Secure .Net Web Application Development is a lab-intensive, hands-on .Net security training course that provides 360-degree coverage of .Net application security. In this course, you begin with penetration testing, hunting for bugs in .Net web applications. You will then thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads, CSRF and direct object references). You will repeatedly attack and then defend various assets associated with fully functional web applications and services. This hands-on approach drives home the mechanics of how to secure .Net web applications in the most practical of terms. Finally, you will examine the controls (defenses) relative to the phases that attackers work through when exploiting web applications. The course focuses on three specific activities that are interrelated and move the security process farther to the left in the development process. The course ends with an extensive discussion of what a mature application security presence would provide to the developers within an organization.
This course uses .Net Core version 6. Although this edition of the course is .Net-specific, it may also be presented using Java or other programming languages.
Those who attend Secure .Net Web Application Development will leave the course armed with the skills required to recognize actual and potential software vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. You will also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Next, the course introduces the skills required to begin the process of integrating security into several points in the software lifecycle. There are practical labs on the three primary activities covered in this course: Asset Analysis, Secure Design Review, and Secure Code Review.
Practical labs reinforce these concepts with real vulnerabilities and attacks. You are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux.
Working in a dynamic, lab-intensive hands-on coding environment students will learn to:
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional .Net programming, secure coding, secure software development, hacking, database security, bug hunting and other related topics that may be blended with this course for a track that best suits your needs. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.
This is an intermediate - level .Net secure programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Familiarity with C# is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of .Net development practical experience
Please see the Related Courses Tab for Pre-Requisite course specifics and links, links to similar courses you might review as an alternative, as well as suggested Next-Step Follow-On Courses and Learning Path recommendations.
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most. Topics, agenda and labs are subject to change, and may adjust during live delivery based on audience interests, skill-level and participation.
Session: Bug Hunting Foundation
Lesson: Why Hunt Bugs?
Lesson: Safe and Appropriate Bug Hunting/Hacking
Session: Scanning Web Applications
Lesson: Scanning Applications Overview
Session: Moving Forward From Hunting Bugs
Lesson: Removing Bugs
Session: Foundation for Securing Web Applications
Lesson: Principles of Information Security
Session: Bug Stomping 101
Lesson: Unvalidated Data
Lesson: A1: Injection
Lesson: A2: Broken Authentication
Lesson: A3: Sensitive Data Exposure
Lesson: A4: XML External Entities (XXE)
Lesson: A5: Broken Access Control
Session: Bug Stomping 102
Lesson: A6: Security Misconfiguration
Lesson: A7: Cross Site Scripting (XSS)
Lesson: A8/9: Deserialization/Vulnerable Components
Lesson: A10: Insufficient Logging and Monitoring
Lesson: Spoofing, CSRF, and Redirects
Session: Exploring .Net Cryptography
Lesson: .Net Cryptographic Services
Session: Moving Forward with Application Security
Lesson: Applications: What Next?
Lesson: .NET Issues and Best Practices
Lesson: Making Application Security Real
Session: Secure Development Lifecycle (SDL)
Lesson: SDL Overview
Lesson: SDL In Action
Lesson: Asset Analysis
Lesson: Threat Modeling Overview
Hands-on Setup Made Simple! All course materials, data sets, course software (limited version, for course use only), course notes and related resources (as applicable) are provided for attendees in our easy access, no installation required, remote lab environment for the duration of the course. In most cases, we can also offer local (non-cloud) set up as an alternative. Our tech team will help set up, test and verify lab access for each attendee prior to the course start date, ensuring a smooth start to class and successful hands-on course experience for all participants.
Every-Course Extras = High-Value & Long-Term Learning Support! Most courses also include our unique EveryCourse Extras package (Post-Course Resource Site access, Review Labs, Live Instructor Follow-on Support, Free *Live* Course Refresh Re-Takes, early access to Special Offers, Free Courses & more). Please ask for details.
Live scheduled classes are listed below or browse our full course catalog anytime
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Mix, Match & Master!
2FOR1: Two Courses, One Price!
Enroll in *any* two public courses (for 2023 *OR* 2024 dates!) by December 31, for one price! Learn something new, or share the promo!
Special Offers
Limited Offer for most courses.
SAVE 50%