C# and Web Application Security

Who Should Attend

• Developers working with C# and .NET
• Web application developers
• Security professionals
• Anyone responsible for building secure .NET web applications

Prerequisites

• General C# and Web application development experience

What You Will Learn

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the .NET development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get sources and further readings on secure coding practices

Course Outline

Labs & Practical Exercises

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.

Certification & Assessment

Certificate of Completion. This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.