21 hours (usually 3 days including breaks)
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.
The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.
Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.
Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Learn to use various security features of the .NET development environment
- Have a practical understanding of cryptography
- Get information about some recent vulnerabilities in .NET and ASP.NET
- Get practical knowledge in using security testing tools
- Learn about typical coding mistakes and how to avoid them
- Get sources and further readings on secure coding practices
- IT security and secure coding
- Web application security
- Client-side security
- Client-side security
- .NET security architecture and services
- Practical cryptography
- ASP.NET security architecture
- Common coding errors and vulnerabilities
- Principles of security and secure coding
- Knowledge sources
It's good to start with the cause and anderstand why we need to secure our application.
Mikron SA Boudry
The explanations of how the most common attacks happen against web applications.
Jacob Fisher - Mikron SA Boudry
Beginning by how to hack to better understand how to secure was very interesting and appreciated.
Raphaël Capocasale - Mikron SA Boudry