Certified C# and Web application security
Osallistumismuoto
Remote
Kesto
3 päivää
Hinta
4663 €
Target Group
This comprehensive three-day course empowers developers with the skills to secure C# and ASP.NET web applications against common vulnerabilities and advanced cyber threats. Participants will explore core IT security principles, secure coding practices, and .NET-specific security measures. Key topics include SQL injection, cross-site scripting (XSS), authentication flaws, and insecure deserialization, with a focus on how they affect ASP.NET applications.
The course also delves into the .NET framework’s security architecture, emerging issues, and cryptographic techniques. Through hands-on exercises, participants will gain practical experience in applying secure coding practices to real-world scenarios.
Goal
By the end of this course, participants will be able to:
- Identify and mitigate common web vulnerabilities affecting .NET applications, including OWASP Top Ten issues.
- Apply secure coding practices in C# to prevent injection attacks, XSS, and insecure deserialization.
- Utilise the security features of the .NET framework to enhance application security.
- Strengthen authentication, session management, and access control in ASP.NET applications.
- Conduct vulnerability assessments using tools like static code analysis and penetration testing frameworks.
- Apply secure coding principles and follow key guidelines from industry standards such as OWASP and SEI CERT.
Prerequisites
- General C# development knowledge.
- Familiarity with web application concepts is beneficial but not mandatory.
Target Audience
- C# developers building or maintaining web applications.
- Software engineers seeking to enhance their knowledge of secure coding.
- IT professionals responsible for application security in .NET-based systems.
Course Content
Day 1: Introduction to IT security and secure coding
- Fundamentals of IT security and risk management.
- Understanding security flaws and their exploitation in cybercrime.
- Overview of OWASP Top Ten vulnerabilities and secure coding principles.
- Injections:
- SQL Injection: Attack methods, blind SQL injection, and prevention using parameterized queries.
- Command Injection: Detection, prevention techniques, and hands-on exercises.
- XML Injection: Addressing and mitigating injection risks.
- Cross-Site Scripting (XSS): Persistent, reflected, and DOM-based XSS attacks with prevention strategies and exercises.
Day 2: Advanced web vulnerabilities and secure coding
- Authentication and Session Management:
- Best practices for secure authentication.
- Common vulnerabilities in session handling, including cookies and JWT tokens.
- Exercises on securing authentication and sessions.
- Business Logic Vulnerabilities:
- Identifying and preventing issues like privilege escalation and payment manipulation.
- Practical exercises on mitigating business logic flaws.
- Securing forms and session tokens against CSRF attacks.
- Prevention techniques with ASP.NET.
- Addressing path traversal and insecure file upload vulnerabilities.
- Exercises on secure coding practices.
- Understanding and mitigating race conditions in multi-threaded environments.
- Cross-Site Request Forgery (CSRF):
- File and Path Vulnerabilities:
- Race Conditions:
Day 3: .NET security and advanced topics
- .NET Security Architecture:
- Core security features, including role-based access control and secure error handling.
- Serialization and deserialization vulnerabilities and their mitigation.
- Practical Cryptography:
- Symmetric and asymmetric encryption techniques.
- Cryptographic APIs in .NET and best practices for key management.
- In-depth analysis of new vulnerabilities such as insecure deserialization and cookie injection.
- Tools and techniques for static code analysis, penetration testing, and vulnerability management.
- Exercises using tools like OWASP ZAP and SQLMap.
- Applying robust programming principles from Saltzer and Schroeder.
- Recommended resources and further reading for secure coding practices.
- Emerging Threats:
- Security Testing and Vulnerability Management:
- Principles of Secure Coding:
Exams and Assessments
- Multiple-choice exam (60 questions, 50% pass mark).
- The APMG Proctor-U exam is taken online after course completion.
- Delegates receive individual access to the APMG candidate portal (available two weeks post-exam).
Hinta 4663 € +alv
Pidätämme oikeudet mahdollisiin muutoksiin ohjelmassa, kouluttajissa ja toteutusmuodossa.
Katso usein kysytyt kysymykset täältä.