Knowledge United

Leverage the Power of Learning
Services - Knowledge United Promo.
 
 
Free Webinar on Demand: Preserve Training on Reduced Budgets
 
Virtual Training Spotlight
 
SmartPoints from Knowledge United
 
Onsite Training from Knowledge United
 
Save Time and Money With The Universal Learning Pack
 
Contact Knowledge United
Toll Free: 888-448-5669
International: 951-436-9140
contact@knowledgeunited.com
 
 

Secure .Net Application Development

Enroll Now

Dates: January 21-23, 2009
Times: 10am-5pm EST
Course Length: 3 days
List Tuition (US): $1,800
Special Rate (US): $1,395

Course Overview

Students who attend Secure .Net Application Development will leave the course armed with the required skills to recognize software vulnerabilities (actual and potential) and implement defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software.

The concept and process of Threat Risk Modeling is introduced as a key enabler for implementing effective and appropriate security for software and information assets. This course includes coverage of the many security-related technologies and APIs that exist in the .Net world.

What You'll Learn

At the conclusion of the course, attendees will be able to:

  • Understand the concepts and terminology behind defensive coding
  • Understand and use Threat Risk Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Learn the entire spectrum of threats and attacks that take place against software applications in today's world
  • Use Threat Risk Modeling to identify potential vulnerabilities in a real life case study
  • Perform both static code reviews and dynamic application testing to uncover vulnerabilities in .Net applications
  • Understand the vulnerabilities of the .Net programming language and the runtime environment as well as how to harden both
  • Understand and work with .Net platform security to gain an appreciation for what is protected and how
  • Use .Net for both authentication and authorization
  • Understand the basics of .Net Cryptography and Encryption and where they fit in the overall security picture
  • Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena
  • Understand and implement the processes and measures associated with the security development lifecycle (SDL)
  • Acquire the skills, tools, and best practices for design and code reviews as well as testing initiatives
  • Understand the basics of security testing and planning
  • Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses

Who Should Attend

This is an intermediate level .Net course, designed for developers who wish to get up and running on developing well defended software applications. This course may be customized to suit your team's unique objectives. Familiarity with .Net and object-oriented technologies is required, and real world programming experience is highly recommended.

Course Outline

Session: Defensive Coding Overview

  • Security Concepts
  • Principles of Defensive Coding
    • Security is Lifecycle Process
    • Defense in Depth
    • Attack Surface Management: Default to Security
    • Compartmentalize
    • Consider all Application States
    • Do Not Trust the Untrusted
    • No Security Through Obscurity
    • Security Defect Mitigation
    • Leverage Experience
  • Security Risk Modeling
  • Risk Modeling of Case Study

Session: Vulnerabilities

  • Security Attacks
  • Information Attacks
  • System Attacks
  • Data Attacks

Session: .Net Security Fundamentals

  • Perimeter Defenses
  • .Net Security Architecture
  • Runtime Defenses
  • Extending the defenses

Session: Cryptography Overview

  • Cryptography defined
  • Strong Encryption
  • Ciphers and algorithms
  • Message digests
  • Keys and key management
  • Types of keys
  • Key management in .Net
  • Certificate management in .Net
  • Encryption/Decryption

Session: User-Based .Net Security

  • Overview
  • Authentication
  • Extending Authentication
  • Authorization

Session: Network Security

  • SSL Support
  • HTTPS
  • GSS
  • SASL protocols

Session: Code Level Security Best Practices

  • What .Net security provides for
  • Preventing remote hacking
  • Preventing accessing of restricted resources
  • Retaining credibility with .Net code

Session: Enterprise Security

  • .Net security in enterprise context
  • Role-based authentication
  • Pattern-based authentication

Session: Defending XML Processing

  • Defending XML
    • Understanding common attacks and how to defend
    • Operating in safe mode
    • Using standards-based security
    • XML-aware security infrastructure
  • Defending Web Services
    • Security exposures
    • Transport-level security
    • Message-level security
    • WS-Security
    • Attacks and defenses
  • Defending Ajax
    • Ajax Security exposures
    • Attack surface changes
    • Injection threats and concerns
    • Effective defenses and practices

Session: Security Development Lifecycle (SDL)

  • SDL Process Overview
  • Applying processes and practices
  • Risk Analysis

Session: Security Testing

  • Testing tools and processes
    • Principles
    • Reviews
    • Testing
    • Tools
  • Testing Practices
    • Authentication Testing
    • Session Management Testing
    • Data Validation Testing
    • Denial of Service Testing
    • Web Services Testing
    • Ajax Testing
 

©2003-2008 Knowledge United, Inc. • All Rights Reserved  • Legal InfoPrivacy PolicySite Map