Back to course catalog

Secure Application Development in .NET

  • CL-ANN
  • 5 days
  • C#/.NET/ASP.NET

Description

The goal of the course is to prepare students for secure web application development. During the course we look at the basic concepts of software security, how the most common attacks are carried out and how can they be prevented. The possible defensive mechanisms are discussed not only in theory but are also implemented in practice so it can be discussed in detail how they work related to software security.

Participants attending this course will

  • Be able to prevent the most common attacks on web applications
  • Be able to harden their applications through proper input validation
  • Know the difference between authentication and authorization and which one to use
  • Learn about various cryptographic primitives and how to use them
  • Test applications statically and dynamically

Outline

  • Introduction
  • Input validation
  • Authentication and authorization
  • Cookie handling, HSTS
  • Basics of cryptography
  • Secure session handling
  • Error handling best practices
  • Introduction to static and dynamic application security testing
Inquiry Course page in PDF

Course information

Preparedness

Strong C# and .NET knowledge

Exercises

Hands-on

Delivery methods

Onsite / Virtual classroom

Course reviews

Trainer was very engaged into the process and did really well. Also liked the practical part on vms, and practical use cases.

November 2023, Virtual, CEE

The trainer was very knowledgeable of real world events, explaining how and why they occurred.

July 2021, Virtual, UK

I liked that we had actual code examples to practice with and the teacher was good.

November 2020, Virtual, UK

View all reviews

Related courses

Table of contents

  • Day 1
  • Day 2
  • Day 3
  • Day 4
  • Day 5
  • Introduction
    • Application security in software development, common attacks, threats
      • Secure application development
        • Software security mdoels, frameworks, standards
          • Microsoft Security Development Lifecycle (MSDL)
          • Input validation
            • General practices
              • ASP.NET Core validation
                • SQL Injection attacks
                  • XSS, content security policy
                  • Authentication and authorization
                    • ASP.NET Core Identity Framework
                      • Structure of the framework
                        • Custom user database
                          • External authentication
                          • IdentityServer
                            • Role-based authorization
                              • Claims-based authorization
                              • Cookie handling, HSTS
                                • Basics of cryptography
                                  • Basic methods
                                    • Hashing
                                      • Digital signatures, certificates
                                      • Secure session handling
                                        • Error handling best practices
                                          • Introduction to static and dynamic application security testing

                                            Get more information

                                            Send inquiry
                                            Sending...