McCullough & Associates | Training | Consulting

(972) 712-7103

Secure By Default ASP.Net

Take this class

Click here to request this course on a different date.

Many developers have already been exposed to secure coding and vulnerability training.  This course builds on that “bolted on” exposure to create a “baked in” security environment.  Experience shows that when developers have to make specific effort to secure applications, often the effort is directed elsewhere.  This course leverages best practices to provide a “secure by default” application.

This course presents a progress report on how the industry is reacting to attackers, then reviews the OWASP top 10 and other vulnerabilities. Then, we proceed with a “secure by default” implementation leveraging Test Driven Development, Object modeling and ORM, and finally a web application.

Audience

Developers should be familiar with .Net programming (C# or Vb.Net)

Length: 1 Day

Outline

  • Security Progress report
  • PCI DSS review
  • OWASP top 10 + others security review
  • Case study
    • Requirements
    • Unit tests
    • Object model
    • Persistence
    • User Interface
  • Review of the case study application’s vulnerabilities
    • Injection
    • XSS
    • Authentication
    • Direct Object Reference
    • CSRF
    • Unauthorized access
    • Data protection
    • Configuration
    • Validation
    • Other
  • Review