Attacking and Securing .Net Web Applications is a lab-intensive, hands-on .Net security training course that provides unique coverage of .Net application security. In this course, students begin with penetration testing, hunting for bugs in .Net web applications. They then thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads, CSRF and direct object references). Students will repeatedly attack and then defend various assets associated with fully functional web applications and services. This hands-on approach drives home the mechanics of how to secure .Net web applications in the most practical of terms. The course ends with an extensive discussion of what a mature application security presence would provide to the developers within an organization.
A key component to our Best Defense IT Security Training Series, this PCI-Compliant workshop is a companion course with several developer-oriented courses and seminars. Our bug hunting class introduces penetration testing , illustrating how hackers probe and exploit our applications. Our developing secure software class introduces various security measures that can be applied through the software lifecycle. The combination of ethical hacking, secure coding, and secure lifecycle training provides student with the complete experience in application security. This course merges these classes with a specific .Net orientation. Although this edition of the course is .Net specific, it may also be presented using Java, NodeJS or other programming languages.
Students who attend Attacking and Securing .Net Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing effective defenses.
Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux.
Working in a hands-on coding environment, guided by our expert team, attendees will learn:
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional .Net programming, secure coding, hacking, database security, bug hunting and other related topics that may be blended with this course for a track that best suits your needs. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.
This is an intermediate -level programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Real world programming experience with .Net is required.
Please see the Related Courses tab for specific Pre-Requisite courses, Related Courses that offer similar skills or topics, and next-step Follow-On Courses and Learning Path recommendations.
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most.
Session: Bug Hunting Foundation
Lesson: Why Hunt Bugs?
Lesson: Safe and Appropriate Bug Hunting/Hacking
Session: Scanning Web Applications
Lesson: Scanning Applications Overview
Session: Moving Forward from Hunting Bugs
Lesson: Removing Bugs
Session: Foundation for Securing Applications
Lesson: Principles of Information Security
Session: Bug Stomping 101
Lesson: Unvalidated Data
Lesson: A1: Injection
Lesson: A2: Broken Authentication
Lesson: A3: Sensitive Data Exposure
Lesson: A4: XML External Entities (XXE)
Lesson: A5: Broken Access Control
Session: Bug Stomping 102
Lesson: A6: Security Misconfiguration
Lesson: A7: Cross Site Scripting (XSS)
Lesson: A8/9: Deserialization/Vulnerable Components
Lesson: A10: Insufficient Logging and Monitoring
Lesson: Spoofing, CSRF, and Redirects
Session: Moving Forward with Application Security
Lesson: Applications: What Next?
Lesson: .NET Issues and Best Practices
Lesson: Making Application Security Real
Time Permitting Topics
Lesson: Cryptography Overview
Lesson: .NET Cryptographic Services
Hands-on Setup Made Simple! All course software (limited versions, for course use only), courseware files, hands-on lab guides, labs and solutions, data sets and resources (as applicable) are provided for you in our “easy access / no install required” high-speed remote lab environment. In most cases, we can also offer local (non-cloud) set up as an alternative. Either way, our dedicated live tech team works with every student to ensure everyone is set up with working access and ready to go prior to every course start date, ensuring a smooth delivery and great hands-on experience. All your coursework can be accessed or downloaded after class, so you never lose your work or materials. Please ask for details.
Live scheduled classes are listed below or browse our full course catalog anytime
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Please see the current upcoming available open enrollment course dates posted below. Please feel free to Register Online below, or call 844-475-4559 toll free to connect with our Registrar for assistance. If you need additional date options, please contact us for scheduling.
Course Title | Days | Date | Time | Price | |
---|---|---|---|---|---|
Attacking and Securing .Net Web Applications | 4 Days | Mar 29 to Apr 1 | 02:00 PM to 06:00 PM EST | $2,595.00 | Register |
Attacking and Securing .Net Web Applications | 4 Days | Apr 6 to Apr 9 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
Attacking and Securing .Net Web Applications | 4 Days | Apr 12 to Apr 15 | 09:00 AM to 01:00 PM EST | $2,595.00 | Register |
Attacking and Securing .Net Web Applications | 4 Days | May 17 to May 20 | 02:00 PM to 06:00 PM EST | $2,595.00 | Register |
Attacking and Securing .Net Web Applications | 4 Days | Jun 7 to Jun 10 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
New Site, BIG Savings!
We're celebrating the launch of our lonnngggg awaited new site with with *50% off all 2021 Public Classes* booked by March 31! Check out our Current Offers for Individuals, Teams and Organizations to Learn for Less!
Special Offers
Limited Offer for most courses.
SAVE 50%