Students in this course will acquire knowledge in the following areas:
- .Net framework security features and various secure coding principles
- .Net framework run time security model, role-based security, code access security (CAS), and class libraries security
- Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
- Defensive techniques against session attacks, cookie security, and View State security
- Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
- Defensive techniques against path traversal attacks and defensive techniques against canonicalization attack and file ACLs
- Mitigating vulnerabilities in machine config files, mitigating the vulnerabilities in app config files, and security code review approaches
- The importance of secure programmers and certified secure programmers, the career path of secure programmers, and the essential skill set of secure programmers
Module 01: Introduction to .NET Application Security
Module 02: .NET Framework Security
Module 03: Input Validation and Output Encoding
Module 04: .NET Authorization and Authentication
Module 05: Secure Session and State Management
Module 06: .NET Cryptography
Module 07: .NET Error Handling, Auditing, and Logging
Module 08: .NET Secure File Handling
Module 09: .NET Configuration Management and Secure Code Review