.Net Secure Coding Course
In this course you will learn about important cybersecurity issues and get practical experience through tutorials taught by experts and real-world scenarios.
Course Description
In this course you will learn about important cybersecurity issues and get practical experience through tutorials taught by experts and real-world scenarios.
The curriculum in this course has been carefully crafted to test and deepen your knowledge of cybersecurity inside the.NET framework. Students will also actively participate in intense workshops that address online application security, ethical hacking, and bug hunting.
Course Objectives :
- Create moral bug-hunting strategies that facilitate the responsible identification and repair of vulnerabilities.
- To strengthen your security toolkit, make use of industry-standard programs like Visual Studio and.NET Cryptography.
- To properly protect your company, understand the fundamentals of cybersecurity and keep up with the always changing threat landscape.
Prerequisites:
- All participants must have experience in programming languages like C# and .NET Core.
Course Audience:
- This .NET Secure Coding Camp is tailored for experienced and skilled .NET developers, software engineers, architects, and IT professionals, including security analysts, security engineers, and DevOps team members.
Course Outline:
Hunting bugs foundation
- The language and changing landscape of cybersecurity.
- First Axion in Web Application Security Analysis&Addressing ALL Security Concerns.
Safe and Appropriate Bug Hunting/Hacking
- Work ethically.
- Bug/Defect Notification& bug hunting pitfalls.
Scanning Web Applications
- Scanning application and beyond overview.
- Techniques of data collection.
Moving Forward from Hunting Bugs
- Web Application Security Consortium (WASC)
- Allow Listing vs. Deny Listing
- Potential Consequences
Bug Stomping 101
- CWE-787, 125, 20, 416, 434, 190, 476 and 119
- Allow Listing vs. Deny Listing
- Potential Consequences
Broken Access Control
- CWE-22, 352, 862, 276, and 732
- Understand unprotected URL/Resource Access
- Understand and Defend Against CSRF
- Elevation of Privileges
Cryptographic Failures
- CWE-200
- Identify Protection Needs
- Keys and Key Management
- Weak Cryptographic Processing
Injection
- CWE-79, 78, 89, and 77
- Minimizing Server-Side Injection Flaws
- Best Practices for Untrusted Data
Insecure Design
- Secure and safe various Software Development Process’s
- Learn and apply principles for Securing All Designs
- Actionable Application Security and additional tools for tool box
Security Misconfiguration
- System Hardening: IA Mitigation
- Minimalist Configurations
- Segmentation with Containers and Cloud
- CWE-611
- Safe XML Processing
Stomping Bugs 102
- Vulnerable and Outdated Components
- Problems with Vulnerable Components
- Manage Updates: Balance Risk and Timeliness
Identification and Authentication Failures
- CWE-306, 287, 798 and 522
- Quality and Protection of Authentication Data
- Multifactor Authentication
- Handling Passwords on the Server Side
Software and Data Integrity Failures
- CWE-502
- Software Integrity Issues and Defenses
- Protect Software Development Resources
- Serialization/Deserialization
Security Logging and Monitoring Failures
- Detect threats and Active Attacks
- Safe Logging in Support of Forensics
Server-Side Request Forgeries (SSRF)
- CWE-918
- Understand and complexities SSRF
- Brief description of SSRF Defense
Moving Forward with Application Security
- Common Vulnerabilities and Exposures
- Strength Training: Project Teams/Developers& IT Organizations
.NET Secure Coding Issues and Best Practices
- .Net Permissions
- Proper Exception Handling
- ActiveX Controls
Exploring .Net Cryptography
- .Net Cryptographic Services
- Encrypt data symmetrically
- Encryptdata asymmetrically