TimeOpen To Your Scheduling Needs
Securing .NET Applications
When creating .NET applications for the web, mobile, or desktop, developers must design and use the best practices for security with the same emphasis as used with maintainability, usability, and performance. Like a chain, software is only as strong as its weakest link. No software can or should ever be considered 100% secure but it can always be made more secure. Today, as security experts discover and report the latest most common attacks to educate the industry, hackers are also learning about them and developing tools to use them for ill-gotten gains against our hardware and software.
This three-day .NET security course teaches .NET developers how to design and develop their code to prevent attacks from today’s most common exploits used by hackers. This course covers the most common versions of .NET including the .NET framework, .NET Standard, and .NET Core. With these frameworks, it covers creating ASP.NET web applications, class libraries, desktop applications, mobile applications, Web/REST services, and single pages applications (SPAs).
This course teaches developers how to write .NET software that defends against the latest threats outlined in OWASP’s top 10 threats and CWE/SANS top 25 most dangerous software errors. It also covers all the current PCI DSS 3.2.1 6.x standard requirements.
- Think like a hacker
- Client side vs. Server side
- Red Team and Blue Team
- Limit your attack surface
- Internal and External security
- Authentication and Authorization
- Securing privileged access – Client to Database
- Where’s the source code stored?
- OWASP Top Ten List
- Get a Certified Ethical Hacker (CEH)
- Stay current!
- Cryptography – Symmetric, Asymmetric, and hashing
- Debug, Release, Custom
- Borrowing and stealing software
- Reflection tools
- Linting tools
Securing ASP.NET – Server Side
- Web Forms vs. MVC
- When to Encode
- Validating user data
- Sanitizing user data
- Only expose what you need to expose
- ASP.NET Security configuration
Securing ASP.NET – Client-Side
- Forms of Cross-Site Scripting (XSS)
- Microsoft Anti-XSS Library
- Cross-Site Request Forgery (CSRF)
Securing Web API REST and Web Services
- Publishing end points