Secure Coding techniques using .NET (SCT)

During this 3-day course in 21 hours of super intensive training you will gain crucial cybersecurity knowledge and skills in terms of Secure Coding Techniques .NET. Moreover, you will be able to:

• Get the highest quality and unique learning experience – the class is limited to 10 participants by default.
• Get the opportunity to interact with our world-renowned Experts.
• Go through CQURE’s custom lab exercises and practice them after the course.
• Receive a lifelong certification after completing the course!

During 3-day instructor-led training you will learn and practice all important .NET security features (with special focus on web applications), ways of hacking applications and reviewing the code with security in mind. We will start by talking about security as a process – covering most important aspects of latest Microsoft SDL guidance, tools, architecture and design practices. Then we will go through everything that each .NET developer needs to know about secure coding practices with newest tools and services (Visual Studio 2017, TFS 2018 or Azure DevOps).

Module 1: Security as a process
1. Microsoft Security Development Lifecycle fundamentals
2. Threat modeling

Module 2: .NET Security Features
1. Code Access Security and other security features in .NET 4.8
2. Security features of .Net Core
3. Encryption
4. Protecting data
5. Obfuscation
6. Secure coding guidelines

Module 3: General web application security issues
1. OWASP Top 10 by example
2. Hacking your web application

Module 4: SQL Security
1. SQL Server security features
2. Security and encryption in SQL Server 2019

Module 5: ASP.NET Security Features
1. ASP.NET MVC security
2. Web Forms security
3. ASP.NET Identity

Module 6: Securing Web APIs
1. ASP.NET Web API 2 fundamentals, OWIN Exploit Guard (ASR)
2. Web API Security
3. OAUTH 2, OpenID Connect

Module 7: Secure Web API Clients
1. Fundamentals and security of AngularJS applications
2. Mobile applications security
3. OAUTH 2, OpenID Connect

Module 8: Code reviews
1. Conducting a code review - in practice
2. Security checklists
3. Code reviews - lessons learned
4. Working with Azure DevOps

The course is perfect for:

• enterprise administrators
• infrastructure architects
• security professionals
• systems engineers
• network administrators
• IT professionals
• security consultants

• To attend this training, you should have a good hands-on experience in administering Windows infrastructure.
• At least 8 years in the field is recommended.