AquinasTraining.co.uk - training courses. Home  -  FAQ  -  Corporate Plans

Secure coding with .NET

NET0060      Course duration (days): 3
Talk to a Training Advisor
Tel. 0800 652 0202
Availability
Schedule available upon request within 24 hours.
Need help? Contact us now.

About this class

This course will provide delegates with a sound understanding of modern day requirements for building secure applications from the ground up.

Version 2.0 of the .NET Framework is the latest incarnation Microsoft's Enterprise platform for Windows application programming and distributable web services.

  • ASP.NET 2.0 will see more than 40 new server-side controls and many new pieces of web infrastructure.
  • .NET applications and web services can be deployed to, and used by, many platforms from desktop to mobile. One of the main features of .NET is support for multiple programming languages, particularly C# (C Sharp) and VB.NET.

Who will the lesson benefit?

Developers who need to ensure their applications are as safe as possible by developing and testing robust, secure code

What prerequisites are required

HTML, and experience of programming in a fully compiled language such as VB.

What delegates will learn

At the end of this course delegates will be able to:

  • Security Principles
  • SD3
  • A rich list of security techniques
  • Writing secure .net code
  • How to test security
  • How to build privacy into you application
  • How to secure installations
  • How to write secure documentation and error messages.

Contents of this class

Security Overview

  • The Need for Secure Systems
  • Trustworthy Computing
  • Proactive Security Development
  • SD 3 : Secure by Design, by Default, and in Deployment
  • Security Principles
  • Threat Modelling

Security Techniques

  • Preventing Buffer Overruns
  • Determining Appropriate Access Control
  • Running with Least Privilege
  • Cryptographic Techniques
  • Protecting Secret Data
  • Guarding against Input
  • Canonical Representation Issues
  • Database Input Issues
  • Web-Specific Input Issues
  • Internationalization Issues
  • Socket Security
  • Securing RPC, ActiveX Controls, and DCOM
  • Protecting Against Denial of Service Attacks

Writing Secure .NET Code

  • Code Access Security Overview
  • Using FxCop
  • Strong-Named Assemblies
  • Specifying Assembly Permission Requirements
  • Use of Assert
  • Demands and Link Demands
  • Limiting Who Uses Your Code
  • XML and Configuration Files
  • Partial Trust Assemblies
  • Issues with Delegates
  • Issues with Serialization
  • The Role of Isolated Storage
  • Tracing and Debugging
  • General Good Practices

Security Testing

  • The Role of the Security Tester
  • Building Security Test Plans from a Threat Model
  • Testing Clients with Rogue Servers
  • Determining Attack Surface
  • Performing a Security Code Review

Secure Software Installation

  • Principle of Least Privilege
  • Using the Security Configuration Editor
  • Low-Level Security APIs

    • Building Privacy into Your Application

    • Malicious vs. Annoying Invasions of Privacy
    • Major Privacy Legislation
    • Privacy vs. Security
    • Building a Privacy Infrastructure
    • Designing Privacy-Aware Applications

    Writing Security Documentation and Error Messages

    • Security Issues in Documentation
    • Security Issues in Error Messages
    • Information Disclosure Issues
    • Security Usability
    (C) AquinasTraining.co.uk - Contact Us