T1515

Ladda ner som PDF

.NET, C# and ASP.NET security development

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

Audience

.NET, C# and ASP.NET developers, software architects and testers

Prior knowledge

Preparedness: Basic .NET, C# and ASP.NET

Language

The course is taught in English (Contact us if you prefer Swedish).

Courseware

Material in English

Informator Training Cloud

Our training portal supports your development throughout the training. The portal saves you time and is designed to give you a more effective learning experience - leading to better results and greater knowledge enforcement after the course. Read more >

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general Web application security challenges, but also with special issues and attack methods like attacking the PostBack or the ViewState, or the string termination attacks.

Security technologies and services:Code Access Security, Role Access Security, Remoting Architecture; ASP.NET trust levels; form authentication; session handling; provider model; membership, role management and the Microsoft Passport Network.

Vulnerabilities, attacks and mitigations:integer overflows in .NET; injection flaws in ASP.NET: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), log forging; unsafe native calls; Equals() and toString() problems; attacking PostBack and ViewState; string termination attacks; direct... Läs mer

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general Web application security challenges, but also with special issues and attack methods like attacking the PostBack or the ViewState, or the string termination attacks.

Security technologies and services:Code Access Security, Role Access Security, Remoting Architecture; ASP.NET trust levels; form authentication; session handling; provider model; membership, role management and the Microsoft Passport Network.

Vulnerabilities, attacks and mitigations:integer overflows in .NET; injection flaws in ASP.NET: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), log forging; unsafe native calls; Equals() and toString() problems; attacking PostBack and ViewState; string termination attacks; direct call to GC.Collect(); implementation of ICloneable; class comparison methods; using the [Serializable] attribute; unsafe reflection; attacking PostBack and ViewState; string termination attacks; and many more...

Utbildningen levereras i samarbete med

Kurs-ID: T1515
Längd: 2 dagar
Pris exkl moms: 20 450 kr

Frågor om kursen!?

Har du frågor om kursens innehåll, leveransdatum/ort eller behöver en företagsanpassad variant? Fyll i formuläret nedan!


Kan betalas med:
TRAINING CARD

Ort och datum

Stockholm
26 sep – 27 sep
Boka nu!
28 nov – 29 nov
Boka nu!
Göteborg
26 sep – 27 sep R
Boka nu!
28 nov – 29 nov R
Boka nu!
Malmö
26 sep – 27 sep R
Boka nu!
28 nov – 29 nov R
Boka nu!
Cloud Access
i Läs mer

Delta på kursen från ditt hem, jobb eller annan plats.

26 sep – 27 sep
Boka nu!
28 nov – 29 nov
Boka nu!

Tipsa