Course Details: Course author and instructor: Keith Brown Course duration: Four days, 9am-5pm On-site, private deliveries: Contact us to see how we can deliver this course at your company. Public offerings for individuals: If you're an individual interested in a public course, let us know your interest and location so that we can schedule a public course in your area. We offer training worldwide. Programming language: C# Technologies covered: Windows Security Fundamentals IIS and ASP.NET Security .NET Code Access Security .NET Role Based Security Web Service Enhancements (WSE)

Writing secure web applications requires a well-rounded set of skills. From threat modeling and robust coding techniques to network authentication protocols, you'll learn what you need to know to build distributed applications that can withstand attacks from adversaries ranging from script kiddies to highly paid corporate spies. This class talks about real security, where technology is only one piece of the puzzle. We don't sugar coat the story: you can't buy security. It's not a product or a technology. But if you invest some time and effort to understand the problem, you can learn to use the technologies available to you and build a solution that fits your needs.

• Threat Modeling
• Least Privilege on the Server
• Input Trust
• Managing Secrets
• Authentication
• Authorization
• Securing Web Services with WSE
• Securing Network Communication
• Least Privilege on the Desktop
• Using Cryptography in .NET
• Guiding Principles and Best Practices

Who Should Attend

This course is targeted primarily at architects and developers who need to know how to build secure web applications, but highly technical system administrators who need to deploy these applications will also want to attend.

Questions this course will answer:

• How do I choose from the many authentication techniques available in IIS?
• How can I implement integrated security with SQL Server?
• Can I pass client credentials through to the database?
• What simple techniques can I use to avoid Cross Site Scripting and SQL Injection vulnerabilities?
• How do I avoid vulnerabilities that haven’t even been discovered yet?
• How do I choose an identity to use for my web worker process and database?
• How can I secure a web service? Should I use WS-Security? How?
• What crypto algorithms and key lengths should I be using today?
• What new security features should I be aware of in .NET v2.0?

Prerequisites:

The more familiar you are with the basics of data-driven web applications, the more comfortable you'll feel with the lectures. This includes experience with IIS and SQL Server (or similar database). If you want to do the labs, you'll need to be comfortable with C# and the .NET Framework, ASP.NET and database programming.

What you should expect to learn:

You will learn the fundamentals of designing and implementing web applications with security techniques that include authentication, authorization, privacy, integrity and confidentiality, least privilege and defense in depth. Wherever possible we will demonstrate real attacks to motivate why these features are important.

For more information on offerings of this course, contact Pluralsight.