • Common authentication weaknesses
      • Authorization best practices
      • Controlling application access
      • Password security
      • Session hijacking and trapping
      • Protecting user sessions and tokens
      • Canonicalization problems
      • Parameter manipulation
  • Day 2
    • Encryption, confidentiality and data protection

      • Cookie-based attacks
      • Protecting application variables
      • Cache control issues
      • SSL best practices
      • Protecting usernames, passwords and personally identifiable information
      • Common cryptography pitfalls

      Data access

      • Secure database programming
      • Database permissions best practices
      • Parameterized queries
      • Common stored procedure flaws

      Error handling and logging

      • Attacking via error messages
      • Secure logging and error handling

      Server configuration and code management

      • Common web and app server mis-configurations
      • Common database server mis-configurations
      • Protecting application code
  • Day 3
    • XML web services

      • Overview of WSDL, SOAP and AJAX
      • Web service attacks
      • AJAX pitfalls
      • Web service best practices

      Application threat modeling

      • Threat modeling concepts
      • Application context
      • Identifying attacks, vulnerabilities and countermeasures
      • Threat modeling tools

      Practical security testing techniques for developers

      • Useful web application assessment tools
      • Determining the severity of vulnerabilities
      • Dealing with time constraints

Syllabus

Training schedule

Guaranteed results

Our boot camp guarantees

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Enroll in a boot camp

  • May 31, 2023 - June 2, 2023

    Online only

  • August 9, 2023 - August 11, 2023

    Online only

  • October 4, 2023 - October 6, 2023

    Online only