Creating Secure Code - ASP.Net

COURSE OVERVIEW

This course gives developers an in-depth emersion into secure coding practices with an emphasis on system integration and solutions built around the ASP.NET technology. It includes hands-on lab on implementing secure solutions in ASP.NET.  This course covers the principles of secure development, including.

	Common coding errors for native code, managed code and web applications
	Defensive coding principles and how they can be used to develop more secure applications
	Online resources that can help keep your secure coding skills up to date

COURSE OUTLINE

I.  Common Coding Errors

• Trusting the identity of a remote host
• Poorly implementing cryptography
• Not Validating User Input
• Information Disclosure
• Integer overflows
• Relative and default paths
• Administrative, software and service back doors
• Dynamic linking and loading
• Creating temporary files
• Trusting libraries and OS APIs

II.  Windows Security Architecture

• Windows Cryptography
• Code Access Security

III.  Common Web Application Errors

• Trusting Client-Side Validation
• Cross Site Scripting
• SQL Injection
• Command Injection
• Performance Issues / Denial of Service
• Forceful Browsing
• Session Hijacking
• Server Fingerprinting
• Disclosing too much information
• Allowing Zero and One-Click Attacks

IV.  Defensive Coding Principles

• Secure the weakest link
• Least privilege
• Secure by default
• Economy of mechanism
• Complete mediation
• Open design
• Least common mechanism
• Psychological acceptability
• Fail Secure
• Defense in Depth
• Input validation
• Compartmentalization
• Don’t reinvent the wheel
• Learn from your mistakes
• Least Exposure
• Beware of backward compatibility
• Don’t mix code and data
• Auditing and logging
• Watch your resources

V. Threat Modeling

VI. Secure Development Lifecycle