Secure Coding in Net
Graded: Secure Coding in Net
1 Question

Secure Coding in Net

About this course

Secure Coding in Net

Instructor:Fabio Cerullo
Next Scheduled Course:



The .NET framework provides unprecedented flexibility and productivity to web application developers. Many applications allow access to critical and confidential resources and this has made them popular targets for attack. Application developers are responsible for understanding the limitations of the .NET framework and adopting best practices to ensure that their code is secure.

About this course


This course aims to provide the knowledge and resources required to improve the security of Web applications developed using the .NET Framework. This course is designed to educate developers on the skills necessary to build and deploy secure .NET applications following a Secure Development Lifecycle (SDL) process.

It is recommended that participants on the Web Application Secure Coding in .Net have completed the Web Application Security Essentials course. Please see “Related Training” below.


The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.

The topics covered include:

  • General Web Application Security Concepts
  • .NET Framework Security Features
  • Identify security vulnerabilities in code (OWASP Top 10, SANS 25)
  • Implement Security Controls
  • Authentication
  • Session Management
  • Access control
  • Input validation
  • Output encoding/escaping
  • Cryptography
  • Error handling and logging
  • Data Protection
  • HTTP security
  •  Incorporate security into the development process

Format: The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a purposely-developed .Net application and fix them using secure coding best practices. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.

Duration: 1 day (8 hours)

Attendee Profile

The course is designed for:

• Software Developers
• Quality Assurance professionals
• System Architects
• Information Security Professionals

  • Printed materials
  • Virtual image containing all tools used
  • Certificate of Participation (CPE Points)
Related Training
  • The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended.
  • The Web Application Secure Coding in Java course is designed to instruct participants on best practices in secure coding using Java.
  • The ISC2 Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.

Course Curriculum

Graded: Secure Coding in Net
1 Question

User registration

You don't have permission to register

Reset password