Courses and Conferences

DTI Main Reception

Do you need help?

  • Gregersensvej 8
  • 2630 Taastrup
Google MapsApple MapsRejseplanen
  • Forskerparken Fyn, Forskerparken 10F
  • 5230 Odense M
Google MapsApple MapsRejseplanen
  • Teknologiparken Kongsvang Allé 29
  • 8000 Aarhus C
Google MapsApple MapsRejseplanen
  • NordsøcentretPostboks 104
  • 9850Hirtshals
Google MapsApple MapsRejseplanen
  • Gammel Ålbovej 1
  • 6092Sønder Stenderup
Google MapsApple MapsRejseplanen
3 days virtual course

Masterclass: Secure Coding Techniques using .NET [SCT]

During this course, you will learn and practice all important .NET security features (with special focus on web applications), ways of hacking applications and reviewing the code with security in mind. We will start by talking about security as a process – covering most important aspects of latest Microsoft SDL guidance, tools, architecture and design practices.

Evaluation

3stars

All course activities vil be evaluated by the participants

The evaluation is based on: 4 participants

>> Available in Danish <<

We will go through everything that each .NET developer needs to know about secure coding practices with newest tools and services (Visual Studio 2017, TFS 2018 or Azure DevOps). We will spend most of our time talking about securing ASP.NET applications and issues frequently observed. You will learn about OWASP TOP 10 – most critical web application security vulnerabilities, see them in practice (in ASP.NET) and mitigate the risks. We will see how to hack web applications by using various techniques and learn how to prevent those risks.

You will learn about the latest version of ASP.NET Identity – modern framework for securing ASP.NET applications. We will cover fundamentals of ASP.NET Web API and see modern ways of protecting them by OAUTH 2, OpenID and claims-based authentication. At the end you will see how to put all the knowledge in practice to conduct code reviews.

Content

Module 1: Security as a process
  • Microsoft Security Development Lifecycle fundamentals (v 5.2)
  • Threat modeling
  • SDL Process Template for TFS 2018
Module 2: .NET Security Features
  • Code Access Security and other security features in .NET 4.8
  • Security features of .Net Core
  • Encryption
  • Protecting data
  • Obfuscation
  • Secure coding guidelines
Module 3: General web application security issues
  • OWASP TOP 10 by example
  • Hacking your web application
  • Module 4: SQL Security
  • SQL Server security features
  • Security and encryption in SQL Server 2022
  • Module 5: ASP.NET Security Features
  • ASP.NET MVC security
  • Web Forms security
  • ASP.NET Identity
Module 6 Securing Web APIs
  • ASP.NET Web API 2 fundamentals, OWIN
  • Web API Security
  • OAUTH 2, OpenID Connect
  • JWT, claims-based authentication, federated authentication
Module 7: Secure Web API Clients
  • Fundamentals and security of AngularJS applications
  • Mobile applications security
  • Module 8: Code reviews
  • Conducting a code review - in practice
  • Security checklists
  • Code reviews - lessons learned
  • Working with Azure DevOps

Materials

Authors’ unique tools, presentation slides with notes, workshop instructions

CPE Points (Continuing Professional Education)

It will be possible to earn CPE points after completion this course.

Form

Virtual delivery with live trainer

Before you participate on a virtual course, we always try to arrange a 15 - 20 minute test session with the participants a week before to make sure that everyone is capable to attend the Masterclass. Below you will find the technical requirements for connecting to the virtual training:

  • A computer with a stable internet connection (preferably Windows or Mac OS)
  • Permissions for outgoing RDP connections to external servers (to our lab environment) – port 3389
  • A headset (headphones + microphone)
  • Webcam (built-in or plug-in)
  • Additional monitor will be helpful but it’s not required

Instructor

Paula Janus
Paula Januszkiewicz is a word-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor.

 

Do you have any questions please contact