Implementing Security for Applications
Course
Inhouse
Description
-
Type
Course
-
Methodology
Inhouse
-
Duration
5 Days
This five-day instructor-led class providesstudents with a thorough grounding in Microsoft .NET security implementation andgeneral development security best practices. This course will prepare a studentto take the Implementing Security for Applications exam (available in MicrosoftVisual Basic® .NET 70-330 and Microsoft Visual C#® 70-340). Suitable for: This course is intended for experienced,professional application developers, including those employed by softwarecompanies or working on corporate development teams.
About this course
Before attending this course, students. Should have a minimum of 1 year of experience using Microsoft Visual Studio® .NET 2003 (.NET Framework 1.1) and 2-3 years of additional development experience. Should be experienced in either Visual Basic .NET or Visual C#.
Reviews
Course programme
This five-day instructor-led class providesstudents with a thorough grounding in Microsoft .NET security implementation andgeneral development security best practices. This course will prepare a studentto take the Implementing Security for Applications exam (available in MicrosoftVisual Basic® .NET 70-330 and Microsoft Visual C#® 70-340).
Audience
This course is intended for experienced,professional application developers, including those employed by softwarecompanies or working on corporate development teams.
At Course Completion
After completing this course, students will beable to:
Explain the basic concept of application security.
Implement platform security best practices.
Implement coding security best practices.
Implement security using CLR and application domains.
Implement role-based security by using the Microsoft .NET Framework.
Implement CAS to secure applications.
Implement cryptography in .NET.
Improve the Security of remote applications built on the .NET Framework.
Improve the Security of ASP.NET applications.
Manage and configure security policies using Framework tools.
Test application security.
Deploy applications in a manner that minimizes security risks.
Prerequisites
Before attending this course, students:
Should have a minimum of 1 year of experience using Microsoft Visual Studio® .NET 2003 (.NET Framework 1.1) and 2-3 years of additional development experience.
Should be experienced in either Visual Basic .NET or Visual C#.
Microsoft Certified Professional Exams
This course will help the student prepare for thefollowing Microsoft Certified Professional exams:
Exam 70-330 : Implementing Security for Applications with Microsoft Visual Basic .NET
Exam 70-340 : Implementing Security for Applications with Microsoft Visual C# .NET
Course Materials
The student kit includes a comprehensive workbookand other necessary materials for this class.
Course Outline
Module1: Overview of Application Security
This module introduces students to the concept ofapplication security. It explains the importance of security and the variousapplication security loopholes. The module discusses the essential componentsof a successful Secure Development Process, such as threat modeling and threatmitigation. In addition, the module explains the security best practices.
Lessons
The Importance of Application Security
Application Security Best Practices
Lab:Threat Modeling and Threat Mitigation
After completing this module, students will be ableto:
Explain the basic concept of application security
Module2: Implementing Platform Security Best Practices
This module focuses on implementing platformsecurity best practices. It discusses the concept of ACLs and DACLs and enablesstudents to use various built-in functions for implementing platform securityusing ACLs and DACLs. The module also explains how to create custom accountswith least privilege for running Microsoft ASP.NET applications and how to viewaudit trails. In addition, the module explains how to implement securitydefaults in an application. Finally, the module discusses the use of digitalcertificates and signatures and how to implement platform cryptography.
Lessons
Security Best Practices for COM+, IIS, and SQL Server 2000
Using ACLs and DACLs
Using Windows Least-Privilege Accounts
Using Audit Trails
Implementing Platform Cryptography
Implementing Data Protection
Lab:Using ACLs and DPAPI
After completing this module, students will be ableto:
Implement platform security best practices
Module3: Implementing Coding Security Best Practices
This module focuses on implementing coding securitybest practices. It enables students to validate application input for securingapplications. The module also discusses how to secure local and third-partycomponents and evaluate canonicalization issues. In addition, the moduleenables students to implement error-handling guidelines to defend againstsecurity exceptions.
