Securing ASP.NET using OpenID Connect and IdentityServer

Introduction to Git and GitHub

Throughout most of the tech world, Git and GitHub are the de facto tools used for version control and collaboration. However, they can seem difficult to use at first glance. That’s why this course exists: to teach IT and development teams how to best utilize Git and GitHub. In this course, you will not just learn how to commit or merge using Git but how it works under the hood. You’ll understand the inner workings of Git, what makes it tick, and how to get the most out of it for your team. You will also learn how to collaborate with other developers on the GitHub platform. During the course, you will get hands-on experience by completing an extensive set of exercises that will take you through realistic challenges you will face working with both Git and GitHub. This will help prepare you for using both tools in your day-to-day work life.

Introduction to OpenID Connect and OAuth

OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens. In this course, you will learn the following: Authentication vs. authorization How OAuth 2.x and OpenID Connect work Fundamental concepts How a client authenticates against an authorization server How to retrieve and consume JWT tokens How OpenID Connect fits into your architecture How the tokens are secured and managed This course includes many hands-on exercises that will help you understand how the protocol works under the hood, so you can get the best from it.

Security testing C# Web applications

Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete. Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears. The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework. So that you are prepared for the forces of the dark side. So that nothing unexpected happens. Nothing.   Outline Cyber security basics The OWASP Top Ten 2021 Wrap up Delivered onsite for three days, 9-17.00Delivered online for five days, Monday - Friday 9-13.00  

IdentityServer in Production

This course continues where our popular course Securing ASP.NET using OpenID Connect and IdentityServer with a clear focus on getting a complete IdentityServer architecture up and running in a real production environment. You will learn how to avoid many of the pitfalls and snags involved when you’re starting your deployment journey. When we say that this course is about deploying to production, we really mean it. In this course, we will deploy the services we create to the public internet, using real TLS certificates and automatic build/deployment. The solution you will deploy contains a client, an API, and a fully configured IdentityServer. We are especially proud that we don’t cheat or cut corners in this all-encompassing course. Instead, we will, for example: Store configuration data in a separate configuration service Create logs in a separate logging server for analytics and visualization Use real HTTPS certificates Create our own token signing keys Use continuous deployment to deploy our services This very hands-on course contains extensive exercises that will take you through all the steps involved in creating a successful identity solution.