Public Schedule

Secure .NET Web Applications Development Lifecycle

  • Courses
  • Secure .NET Web Applications Development Lifecycle

Information Technology

Leadership

Business Analysis

Certifications

Project Management

Public Schedule

Our Blogs

Get Course Information

Connect for information with us at info@velocityknowledge.com

How would you like to learn?*

Duration: 5 Days Instructor-led course

Course Description

This 5-day instructor-led course equips .NET developers, architects, and security-focused professionals with the knowledge and practical skills needed to build secure ASP.NET and ASP.NET Core web applications. Participants will explore secure development practices throughout the software development lifecycle (SDLC), from design and coding to testing and deployment. The course provides in-depth coverage of threat modeling, secure coding techniques, identity and access management, data protection, and secure DevOps integration, all with a .NET lens. Each module is reinforced with practical hands-on labs using Visual Studio, .NET Core, and OWASP testing tools.

Target Audience

  • .NET developers and software engineers
  • Application architects and technical leads
  • DevSecOps engineers
  • Security analysts focused on application security

Prerequisites

  • Experience developing ASP.NET or ASP.NET Core applications
  • Familiarity with C# and object-oriented programming
  • Understanding of HTTP, REST, and MVC patterns
  • Recommended: familiarity with Git and Visual Studio

Key Objectives

By the end of the course, participants will be able to:

  • Apply secure coding practices to .NET web applications
  • Perform threat modeling and risk analysis
  • Protect sensitive data using encryption and secure configuration
  • Implement secure authentication and access control mechanisms
  • Identify and fix common .NET-specific vulnerabilities
  • Integrate secure practices across the CI/CD pipeline
  • Use static and dynamic analysis tools within the .NET ecosystem

Course Takeaways

  • Hands-on experience securing modern .NET applications
  • Reusable code samples, security templates, and threat modeling diagrams
  • Secure coding checklist for .NET teams
  • Tools and scripts for testing and validation

Module 1: Introduction to Secure Application Development Lifecycle

Section 1.1: Security and the SDLC

  • Secure SDLC stages and stakeholder roles
  • Shift-left security practices
  • Overview of OWASP Top 10 and CWE

Section 1.2: Threat Modeling

  • STRIDE methodology
  • Data flow diagrams and attack surface identification
  • Practical threat modeling using a sample .NET web app

Hands-On Labs

  • Lab 1: Build a data flow diagram for a .NET MVC application
  • Lab 2: Perform STRIDE threat modeling on a login feature
  • Lab 3: Map OWASP Top 10 threats to specific application components

Module 2: Secure .NET Web Development Fundamentals

Section 2.1: Input Validation and Output Encoding

  • Common input-based vulnerabilities
  • Validating and sanitizing user inputs
  • Preventing cross-site scripting and injection attacks

Section 2.2: Secure Data Handling in .NET

  • Secure string handling
  • Avoiding insecure deserialization
  • Protecting sensitive data in memory and storage

Hands-On Labs

  • Lab 4: Fix input validation flaws in a .NET Razor Pages app
  • Lab 5: Implement model binding and validation attributes securely
  • Lab 6: Use the System.Text.Encodings.Web namespace to prevent XSS

Module 3: Identity, Access, and Session Management

Section 3.1: Authentication and Authorization in .NET

  • ASP.NET Core Identity and Claims-based access
  • OAuth 2.0 and OpenID Connect integration
  • Managing tokens securely

Section 3.2: Session Security and Access Controls

  • Role-based and policy-based authorization
  • Session hijacking prevention
  • Secure cookie handling and anti-forgery tokens

Hands-On Labs

  • Lab 7: Implement role-based authorization in a .NET Core API
  • Lab 8: Use ASP.NET Identity with OpenID Connect and Azure AD
  • Lab 9: Secure session cookies and anti-forgery validation

Module 4: Data Protection, Configuration Security, and Secrets Management

Section 4.1: Encrypting Data at Rest and in Transit

  • Using ASP.NET Core Data Protection API
  • TLS configuration and secure HTTP headers
  • HTTPS enforcement and HSTS

Section 4.2: Managing Configuration and Secrets

  • Secure use of appsettings.json and environment variables
  • Storing and accessing secrets using Azure Key Vault or Secret Manager
  • Avoiding hardcoded credentials and keys

Hands-On Labs

  • Lab 10: Encrypt user data using the Data Protection API
  • Lab 11: Configure HTTPS and apply security headers with middleware
  • Lab 12: Integrate Azure Key Vault to store and retrieve database credentials

Module 5: Testing, Monitoring, and Secure DevOps Integration

Section 5.1: Secure Code Reviews and Static Analysis

  • Secure code review principles for .NET
  • Using tools like SonarQube, Roslyn analyzers, and DevSkim
  • Automating code quality checks in CI pipelines

Section 5.2: Dynamic Testing and Runtime Protections

  • Integration of OWASP ZAP and Burp Suite with .NET apps
  • Logging, monitoring, and anomaly detection
  • Response strategies and incident handling

Section 5.3: Secure Deployment Practices

  • Secure containerization and .NET application hardening
  • DevSecOps workflows in GitHub Actions or Azure DevOps
  • Continuous security validation and compliance checks

Hands-On Labs

  • Lab 13: Run SonarQube and analyze security issues in .NET source code
  • Lab 14: Conduct a security scan using OWASP ZAP against a deployed app
  • Lab 15: Set up a GitHub Actions workflow with security gates and checks

Contact us to customize this course for your team and for your organization.

Contact Us?
Close

Search

Interested?
Secure .NET Web Applications Development Lifecycle

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.