Secure Coding in .NET: Applications Training

Commitment 4 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


This comprehensive four-day Secure Coding in .NET: Applications Training (ASP.NET/C#/VB.NET)  Seminar is designed to educate professional programmers on the skills necessary to develop and deploy secure applications. You will learn about potential security issues through concrete, hands-on examples of vulnerable code.

You’ll learn which poor programming practices lead to vulnerable code, how to code securely, and how to maintain secure development practices throughout the development life cycle. You’ll sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing, and securing real-world applications. You’ll also be given the opportunity to participate in securing and testing applications through a progression of “challenge scenarios” alternating assignments as “attackers” and “defenders” of applications.

  • 4 days of Secure Coding in .NET: Applications Training with an expert instructor
  • Secure Coding in .NET: Applications Electronic Course Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee



Upon completing this Secure Coding in .NET: Applications Training course, learners will be able to meet these objectives:

  • Common web application exposures and attacks
  • Compliance for the OWASP Top 10 training component in the PCI DSS standard
  • Static analysis techniques for quickly finding web application flaws
  • Secure use of C#/VB.NET API
  • How to code defensively and perform proper input validation
  • We can adapt this Secure Coding in .NET: Applications Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Secure Coding in .NET: Applications course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Secure Coding in .NET: Applications course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in .NET: Applications course in a manner understandable to lay audiences.

This Secure Coding in .NET: Applications Training course is intended for:

  • .NET application developers
  • C# programmers
  • ASP.NET developers
  • Managers, architects, and technologists involved in deploying .NET applications
  • Anyone interested in learning more about secure .NET coding

The knowledge and skills that a learner must have before attending this Secure Coding in .NET: Applications course are:

  • Roughly 12-24 months of experience working with .NET applications is recommended. You should have an understanding of web applications, web programming concepts, and experience building web applications using the .NET Framework. A basic understanding of IT security principles is recommended but not required.


Course Introduction
  • Web application environment and components
  • General web application security concepts
  • .NET Framework security features
Input validation and encoding
  • Input-driven attacks
  • Validation best practices
  • Output encoding
  • Secure Coding in .NET: Applications Training
Authentication, authorization, and session management
  • Common authentication weaknesses
  • Authorization best practices
  • Controlling application access
  • Password security
  • Session hijacking and trapping
  • Protecting user sessions and tokens
  • Canonicalization problems
  • Parameter manipulation
Encryption, confidentiality, and data protection
  • Cookie-based attacks
  • Protecting application variables
  • Cache-control issues
  • SSL best practices
  • Protecting usernames, passwords, and personally identifiable information
  • Common cryptography pitfalls
Data access
  • Secure database programming
  • Database permissions best practices
  • Parameterized queries
  • Commonly stored procedure flaws
Error handling and logging
  • Attacking via error messages
  • Secure logging and error handling
Server configuration and code management
  • Common web and app server misconfiguration
  • A common database server misconfiguration
  • Secure Coding in .NET: Applications Training
  • Protecting application code
XML web services
  • Overview of WSDL, SOAP, and AJAX
  • Web service attacks
  • AJAX pitfalls
  • Web service best practices
Application threat modeling
  • Threat modeling concepts
  • Application context
  • Identifying attacks, vulnerabilities, and countermeasures
  • Threat modeling tools
Practical security testing techniques for developers
  • Useful web application assessment tools
  • Determining the severity of vulnerabilities
  • Dealing with time constraints
Secure Coding in .NET: Applications TrainingSecure Coding in .NET: Applications Training Course Recap, Q/A, and Evaluations