About the course
Instructor: Aaron Cure
ASP.NET and the .NET framework have provided web developers with tools that allow them an unprecedented degree of flexibility and productivity. On the other hand, these sophisticated tools make it easier than ever to miss the little details that allow security vulnerabilities to creep into an application. Since ASP.NET, 2.0 Microsoft has done a fantastic job of integrating security into the ASP.NET framework, but the responsibility is still on application developers to understand the limitations of the framework and ensure that their own code is secure.
Have you ever wondered if the built-in ASP.NET validation is effective? Have you been concerned that web services might be introducing unexamined security issues into your application? Should you feel uneasy relying solely on the security controls built into the ASP.NET framework? The Secure Coding in .NET course will help students leverage built-in and custom defensive technologies to integrate security into their applications.
What Does the Course Cover?
This is a comprehensive course covering a huge set of skills and knowledge. It's not a high-level theory course. It's about real programming. In this course you will examine actual code, work with real tools, build applications, and gain confidence in the resources you need for the journey to improving the security of .NET applications.
Rather than teaching students to use a set of tools, we're teaching students concepts of secure programming. This involves looking at a specific piece of code, identifying a security flaw, and implementing a fix for flaws found on the OWASP Top 10 and CWE/SANS Top 25 Most Dangerous Programming Errors.
The class culminates with a security review of a real-world open source application. You will write custom static analysis rules to discover .NET vulnerabilities, conduct a code review, review a penetration test report, perform security testing to actually exploit real vulnerabilities, and finally, using the secure coding techniques that you have learned in class, implement fixes for these issues.
Section 6.5 of the Payment Card Industry (PCI) Data Security Standard (DSS) instructs auditors to verify that processes exist that require training in secure coding techniques for developers. If your application processes cardholder data and you are required to meet PCI compliance, then this course is for you.
Be secure. Before you're next.
You Will Learn To:
Understand the attacker's methodology and how they will attack your web application
Apply defensive coding techniques to prevent your application from being compromised
Safeguard your sensitive information using approved cryptography standards
Find vulnerabilities in your application using code review and basic pen test techniques
Integrate security into your software development lifecycle
DEV544.1: Data Validation
DEV544.2: Authentication & Session Management
DEV544.3: .NET Framework Security
DEV544.4: Secure Software Development Lifecycle