Lessons
Validating Application Input
Evaluating Canonicalization Issues
Using Security Exceptions
Lab:Verifying User Input
After completing this module, students will be ableto:
Implement coding security best practices
Module4: Using .NET Framework Security Features
This module focuses on .NET Framework security features.It explains how to use stack walks to defend against lurking attacks. Inaddition, the module enables students to implement security using applicationdomains.
Lessons
Implementing CLR Security Mechanism
Implementing Security Using Application Domains
Lab:Invoking a Third-Party Assembly in Application Domain
After completing this module, students will be ableto:
Implement security using CLR and application domains
Module5: Implementing Role-based Security
This module discusses programming techniques forimplementing role-based security by using the Microsoft .NET Framework.
Lessons
Basics of Role-Based Security
Role-Based Security with Principal and Identity Objects
Role-Based Security with Permission Objects
Lab:Implementing Role-based Security
After completing this module, students will be able to :
Implement role-based security by using the Microsoft .NET Framework
Module6: Implementing Code-Access Security
This module focuses on implementing CAS. Itexplains how to work with code access permissions and apply CAS checks. Inaddition, the module discusses the default membership conditions and the fourCAS policy levels.
Lessons
Overview of Code-Access Security
Performing Basic Security Operations
Performing Imperative Security Operations
Performing Declarative Security Operations
Adding Permission Requests
Lab:Implementing Code-Access Security
After completing this module, students will be ableto:
Implement CAS to secure applications
Module7: Implementing Cryptography in .NET
This module focuses on implementing symmetric andasymmetric cryptography to secure .NET applications.
Lessons
Implementing Symmetric Cryptography
Implementing Asymmetric Cryptography
Lab:Implementing Symmetric and Asymmetric Cryptography
After completing this module, students will be ableto:
Implement cryptography in .NET
Module8: Securing ASP.NET Applications
This module focuses on securing ASP.NETapplications. It discusses the various ASP.NET security features, such asauthentication, authorization and impersonation, and how to implement each ofthese security features. In addition, the module explains how to secure Webfiles and folders.
Lessons
Implementing Authentication in ASP.NET Applications
Implementing Authorization in ASP.NET Applications
Implementing Impersonation in ASP.NET Applications
Securing Web Files and Folders
Lab:Securing ASP.NET Applications Using Form Authentication and SQL Server
After completing this module, students will be ableto:
Secure ASP.NET applications
Module9: Securing Remote .NET Applications
This module focuses on securing remote .NETapplications. The module enables students to implement Web ServiceEnhancements. It also explains how to configure remoting for security.
Lessons
Introducing .NET Application Security
Implementing Authentication and Authorization in .NET Remoting Applications
Introducing Web Service Security
Implementing WS Security
Lab:Securing Remote .NET Applications
After completing this module, students will be ableto:
Secure remote .NET applications
Module10: Configuring .NET Security
This module focuses on configuring security using .NETtools. It explains how to manage security policies using Mscorcfg.msc andCaspol.exe.
Lessons
Managing Security Policies Using Mscorcfg.msc
Managing Security Policy Levels Using Mscorcfg.msc
Lab:Configuring .NET Security
After completing this module, students will be ableto:
Manage and configure security policies using .NET Framework tools
Module11: Implementing Security Testing
This module focuses on testing applicationsecurity. It explains the need for security testing and discusses the bestpractices to be followed for security testing. The module also explains how toassess application security by using techniques such as footprint analysis andpenetration testing. In addition, the module enables students to testapplication security by using various security testing tools.
Lessons
Overview of Security Testing
Creating a Security Test Plan
Performing Security Testing
Lab:Testing Application Security
After completing this module, students will be able to :
Test application security
Module12: Deploying Applications with Security
This module focuses on deploying secureapplications. It enables students to sign assemblies. In addition, the module discussesstrong-named assemblies and how to configure security settings withMscorcfg.exe and Caspol.exe.
Lessons
Deploying .NET Applications with Security Settings
Deploying .NET Applications with Publisher Identity and Code Integrity
Lab:Deploying Applications with Security
After completing this module, students will be ableto:
Deploy applications in a manner that minimizes security risks.
Implementing Security for Applications