Developing Security-Enhanced Web Applications - (Microsoft Training Course: 2300)
Training
Inhouse
Description
-
Type
Training
-
Methodology
Inhouse
-
Duration
3 Days
After completing this course, students will be able to Define the basic principals of, and motivations for, Web security; Perform a threat analysis of Web-accessible assets; Use knowledge of authentication, Security Identifiers (SIDs), Access Control Lists (ACLs), impersonation, and the concept of running with least privilege to help ensure access to only those system resources that are necessary. Suitable for: This course provides students with the knowledge and skills that are needed to build Web applications by using security-enhanced coding techniques. This course is intended for students who are responsible for the design and development of Web applications. These students typically have three to five years of experience in developing or designing distributed Web applications
About this course
Before attending this course, students must have the following pre-requisites:
* Familiarity with n-tier application architecture.
* Experience in developing or designing distributed Web applications.
* Experience with Microsoft C# and/or Microsoft Visual Basic .NET
* Experience in writing server-side and client-side scripts by using Active Server Pages (ASP) or Microsoft ASP.NET
* Familiarity with SQL Server 2000 and Microsoft Internet Information Services (IIS) is recommended
* In addition, it is recommended, but not required, that students have completed:
* Course 2310-Developing Web Applications Using Microsoft Visual Studio .NET
* Course 1017-Developing Web Applications Using Microsoft Visual InterDev
Reviews
Course programme
Module 1: Introduction to Web Security
- Why Build Security-Enhanced Web Applications?
- Using the STRIDE Model to Determine Threats
- Implementing Security: An Overview
-
Describe why security is an essential consideration in Web
application development.
- Describe the basic methods of cryptography, hashing, and digital signing.
-
A Design Process for Building Security-Enhanced Web Applications
-
Describe the iterative process of designing security into a Web
application and be able to describe how each step relates to the
other steps.
- Categorize and identify the most common types of attacks, the potential threat that those attacks pose to systems, services, and data within the organization, and the relationship between these threats.
- User Input
- Types of User Input Attacks
- Performing Validation
- Revealing as Little Information as Possible to the User
- Lab: Verifying User Input
-
Identify the sources of user input in a Web application.
-
Describe the security aspects of the client/server Web paradigm.
-
Implement user input verification.
-
Use communications analysis and coding best practices to avoid
providing information to users that can be leveraged for
security attacks.
-
Use proper error handling to help ensure all fallback paths are
expected, wanted, and do not suspend resource allocations.
- Reduce the impact of enialerviceDenial of Service (DoS) attacks of varying types, such as application crashing, CPU starvation, resource starvation, and bandwidth choking.
-
Introduction to Web Client Authentication
-
Configuring Access Permission for a Web Server
-
Selecting a Security-Enhanced Client Authentication Method
-
Running Services As an Authenticated User
-
Lab: Authentication and Access Control
-
Describe all of the authentication methods that are supported by
IIS and Windows 2000 Server and be able to select the best
method for a given set of requirements.
-
Use knowledge of Windows 2000 access control mechanisms and
process identification to properly configure identities for all
of the processes in an ASP/COM+ Web application processing path.
- Use knowledge of Windows 2000 access control mechanisms and process identification to properly configure resource access for the identities that are defined for a Web application.
- ASP Forms-Based Authentication
- .NET Code Access and Role-Based Security
- Overview of ASP.NET Authentication Methods
- Working with Windows-Based Authentication in ASP.NET security
- Working with ASP.NET Forms-Based Authentication
- Lab: Securing Web Pages
-
Describe the elements that make up the core security model of
the .NET Framework.
- Use security best practices and a complete understanding of the security model while implementing ASP.NET Web applications.
-
Overview of Securing Files
-
Windows Access Control
-
Creating ACLs Programmatically
-
Helping to Protect ASP.NET Web Application Files
-
Lab: Securing Files with ACLs
-
Describe how the Windows access control mechanisms are used to
help protect file system data.
-
Use the features of Windows to help protect Web application data
from tampering.
- Use ASP.NET Web.config files to restrict access to files that are located in an ASP.NET Web application.
- SQL Server Connections and Security
- SQL Server Role-Based Security
- Securing SQL Server Communication
- Preventing SQL Injection Attacks
- Lab: Securing Microsoft SQL Server Data
- Use the SQL Server Security model and ADO.NET to help protect a Web application against attacks.
-
Introduction to Cryptography
-
Working with Digital Certificates
-
Management
-
Using Secure Sockets Layer/Transport Layer Security Protocols
-
Using Internet Protocol Security
-
Lab: Obtaining a Server Certificate
-
Lab: Helping to Protect Communication Privacy and Data Integrity
- Help protect the portions of a Web application that require private communications by using SSL
- Encryption and Digital Signing Libraries
- Using CAPICOM
- Using System.Security.Cryptography Namespace to Hash Data
- Using System.Security.Cryptography Namespace to Encrypt and Sign Data
- Lab: Hashing Data
- Use one of the Cryptographic Services classes of the System.Security.Cryptography namespace to transform a block of data to cyphertext.
-
Testing Security in a Web Application
-
Creating a Security Test Plan
-
Performing Security Testing
-
Lab: Test Cases for Security Testing
-
Differentiate security testing from other types of testing.
-
Create a security test plan.
- Successfully carry out a security test plan.
- There are no exams directly associated with this course
Price Options ex VAT:
1185
Developing Security-Enhanced Web Applications - (Microsoft Training Course: 2300)