Secure .Net Web Application Development Lifecycle (SDL)

Overview

Secure .Net Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on .Net security training course, essential for experienced enterprise developers who need to engineer, maintain, and support secure .Net-supported web applications. In addition to teaching basic secure programming skills, this course digs deep into sound processes and practices that apply to the entire software development lifecycle.

In this course, students thoroughly examine best practices for defensively coding web applications, including XML processing, rich interfaces, and both RESTful and SOAP-based web services.  Students will repeatedly attack and then defend various assets associated with fully-functional web applications and web services.  This hands-on approach drives home the mechanics of how to secure .Net web applications in the most practical of terms.

Security experts agree that the least effective approach to security is “penetrate and patch”.  It is far more effective to “bake” security into an application throughout its lifecycle.  After spending significant time trying to defend a poorly designed (from a security perspective) web application, developers are ready to learn how to build secure web applications starting at project inception.  The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle.

A key component to our Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars.   Although this edition of the course is .Net-specific, it may also be presented using .Net or other programming languages.

In this training course, learn how to:

• Understand potential sources for untrusted data
• Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
• Test web applications with various attack techniques to determine the existence of and effectiveness of layered defense
• Prevent and defend the many potential vulnerabilities associated with untrusted data
• Understand the vulnerabilities of associated with authentication and authorization
• Detect, attack, and implement defenses for authentication and authorization functionality and services
• Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
• Detect, attack, and implement defenses against XSS and Injection attacks
• Understand the concepts and terminology behind defensive, secure, coding
• Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets

This course is also available on our public schedule via Live Virtual Classroom: