.NET Training: Building Secure Applications


Course Delivery

Live Instructor-Led Training

Course Description

The course Building Secure Applications (.NET Training) teaches you build secure code which is resistant to hacker attacks. As applications become a more an more important part of our professional lives, security vulnerabilities become a key liability. The training includes encryption & message digests, code access security, authentication, session management, authorization and role based security. The course concludes with a study of symmetric % asymmetric encryption together with common hacks and security vulnerabilities such as SQL Injection, XSS scripting & session hijacking to name a few.

Course Dates and Pricing


Jan 22 - 24, 2025$3,350.00Feb 19 - 21, 2025$3,350.00Mar 19 - 21, 2025$3,350.00Apr 23 - 25, 2025$3,350.00May 21 - 23, 2025$3,350.00Jun 18 - 20, 2025$3,350.00Jul 23 - 25, 2025$3,350.00

Course Outline

Introduction and Overview

What are Web Applications and Web Services?
About the Underlying Technology of Applications and Services
A Few Important Definitions: Risk, Threats and Vulnerabilities
An Overview of Risk Assessment and Management Techniques
About Measuring the Risk
About Dealing with Risk

Security Guidelines

Input and Output Validation
About Secure Failure
The Need for Simplicity
Reusing Trusted Components
About Predictive Defence
The Weakest Link Principle
Obscuring Components doesn’t make them Secure
About Least Privilege
About Compartmentalization
About the Architecture: Operating System, Infrastructure and Application
Security Architecture of .NET or Java

Authentication

Types of Authentication
Overview of Browser Limitations
Certificate Basics: Public Keys, Private Keys and Certificates
Exploring Authentication Types: Basic, Digest, Forms and Certificate Based
Using Cookies for Entity Authentication
Using DNS for Infrastructure Authentication
About Password Based Authentication Systems
Implementing Authentication in .NET or Java

Managing User Sessions

All you ever wanted to know about Cookies: Persistence, Security and Usage
All you ever wanted to know about the Session Token
Session Management: Using a Session Timeout
Session Management: Regeneration of Session Token
Session Management: Session Forging or Lockout
Session Management: Re-authentication
Session Management: Session Token Transmission
Session Management: Page Tokens
Session Management: Session Tokens on Logout
Using SSL: The SSL Handshake in Detail
Session Management in .NET or Java

Access Control

Discretionary Access Control
Mandatory Access Control
Role Based Access Control
Access Control in .NET or Java

Event Logging

The Importance of Logging Events
About Event Management
Logging Events in .NET or Java

Data Validation

The Architecture of Data Validation
Why Client Validation should not be relied upon
Validation Techniques: Accept Only Known Valid Data
Validation Techniques: Reject Known Bad Data
Validation Techniques: Sanitize all Data
Overview of Business Tier Validation Techniques in .NET or Java
Overview of Data Tier Validation Techniques in .NET or Java
Implementing a Complete Validation Solution based on Enterprise Technologies

Preventing Common Problems

About the Meta Character Problem
About Cross-Site Scripting: Description and Mitigation
Direct SQL Command: Description and Mitigation
Direct OS Command: Description and Mitigation
Path Traversal and Path Disclosure: Description and Mitigation
NULL Bytes: Description and Mitigation
Canonicalization Attacks: Description and Mitigation
URL Encoding: Description and Mitigation
Cookie Manipulation: Description and Mitigation
HTTP Header Manipulation: Description and Mitigation
HTML Form Field Manipulation: Description and Mitigation
URL Manipulation: Description and Mitigation

Other Problems

HTML Comments
Vendor Patches
System Configuration
Unused Files
Debug Commands
Default Accounts

The Need for Privacy

About Web Browsers and Personal Data
About Shared Web Browsers
Protecting Personal Data
Enhanced Browser Privacy
About Browser History and Related Settings

About Cryptography

Symmetric versus Asymmetric Cryptography
Public Keys, Private Keys and Certificates
About SSL
About Digital Signatures and Hash Values
Implementing a Complete Cryptographic Solution with .NET or Java

Course Locations

  • Ottawa

  • Montreal

  • Toronto

Related IT Security Training

IT Security Training: Essential Concepts

The course Essential Concepts (IT Security Training) introduces the art and science of IT security. The training begins with an overview of IT security management and its various disciplines. The course then discusses threat types & the complete Plan, Detect, Respond and Protect lifecycle. The training includes the use of firewalls, anti-virus, information security policies, user management, network management & more. If you to create, publish, implement and maintain a corporate Information Security Policy, this is the course for you. Training course titled IT Security Training: Essential Concepts that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

