Secure Coding for .NET Training
Learn how to develop Secure .NET applications. This boot camp is designed for ASP.NET and C# developers that require effective, real-world, secure programming skills they can implement immediately at the workplace.
Learn secure .NET coding
- 100% Satisfaction Guarantee
- Three days live, expert .NET instruction (live online or in-person)
- Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Training overview
This comprehensive three-day Secure Coding for .NET (ASP.NET/C#/VB.NET) Boot Camp is designed to educate professional programmers on the skills necessary to develop and deploy secure applications. You will learn about potential security issues through concrete, hands-on examples of vulnerable code.
You’ll learn which poor programming practices lead to vulnerable code, how to code securely and how to maintain secure development practices throughout the development life cycle. You’ll sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing and securing real-world applications. You’ll also be given the opportunity to participate in securing and testing applications through a progression of “challenge scenarios” alternating assignments as “attackers” and “defenders” of applications.
What you’ll learn
This boot camp teaches you how poor security practices leave applications open to attack and how to implement the necessary tools, techniques and best practices to write code in a secure manner. It will help develop your knowledge and skills around:
- Common web application exposures and attacks
- Compliance for the OWASP Top 10 training component in the PCI DSS standard
- Static analysis techniques for quickly finding web application flaws
- Secure use of C#/VB.NET API
- How to code defensively and perform proper input validation
Who should attend
- NET application developers
- C# programmers
- ASP.NET developers
- Managers, architects and technologists involved in deploying .NET applications
- Anyone interested in learning more about secure .NET coding
Prerequisites
Roughly 12-24 months of experience working with .NET applications is recommended. You should have an understanding of web applications, web programming concepts and experience building web applications using the .NET Framework. A basic understanding of IT security principles is recommended but not required.
Get training resources sent to your inbox
Skill up on your schedule
Infosec Skills boot camp
- 100% Satisfaction Guarantee
- 3 days live, expert .NET instruction (live online or in-person)
- 90-day access to recordings of daily lessons
- 100s of additional hands-on courses and labs
- Knowledge Transfer Guarantee
Infosec Skills
- On-demand .NET training
- 500+ practice exam questions & unlimited practice exam attempts
- 80+ role-based learning paths (Ethical Hacking, PHP, etc.)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Infosec peer community support
- 1,000s of CPE opportunities
.NET training schedule
Infosec’s .NET training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Course introduction
- Web application environment and components
- General web application security concepts
- .NET framework security features
Input validation and encoding
- Input-driven attacks
- Validation best practices
- Output encoding
Authentication, authorization and session management
- Common authentication weaknesses
- Authorization best practices
- Controlling application access
- Password security
- Session hijacking and trapping
- Protecting user sessions and tokens
- Canonicalization problems
- Parameter manipulation
Encryption, confidentiality and data protection
- Cookie-based attacks
- Protecting application variables
- Cache control issues
- SSL best practices
- Protecting usernames, passwords and personally identifiable information
- Common cryptography pitfalls
Data access
- Secure database programming
- Database permissions best practices
- Parameterized queries
- Common stored procedure flaws
Error handling and logging
- Attacking via error messages
- Secure logging and error handling
Server configuration and code management
- Common web and app server mis-configurations
- Common database server mis-configurations
- Protecting application code
XML web services
- Overview of WSDL, SOAP and AJAX
- Web service attacks
- AJAX pitfalls
- Web service best practices
Application threat modeling
- Threat modeling concepts
- Application context
- Identifying attacks, vulnerabilities and countermeasures
- Threat modeling tools
Practical security testing techniques for developers
- Useful web application assessment tools
- Determining the severity of vulnerabilities
- Dealing with time constraints
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to learn.
-