Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
.Net Secure Coding Camp | Attacking and Securing C# / ASP.Net Web Applications
Description
.Net Secure Coding Camp Introduction
Unlock the potential of secure software development with the .Net Secure Coding Camp, tailor-made for experienced .NET developers. This specialized training program emphasizes the importance of cybersecurity in coding, providing an immersive environment for you to master the best practices in secure application development.
By participating in this camp, you will dive into critical cybersecurity topics, gaining hands-on experience through real-world scenarios and expert-led tutorials.
The camp’s curriculum is meticulously designed to challenge and expand your understanding of cybersecurity in the .NET framework. Engage in rigorous sessions that cover bug hunting, ethical hacking, and the security of web applications.
Our interactive, hands-on labs and case studies are crafted to help you identify, exploit, and secure vulnerabilities effectively, ensuring you can defend against and anticipate potential security breaches.
.Net Secure Coding Camp Objectives
- Master critical cybersecurity concepts and stay abreast of the evolving threat landscape to safeguard your organization effectively.
- Develop ethical bug-hunting techniques that enable responsible vulnerability discovery and mitigation.
- Identify and proactively address web application vulnerabilities following industry best practices.
- Utilize industry-standard tools like Visual Studio and .NET Cryptography to enhance your security arsenal.
- Elevate your problem-solving and debugging proficiencies to tackle intricate security challenges with confidence.
- Implement defensive programming techniques, fortifying your .NET applications against potential threats.
Prerequisites
- To succeed in this program, students should have prior training or equivalent experience in programming in C#, creating apps in C#, and .Net Core.
Audience
This intermediate-level .Net Secure Coding Camp is designed for:
- Experienced .NET Developers
- Software Engineers and Architects
- IT Professionals: Security Analysts, Security Engineers, DevOps Team Members
.Net Secure Coding Camp Outline
Hunting Bugs Foundation
Why Hunt Bugs?
The Language of Cybersecurity
The Changing Cybersecurity Landscape
AppSec Dissection of SolarWinds
The Human Perimeter
First Axiom in Web Application Security Analysis
First Axiom in Addressing ALL Security Concerns
Safe and Appropriate Bug Hunting/Hacking
Warning to All Bug Hunters
Working Ethically
Respecting Privacy
Bug/Defect Notification
Bug Hunting Pitfalls
Scanning Web Applications
Scanning Applications Overview
Scanning Beyond the Applications
Fingerprinting
Vulnerability Scanning: Hunting for Bugs
Reconnaissance Goals
Data Collection Techniques
Fingerprinting the Environment
Enumerating the Web Application
Moving Forward from Hunting Bugs
Removing Bugs
Open Web Application Security Project (OWASP)
OWASP Top Ten Overview
Web Application Security Consortium (WASC)
Common Weaknesses Enumeration (CWE)
CERT Secure Coding Standard
Microsoft Security Response Center
Software-Specific Threat Intelligence
Bug Stomping 101
Unvalidated Data
CWE-787, 125, 20, 416, 434, 190, 476 and 119
Potential Consequences
Defining and Defending Trust Boundaries
Rigorous, Positive Specifications
Allow Listing vs. Deny Listing
Challenges: Free-form text, Email Addresses, and Uploaded Files
Broken Access Control
CWE-22, 352, 862, 276, and 732
Elevation of Privileges
Insufficient Flow Control
Unprotected URL/Resource Access/Forceful Browsing
Metadata Manipulation (Session Cookies and JWTs)
Understanding and Defending Against CSRF
CORS Misconfiguration Issues
Cryptographic Failures
CWE-200
Identifying Protection Needs
Evolving Privacy Considerations
Options for Protecting Data
Transport/Message Level Security
Weak Cryptographic Processing
Keys and Key Management
NIST Recommendations
Injection
CWE-79, 78, 89, and 77
Pattern for All Injection Flaws
Misconceptions With SQL Injection Defenses
Drill Down on Stored Procedures
Other Forms of Server-Side Injection
Minimizing Server-Side Injection Flaws
Client-side Injection: XSS
Persistent, Reflective, and DOM-Based XSS
Best Practices for Untrusted Data
Insecure Design
Secure Software Development Processes
Shifting Left
Principles for Securing All Designs
Leveraging Common AppSec Practices and Control
Paralysis by Analysis
Actionable Application Security
Additional Tools for the Toolbox
Security Misconfiguration
System Hardening: IA Mitigation
Risks with Internet-Connected Resources
Minimalist Configurations
Application Allow Listing
Secure Baseline
Segmentation with Containers and Cloud
CWE-611
Safe XML Processing
Stomping Bugs 102
Vulnerable and Outdated Components
Problems with Vulnerable Components
Software Inventory
Managing Updates: Balancing Risk and Timeliness
Virtual Patching
Dissection of Ongoing Exploits
Identification and Authentication Failures
CWE-306, 287, 798 and 522
Quality and Protection of Authentication Data
Anti-Automation Defenses
Multifactor Authentication
Proper Hashing of Passwords
Handling Passwords on the Server Side
Software and Data Integrity Failures
CWE-502
Software Integrity Issues and Defenses
Using Trusted Repositories
CI/CD Pipeline Issues
Protecting Software Development Resources
Serialization/Deserialization
Security Logging and Monitoring Failures
Detecting Threats and Active Attacks
Best Practices for Logging and Logs
Safe Logging in Support of Forensics
Server-Side Request Forgeries (SSRF)
CWE-918
Understanding SSRF
Remote Resource Access Scenarios
Complexity of Cloud Services
SSRF Defense in Depth
Positive Allow Lists
Moving Forward with Application Security
Applications: What Next?
Common Vulnerabilities and Exposures
CWE Top 25 Most Dangerous SW Errors
Strength Training: Project Teams/Developers
Strength Training: IT Organizations
.NET Secure Coding Issues and Best Practices
Managed Code and Buffer Overflows
.Net Permissions
ActiveX Controls
Proper Exception Handling
Exploring .Net Cryptography
.Net Cryptographic Services
The role of cryptographic services
Hash algorithms and hash codes
Encrypting data symmetrically
Encrypting data asymmetrically
$2495.00
|
4 Days Course |