IT Security Training: Offensive & Defensive Hack Proofing

The course Offensive & Defensive Hack Proofing (IT Security Training) is an introduction to white hat hacking. The course teaches you how to perform every stage of the hacking process so that you may protect your environment. The training includes tools for information gathering & target scoping, target discover & enumeration, vulnerability mapping & social engineering. You are taught how to use the Metasploit Framework to perform target identification & exploitation so that you may stop it from happening to you. The progressive & hands-on practical lab allow you to execute a hack from initial identification to privilege escalation & maintenance. Stop hackers in their tracks today! Training course titled IT Security Training: Offensive & Defensive Hack Proofing that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

IT Security Training: The Definitive Boot Camp

The course The Definitive Boot Camp (IT Security Training) provides an introduction to the complex world of IT security. Corporate IT systems are more at risk today than they have ever been. The availability of information and the increased appetite for information and data requires organizations to expose their systems more and more to the vagaries of public consumption. This level of access means that an increasing number of people can compromise corporate data and IT infrastructure. Therefore, it is more important than ever for all employees to have a good understanding of the concepts and technologies that allow enforcement of the organization’s security policy. Why take the risk? Familiarize yourself and your staff with the many IT security concepts and technologies that protect you every day. Training course titled IT Security Training: The Definitive Boot Camp that will allow you to hone your professional skills.

Jan 27 - 28, 2025$1,500.00Feb 24 - 25, 2025$1,500.00Mar 24 - 25, 2025$1,500.00Apr 28 - 29, 2025$1,500.00May 26 - 27, 2025$1,500.00Jun 23 - 24, 2025$1,500.00Jul 28 - 29, 2025$1,500.00

Server 2022 Training: Mastering Active Directory

The course Mastering Active Directory (Server 2019 Training) explores the design & implementation of Domains & Forests using Active Directory Domain Services with Windows Server 2019. The training includes active directory installation & configuration, domain & forest design & implementation as well as the creation & maintenance of Active Directory users & security groups. The course covers Active Directory schemas & fields, RODCs, global catalog servers, Active Directory replication, GPOs & GPO templates, Nano Servers, Server Virtualization and more. Training course titled Server 2022 Training: Mastering Active Directory that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

Cisco Training: Mastering Network Security

The course Mastering Network Security (Cisco Training) delves into the details of Cisco network security. Every aspect of the security policy implementation is covered, starting with basic protocol considerations to the use of firewalls, IPS and IPv6. The training includes ACLs, tunneling and routing protocols. Training course titled Cisco Training: Mastering Network Security that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

Cybersecurity Training: Protecting your Digital Identity

Protect Yourself! Cybercrime and data breaches are growing by double digit percentages every year. Sophisticated attackers use ransomware, malware, brute force attacks, spear-phishing, social engineering and more to steal your money, your reputation and your identity. This 1 day online event will help you understand how cyber-criminals do what they do. You will learn about simple & effective techniques that will help you protect yourself in the digital jungle. Training course titled Cybersecurity Training: Protecting your Digital Identity that will allow you to hone your professional skills.

Jan 27 - 27, 2025$850.00Feb 24 - 24, 2025$850.00Mar 24 - 24, 2025$850.00Apr 28 - 28, 2025$850.00May 26 - 26, 2025$850.00Jun 23 - 23, 2025$850.00Jul 28 - 28, 2025$850.00

IT Security Training: Advanced Hacking and Intrusion Detection

The course Advanced Hacking and Intrusion Detection (IT Security Training) explores advanced hacking from an offensive security perpsective. The course covers hacking with Metasploit and discussed common attack techniques including SQL Injection, Cross-Site Scripting, Phishing, Spoofing & more. The training also discusses how to plan & implement an Intrusion Detection System together with the design & implementation of related IT security processes including Incident, Problem, Event and IT Security management. Training course titled IT Security Training: Advanced Hacking and Intrusion Detection that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

IT Security Training: An Introduction to Penetration Testing

The course An Introduction to Penetration Testing (IT Security Training) is an introduction to white hat hacking. The course teaches you how to perform every stage of the hacking process so that you may protect your environment. The training includes tools for information gathering & target scoping, target discover & enumeration, vulnerability mapping & social engineering. You are taught how to use the Metasploit Framework to perform target identification & exploitation so that you may stop it from happening to you. Training course titled IT Security Training: An Introduction to Penetration Testing that will allow you to hone your professional skills.

Feb 12 - 14, 2025$3,350.00Mar 12 - 14, 2025$3,350.00Apr 16 - 18, 2025$3,350.00May 14 - 16, 2025$3,350.00Jun 11 - 13, 2025$3,350.00Jul 16 - 18, 2025$3,350.00

IT Security Training: Cyber Threat Intelligence

The training course Cyber Threat Intelligence (IT Security Training) is a complete exploration of the principles and application of implementing a Cyber Threat Intelligence program within your organization. Starting with the anatomy of an attack and the indications of compromise, the course explores the cyber kill chain together with the cyber intelligence cycle, data collection and analysis as well as threat analysis and the use of networks and partners. Training course titled IT Security Training: Cyber Threat Intelligence that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

IT Security Training: Cybersecurity Essentials

The course Cybersecurity Essentials (IT Security) is a full lifecycle exploration of corporate IT Security. The training starts with a review of key networking concepts including IP addressing, switches, routers, VLANs, VOIP and concludes with a comprehensive study of cybersecurity concepts such as information assurance, cryptography, authentication and legal and regulatory considerations. The course then leverages theses foundation concepts to explore the practical aspects of securing routers, switches and computers that run Windows and Linux. The training also covers intrusion detection systems (IDS) and essential policies and procedures that support IT security in an organization. The course course concludes with a detailed study of hacker attacks, including attack methods, the attack vector, incident handling and mitigation techniques. Training course titled IT Security Training: Cybersecurity Essentials that will allow you to hone your professional skills.

Feb 11 - 14, 2025$3,750.00Mar 11 - 14, 2025$3,750.00Apr 15 - 18, 2025$3,750.00May 13 - 16, 2025$3,750.00Jun 10 - 13, 2025$3,750.00Jul 15 - 18, 2025$3,750.00

IT Security Training: Inspecting Networks with SNORT

The course Inspecting Networks with SNORT (IT Security Training) is a complete exploration of SNORT from installation and configuration to the development of complex rules for malicious data extraction and network intrusion detection. The training starts with an overview of the theoretical foundations of network data analysis with SNORT. This is followed by a detailed investigation of working with SNORT pre-processors to analyze traffic and detect malicious attacks. The training course also discusses the use of filters and events and the writing of SNORT rules for payload detection, non-payload detection and post detection processing. The training ends with a discussion of best practices and challenges in writing rules and the use of the AppId pre-processor for user created application detectors. Wow! This is quite the jam packet IT security course. Training course titled IT Security Training: Inspecting Networks with SNORT that will allow you to hone your professional skills.

Feb 11 - 14, 2025$3,750.00Mar 11 - 14, 2025$3,750.00Apr 15 - 18, 2025$3,750.00May 13 - 16, 2025$3,750.00Jun 10 - 13, 2025$3,750.00Jul 15 - 18, 2025$3,750.00

IT Security Training: Network Forensics Analysis

The course Network Forensics Analysis (IT Security Training) explores the complexities of gathering digital evidence over a network. The training starts with a general discussion of evidence types and related evidence gathering techniques. This is followed by a detailed exploration of the fundamental tools of the digital forensics trade including the Squid proxy server, common packet analysis tools including tcpdump, Wireshark and NetFlow. The course includes a detailed study of application level protocols and services, firewalls, intrusion detection systems (IDS) and network security managers. The training concludes with an exploration of centralized logging, the Elastic Stack, wireless network considerations, encryption and SSL inspection. Training course titled IT Security Training: Network Forensics Analysis that will allow you to hone your professional skills.

Feb 11 - 14, 2025$3,750.00Mar 11 - 14, 2025$3,750.00Apr 15 - 18, 2025$3,750.00May 13 - 16, 2025$3,750.00Jun 10 - 13, 2025$3,750.00Jul 15 - 18, 2025$3,750.00

IT Security Training: Professional Threat and Risk Assessment

The course Professional Threat and Risk Assessment (IT Security Training) is a comprehensive study of the threat and risk assessment lifecycle. Starting with the basic principles of risk management, the course explores the business of risk assessment and its complete lifecycle. The training includes risk profiling, formulating a risk, risk exposure factors as well as risk evaluation, mitigation and assessment. The training concludes with an exploration of security Controls and Services as well techniques for threat and vulnerability management. Defuse the ticking time bomb of risk in your projects by learning concrete techniques for risk assessment and process definition with this exciting and hands-on workshop. Training course titled IT Security Training: Professional Threat and Risk Assessment that will allow you to hone your professional skills.

