Microsoft Security Guidance Training for Developers

Training

In Bath and London

£ 390 + VAT

Description

  • Duration

    1 Day

After completing this clinic, students will be able to understand the historical implications of Trustworthy Computing; identify potentially hostile applications; identify common types of attacks; understand the consequences of poor security; recognize examples of security intrusions; identify challenges involved in implementing security; understand the need for process improvement. Suitable for: This clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Attendees will be professional developers who are responsible for designing and developing applications, components, clients, or back-end data services written in Microsoft Visual Basic, Microsoft Visual C++, or C#.

Facilities

Location

Start date

Bath (Somerset)
3 Kelso Place, Upper Bristol Road, BA1 3AU

Start date

On request
London
See map
Valiant House, 4-10 Heneage Lane, EC3A 5DQ

Start date

On request

About this course

Before attending this clinic, students must have the following pre-requisites:Development experience with Microsoft Visual Basic, Microsoft Visual C++, or C#Experience building Microsoft Windows or Web applications using the .NET Framework.

Questions & Answers

Add your question

Our advisors and other users will be able to reply to you

Who would you like to address this question to?

Fill in your details to get a reply

We will only publish your name and question

Reviews

Course programme

Target Audience
This clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Attendees will be professional developers who are responsible for designing and developing applications, components, clients, or back-end data services written in Microsoft Visual Basic, Microsoft Visual C++, or C#.

Pre-Requisites
Before attending this clinic, students must have the following pre-requisites:Development experience with Microsoft Visual Basic, Microsoft Visual C++, or C#Experience building Microsoft Windows or Web applications using the .NET Framework.

Purpose
After completing this clinic, students will be able to understand the historical implications of Trustworthy Computing; identify potentially hostile applications; identify common types of attacks; understand the consequences of poor security; recognize examples of security intrusions; identify challenges involved in implementing security; understand the need for process improvement throughout the development process; describe the security framework; understand the secure product development timeline; describe the principles of designing with security in mind; understand the importance of data security; identify threat scenarios; target who we are defending against; describe common types of attacks; describe Microsoft .NET Framework security features; explain how code access security works; explain how role-based security works; explain how to use cryptography to sign and verify data; enhance security for ASP.NET Web applications; enhance security for ASP.NET Web services; apply appropriate tips for writing secure code with the .NET Framework.

Course outline
  1. Essentials of Application Security
  2. Writing Secure Code - Best Practices
  3. Writing Secure Code - Threat Defense
  4. Implementing Application Security Using the .NET Framework
Module 1:Essentials of Application Security
  • This session provides the knowledge and skills essential for the creation of applications with enhanced security. The session covers important security concepts and the need for implementing security at every stage of the development process. Additionally, this session describes how to use the various security technologies to increase data and communications security.
  • The Importance of Application Security
  • Secure Application Development Practices
  • Security Technologies
  • Secure Development Guidelines
Module 2:Writing Secure Code - Best Practices
  • This session identifies best practices for applying security principles throughout the development process. The session also describes established threat modeling methodologies and tools and how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.
  • Secure Development Process
  • Threat Modeling
  • Risk Mitigation
  • Security Best Practices
Module 3:Writing Secure Code - Threat Defense
  • This session builds upon existing knowledge of secure coding best practices and threat modeling to identify a variety of threat scenarios. The session covers effective strategies for defending common security threats such as buffer overruns, cross-site scripting, SQL injection, and denial of service attacks.
  • The Need For Secure Code
  • Defending Against Memory Issues
  • Defending Against Arithmetic Errors
  • Defending Against Cross-Site Scripting
  • Defending Against SQL Injection
  • Defending Against Canonicalization Issues
  • Defending Against Cryptography Weaknesses
  • Defending Against Unicode Issues
  • Defending Against Denial of Service
Module 4:Implementing Application Security Using the .NET Framework
  • This session describes how to implement additional security features for applications that are built on the .NET Framework. The session describes how to use both code access security and role-based security to limit vulnerabilities and how to use the cryptographic provider support in the .NET Framework to encrypt and sign data. In addition, the session explains how to secure Web applications and Web services that are built by using ASP.NET.
  • .NET Framework Security Features
  • Code Access Security
  • Role-Based Security
  • Cryptography
  • Securing ASP.NET Web Applications
  • Securing ASP.NET Web Services
Module 5:

Microsoft Security Guidance Training for Developers

£ 390 + VAT