C# and Web Application Security

48 Ratings

Download

REQUEST PRICING

Course Number: SEC-122

Duration: 3 days (19.5 hours)

Format: Live, hands-on

Secure Coding Training Overview

Accelebrate's C# and Web Application Security training teaches developers how to prevent common security issues in C# applications. Attendees go beyond core programming issues, exploring secure code pitfalls of the C# language and the .NET framework.

Location and Pricing

Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.

Objectives

All students will:

Get familiar with essential cyber security concepts
Understand Web application security issues
Gain a detailed analysis of the OWASP Top Ten elements
Put Web application security in the context of C#
Go beyond the low hanging fruits
Manage vulnerabilities in third-party components
Identify vulnerabilities and their consequences
Learn the security best practices in C#

Prerequisites

All secure coding students should have general C# and web application development experience.

Outline

Expand All | Collapse All

Cyber security basics

What is security?
Threat and risk
Cyber security threat types
Consequences of insecure software

Introducing the OWASP Top 10

A1 - Injection

Injection principles
Injection attacks
SQL injection
SQL injection best practices
Code injection

A2 - Broken Authentication

Authentication
Password management
Session management

A3 - Sensitive Data Exposure

Information exposure
Exposure through extracted data and aggregation
Case study – Strava data exposure
System information leakage
Information exposure best practices

A4 - XML External Entities (XXE)

DTD and the entities
Entity expansion
External Entity Attack (XXE)

A5 - Broken Access Control

Access control basics
Failure to restrict URL access
Confused deputy
File upload

A7 - Cross-site Scripting (XSS)

Cross-site scripting basics
Cross-site scripting types
Case study – XSS in Fortnite accounts
XSS protection best practices

A8 - Insecure Deserialization

Serialization and deserialization challenges
Integrity – deserializing untrusted streams
Integrity – deserialization best practices
Property Oriented Programming (POP)

A9 - Using Components with Known Vulnerabilities

Using vulnerable components
Assessing the environment
Hardening
Untrusted functionality import
Importing JavaScript
Case study – The British Airways data breach
Vulnerability management

Web Application Security Beyond the Top Ten

Client-side security
Tabnabbing
Frame sandboxing

Common Software Security Weaknesses

Input validation
Integer handling problems
Unsafe reflection

Code quality

Code quality and security
Data handling
Object-oriented programming pitfalls

Conclusion

Secure coding principles
And now what?

Training Materials:

All attendees receive comprehensive courseware.

Software Requirements:

Attendees will not need to install any software on their computer for this class. The class will be conducted in a remote environment that Accelebrate will provide; students will only need a local computer with a web browser with a stable Internet connection. Any recent version of Microsoft Edge, Mozilla Firefox, or Google Chrome will be fine.

Download

REQUEST PRICING

Learn faster

Our live, instructor-led lectures are far more effective than pre-recorded classes

Satisfaction guarantee

If your team is not 100% satisfied with your training, we do what's necessary to make it right

Learn online from anywhere

Whether you are at home or in the office, we make learning interactive and engaging

Multiple Payment Options

We accept check, ACH/EFT, major credit cards, and most purchase orders

Recent Training Locations

Alabama

Birmingham

Huntsville

Montgomery

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

Los Angeles

Oakland

Orange County

Sacramento

San Diego

San Francisco

San Jose

Colorado

Boulder

Colorado Springs

Denver

Connecticut

Hartford

Washington

Florida

Fort Lauderdale

Jacksonville

Miami

Orlando

Tampa

Georgia

Atlanta

Augusta

Savannah

Hawaii

Honolulu

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Cedar Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Frederick

Hagerstown

Massachusetts

Boston

Cambridge

Springfield

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Minneapolis

Saint Paul

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Las Vegas

Reno

New Jersey

Princeton

New Mexico

Albuquerque

New York

Albany

Buffalo

New York City

White Plains

North Carolina

Charlotte

Durham

Raleigh

Ohio

Akron

Canton

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Oklahoma City

Tulsa

Oregon

Portland

Pennsylvania

Philadelphia

Pittsburgh

Rhode Island

Providence

South Carolina

Charleston

Columbia

Greenville

Tennessee

Knoxville

Memphis

Nashville

Texas

Austin

Dallas

El Paso

Houston

San Antonio

Utah

Salt Lake City

Virginia

Alexandria

Arlington

Norfolk

Richmond

Washington

Seattle

Tacoma

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Calgary

Edmonton

British Columbia

Vancouver

Manitoba

Winnipeg

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan

HTML5

CSS

JavaScript

Mobile Development

WebAssembly

Machine Learning

Data Literacy

Data Science Programming

Robotic Process Automation (RPA)

Data Analytics Tools

BusinessObjects

Crystal Reports

SSRS

Data Visualization

IBM

MongoDB

MySQL

NoSQL

PostgreSQL

SQL Server

Oracle

Big Data

Agile

Business Analysis

ITIL

IT Leadership

Project Management

Amazon Web Services (AWS)

Azure

GCP

Beginning OpenStack

Introduction to Terraform

Terraform Cloud

API Design

Programming in C++

Introduction to Clojure Programming

Erlang

Go Programming

Introduction to Lua Programming

Introduction to Ruby on Rails

Rust

Scala Programming for Java Developers

Software Design

Java

Python

Microsoft Official Curriculum (MOC)

.NET Development

SharePoint

Microsoft Server Platforms

Microsoft Applications

Secure Coding

Microsoft Security

Security Certifications

Server Security

Web Application Security

AWS Security

Ansible

Introduction to Apache Maven

Chef Infra Fundamentals

Docker and Kubernetes

DevOps CI/CD Pipeline

DevOps Institute Certification

Git

Introduction to the Gradle Build System

Jenkins

Jira & Confluence

Linux

Microservices

SaltStack and Salt Open Source Administration

Delivering Products Using Azure DevOps and Scrum

Designing and Implementing Microsoft DevOps Solutions (AZ-400)

Application Lifecycle Management Using Azure DevOps Server

Salesforce End User

Salesforce Administration

Salesforce Developer

Salesforce Cloud

Salesforce Einstein and Salesforce Platform

Remote Conferencing Tools

Writing and Communication

UX