Microsoft SDL Core
-
COURSE DATES AND LOCATIONS
DATE
Duration
LOCATION
FEES
Book Now
-
INTRODUCTION
This course will gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides overviewabout the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process and gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques.
-
COURSE OBJECTIVES
By the end of the course, you‘ll be able to:
- Learn secure design and development practices
- Learn about secure implementation principles
- Understand security testing methodology
- Understand basic concepts of security, IT security and secure coding
- Get known to the essential steps of Microsoft Secure Development Lifecycle
- Get sources and further readings on secure coding practices
-
COURSE AUDIENCE
This course is made for :
- Developers
- Managers
-
COURSE OUTLINE
Day One
IT security and secure coding
-
- Nature of security
- IT security related terms
- Definition of risk
- Different aspects of IT security
- Requirements of different application areas
- IT security vs. secure coding
- From vulnerabilities to botnets and cybercrime
- Classification of security flaws
Day Two
Introduction to the Microsoft® Security Development Lifecycle (SDL)
-
- Agenda
- Applications under attack…
- Origins of the Microsoft SDL…
- Microsoft Security Development Lifecycle (SDL)
Secure design principles
-
-
- Attack surface
- Privacy
- Defense in depth
- Least privilege principle
- Secure defaults
-
Day Three
Secure implementation principles
-
- Agenda
- Microsoft Security Development Lifecycle (SDL)
- Buffer overflow basics
- Input validation
Secure implementation principles
-
- Injection
- Broken authentication – password management
- Cross-Site Scripting (XSS)
- Missing function level access control
- Practical cryptography
Day Four
Secure verification principles
-
- Functional testing vs. security testing
- Security vulnerabilities
- Prioritization
- Security testing in the SDLC
- Steps of test planning (risk analysis)
- Scoping and information gathering
- Threat modeling
- Security testing techniques and tools
- Code review
- Static code analysis
- Testing the implementation
- Fuzzing
- Web vulnerability scanners
- Checking and hardening the environment
- Case study – Forms Authentication Bypass
Day Five
Knowledge sources
-
- Secure coding sources – a starter kit
- Vulnerability databases
- .NET secure coding guidelines at MSDN
- .NET secure coding cheat sheets
- Recommended books – .NET and ASP.NET
