Secure Coding in .Net
About this course
Secure Coding in .Net
.NET provides unprecedented flexibility and productivity to web application developers. Many applications allow access to critical and confidential resources and this has made them popular targets for attack. Application developers are responsible for understanding the limitations of .NET and adopting best practices to ensure that their code is secure.
About this course
Objectives
This course aims to provide the knowledge and resources required to improve the security of Web applications developed using .NET. This course is designed to educate developers on the skills necessary to build and deploy secure .NET applications following a Secure Development Lifecycle (SDL) process.
It is recommended that participants on the Web Application Secure Coding in .Net have completed the Web Application Security Essentials course. Please see “Related Training” below.
Overview
The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
- General Web Application Security Concepts
- .NET Security Features
- Identify security risks in code (OWASP Top 10)
- Implement Security Controls:
- Authentication
- Session Management
- Access control
- Input validation
- Output encoding/escaping
- Cryptography
- Error handling and logging
- Secrets Management
- Cross Origin Resource Sharing (CORS)
- Data Protection
- HTTP security
- Incorporate security into the development process
Format: The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a purposely-developed .Net application and fix them using secure coding best practices. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.
Duration: 1 day (8 hours)
Attendee Profile
The course is designed for:
• Software Developers
• Quality Assurance professionals
• System Architects
• Information Security Professionals
Materials
- Certificate of Participation (CPE Points)
- Course materials. Available in digital format in the Cycubix Academy eLearning tool.
- Access to Lab platform for hands on-real life scenarios exercises.
Related Training
- The Java Secure Coding Training course is designed to instruct participants on best practices in secure coding using Java.
- The ISC2 Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about our CSSLP training
- The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. Learn more about our Web Application Security Training
- The Threat Modeling course provides attendees with the knowledge to identify applicable threats, quantify them, and address the risk with effective countermeasures to mitigate any attack – at the design stage of the SDL. Learn more about our Threat Modeling training
- The Secure Coding for PCI DSS course provides attendees specific knowledge and skills to apply the secure coding and application security standards needed for PCI DSS–relevant applications that process card payments and/or cardholder data. Learn more about our Secure Coding for PCI DSS training
Course Curriculum