Certified .NET Application Security Engineer
-
COURSE DATES AND LOCATIONS
DATE
Duration
LOCATION
FEES
Book Now
-
INTRODUCTION
The Certified Application Security Engineer .NET credential tests the critical security skills and knowledge required throughout a typical software development life cycle , focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.
The Certified Application Security Engineer .NET training course will guide you through the application security aspect of the .Net application development..Net being one of the popular application development framework lack to cover the security aspect and most of the developers learn this on the job, therefore this training course will give perfect know how of the application security.
-
COURSE OBJECTIVES
By the end of the course, you‘ll be able to:
- Understanding Application Security, Threats, and Attacks
- Security Requirements Gathering
- Secure Application Design and Architecture
- Secure Coding Practices for Input Validation, Authentication and Authorization, Secure Coding Practices for Cryptography, Session Management & Error Handling
- Static and Dynamic Application Security Testing (SAST & DAST)
- Secure Deployment and Maintenance
-
COURSE AUDIENCE
This course is made for
- IT specialist
- Web application developer
- .NET developers
- Security engineer
- Analysts and Testers
-
COURSE OUTLINE
Day One
Understanding Application Security, Threats and Attacks
- What is a Secure Application
- Need for Application Security
- Most Common Application Level Attacks
- Why Applications become Vulnerable to Attacks
- What Consistutes Comprehensive Application Security ?
- Insecure Application: A Software Development Problem
- Software Security Standards, Models and Frameworks
Security Requirements Gathering
- Importance of Gathering Security Requirements
- Security Requirement Engineering (SRE)
- Abuse Case and Security Use Case Modeling
- Abuser amd Security Stories
- Security Quality Requirements Engneering (SQUARE)
- Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
Day Two
Secure Application Design and Architecture
- Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
- Secure Application Design and Architecture
- Goal of Secure Design Process
- Secure Design Actions
- Secure Design Principles
- Threat Modeling
- Decompose Application
- Secure Application Architecture
Secure Coding Practices for Input Validation
- Input Validation
- Why Input Validation ?
- Input Validation Specification
- Input Validation Approaches
- Input Filtering
- Secure Coding Practices for Input Validation: Web Forms
- Secure Coding Practices for Input Validation: ASP.NET Core
- Secure Coding Practices for Input Validation: MVC
Day Three
Secure Coding Practices for Authentication and Authorization
- Authentication and Authorization
- Common Threats on User Authentication and Authorization
- Authentication and Authorization: Web Forms
- Authentication and Authorization: ASP .NET Core
- Authentication and Authorization: MVC
- Authentication and Authorization Defensive Techniques : Web Forms
- Authentication and Authorization Defensive Techniques : ASP .NET Core
- Authentication and Authorization Defensive Techniques : MVC
Day Four
Secure Coding Practices for Cryptography
- Cryptographic
- Ciphers
- Block Ciphers Modes
- Symmetric Encryption Keys
- Asymmetric Encryption Keys
- Functions of Cryptography
- Use of Cryptography to Mitigate Common Application Security Threats
- Cryptographic Attacks
- Techniques Attackers Use to Steal Cryptographic Keys
- What should you do to Secure .Net Applications for Cryptographic Attacks
- .NET Cryptographic Name Spaces
- .NET Cryptographic Class Hierarchy
- Symmetric Encryption
- Symmetric Encryption: Defensive Coding Techniques
- Asymmetric Encryption
- Asymmetric Encryption: Defensive Coding Techniques
- Hashing
- Digital Signatures
- Digital Certificates
- XML SIgnatures
- ASP.NET Core Specific Secure Cryptography Practices
Day Five
Secure Coding Practices for Session Management
- What are Exceptions/Runtime Errors ?
- Need for Secure Error/Exception Handling
- Consequences of Detailed Error Message
- Exposing Detailed Error Messages
- Considerations: Designing Secure Error Messages
- Secure Exception Handling
- Handling Exceptions in an Application
- Defensve Coding practices against Information Disclosure
- Defensive Coding practices against Improper Error Handling
- ASP .NET Core: Secure Error Handling Practices
- Secure Auditing and Logging
- Tracing .NET
- Auditing and Logging Security Checklists