Feb 4 - 7, 2025$3,750.00Mar 4 - 7, 2025$3,750.00Apr 8 - 11, 2025$3,750.00May 6 - 9, 2025$3,750.00Jun 3 - 6, 2025$3,750.00Jul 8 - 11, 2025$3,750.00

IT Security Training: Securing Web Applications

This IT security training course provides participants with a complete exploration of web application security. Participants are first introduced to the essential concepts of open-source intelligence and social engineering while they begin to understand the hacker mindset. This is followed by a complete dissection of the infrastructure that supports web application operations. The training then digs into the details of the OWASP top 10 while they are taught how to perform complex web attacks such as SQL injection, cross site scripting, verb tempering, XXE attacks and more. Finally, participants are shown how to analyse JavaScript and how to write secure code in support of corporate applications. The course ends with a multifaceted discussion on security configuration and monitoring an enterprise environment including Lenox and active directory security. Training course titled IT Security Training: Securing Web Applications that will allow you to hone your professional skills.

Feb 18 - 21, 2025$3,750.00Mar 18 - 21, 2025$3,750.00Apr 22 - 25, 2025$3,750.00May 20 - 23, 2025$3,750.00Jun 17 - 20, 2025$3,750.00Jul 22 - 25, 2025$3,750.00

IT Security Training: Windows Forensics from A to Z

The course Windows Forensic Forensics Analysis (IT Security Training) explores the complexities of gathering digital evidence on everything Windows. The training starts with a general discussion of evidence types and related evidence gathering techniques. This is followed by a detailed exploration of love response and the collection of both volatile and non-volatile data on the Windows platform. The training course covers the analysis of Windows memory, the FAT and NTFS file systems and various Windows artefacts including web browsers, event logs, page files and more. Training course titled IT Security Training: Windows Forensics from A to Z that will allow you to hone your professional skills.

Feb 18 - 21, 2025$3,750.00Mar 18 - 21, 2025$3,750.00Apr 22 - 25, 2025$3,750.00May 20 - 23, 2025$3,750.00Jun 17 - 20, 2025$3,750.00Jul 22 - 25, 2025$3,750.00

Java Training: The Complete Security Workshop

The course The Complete Security Workshop (Java Training) is essential for any developer who is working on front-end web applications or working on the security infrastructure of JEE applications. The course content aims to demystify Java SE and EE security at all levels. Starting with an overview of threats and risks, the student is guided in a hands-on exploration of JAAS (Java Authentication and Authorization services), followed by creating custom security providers and best practices. Training course titled Java Training: The Complete Security Workshop that will allow you to hone your professional skills.

Feb 11 - 14, 2025$3,750.00Mar 11 - 14, 2025$3,750.00Apr 15 - 18, 2025$3,750.00May 13 - 16, 2025$3,750.00Jun 10 - 13, 2025$3,750.00Jul 15 - 18, 2025$3,750.00

Linux Training: Security & Hacking Complete Course

The course Security & Hacking Complete Course (Linux Training) focuses on Linux security and hacking. Beginning with a Linux security deep-dive, the course discusses the anatomy of a hacker attack on Linux. Every part of the Linux OS is included in the discussion including the kernel, networking components, databases, web servers & more. Training course titled Linux Training: Security & Hacking Complete Course that will allow you to hone your professional skills.

Feb 11 - 14, 2025$3,750.00Mar 11 - 14, 2025$3,750.00Apr 15 - 18, 2025$3,750.00May 13 - 16, 2025$3,750.00Jun 10 - 13, 2025$3,750.00Jul 15 - 18, 2025$3,750.00

Server 2022 Training: Windows Advanced Active Directory

The course Windows Advanced Active Directory (Server 2019 Training) covers advanced Active Directory installation, configuration and maintenance. The training includes GPO, global catalog servers, service replication, sites, replication topology, PowerShell scripting & troubleshooting. If you need to know everything about the Active Directory, this is the course for you. Training course titled Server 2022 Training: Windows Advanced Active Directory that will allow you to hone your professional skills.

Feb 18 - 21, 2025$3,750.00Mar 18 - 21, 2025$3,750.00Apr 22 - 25, 2025$3,750.00May 20 - 23, 2025$3,750.00Jun 17 - 20, 2025$3,750.00Jul 22 - 25, 2025$3,750.00

Server 2022 Training: Windows Advanced Security

The course Windows Advanced Security (Server 2019 Training) is an exploration of Windows Server security. Beginning with a tour of threat types, the training includes a complete exploration of the Plan, Detect, Respond and Protect lifecycle with Windows Server. If you want to protect your Windows servers from malware and hacker attacks, this is the course for you. Training course titled Server 2022 Training: Windows Advanced Security that will allow you to hone your professional skills.

Jan 28 - 31, 2025$3,750.00Feb 25 - 28, 2025$3,750.00Mar 25 - 28, 2025$3,750.00Apr 29 - May 2, 2025$3,750.00May 27 - 30, 2025$3,750.00Jun 24 - 27, 2025$3,750.00Jul 29 - Aug 1, 2025$3,750.00