.NET Training: Building Secure Applications


Course Delivery

Live Instructor-Led Training

Course Description

The course Building Secure Applications (.NET Training) teaches you build secure code which is resistant to hacker attacks. As applications become a more an more important part of our professional lives, security vulnerabilities become a key liability. The training includes encryption & message digests, code access security, authentication, session management, authorization and role based security. The course concludes with a study of symmetric % asymmetric encryption together with common hacks and security vulnerabilities such as SQL Injection, XSS scripting & session hijacking to name a few.

Course Dates and Pricing


Sep 26 - 28, 2018$2,250.00Oct 24 - 26, 2018$2,250.00Nov 21 - 23, 2018$2,250.00Dec 19 - 21, 2018$2,250.00

Course Outline

Introduction and Overview

What are Web Applications and Web Services?
About the Underlying Technology of Applications and Services
A Few Important Definitions: Risk, Threats and Vulnerabilities
An Overview of Risk Assessment and Management Techniques
About Measuring the Risk
About Dealing with Risk

Security Guidelines

Input and Output Validation
About Secure Failure
The Need for Simplicity
Reusing Trusted Components
About Predictive Defence
The Weakest Link Principle
Obscuring Components doesn’t make them Secure
About Least Privilege
About Compartmentalization
About the Architecture: Operating System, Infrastructure and Application
Security Architecture of .NET or Java

Authentication

Types of Authentication
Overview of Browser Limitations
Certificate Basics: Public Keys, Private Keys and Certificates
Exploring Authentication Types: Basic, Digest, Forms and Certificate Based
Using Cookies for Entity Authentication
Using DNS for Infrastructure Authentication
About Password Based Authentication Systems
Implementing Authentication in .NET or Java

Managing User Sessions

All you ever wanted to know about Cookies: Persistence, Security and Usage
All you ever wanted to know about the Session Token
Session Management: Using a Session Timeout
Session Management: Regeneration of Session Token
Session Management: Session Forging or Lockout
Session Management: Re-authentication
Session Management: Session Token Transmission
Session Management: Page Tokens
Session Management: Session Tokens on Logout
Using SSL: The SSL Handshake in Detail
Session Management in .NET or Java

Access Control

Discretionary Access Control
Mandatory Access Control
Role Based Access Control
Access Control in .NET or Java

Event Logging

The Importance of Logging Events
About Event Management
Logging Events in .NET or Java

Data Validation

The Architecture of Data Validation
Why Client Validation should not be relied upon
Validation Techniques: Accept Only Known Valid Data
Validation Techniques: Reject Known Bad Data
Validation Techniques: Sanitize all Data
Overview of Business Tier Validation Techniques in .NET or Java
Overview of Data Tier Validation Techniques in .NET or Java
Implementing a Complete Validation Solution based on Enterprise Technologies

Preventing Common Problems

About the Meta Character Problem
About Cross-Site Scripting: Description and Mitigation
Direct SQL Command: Description and Mitigation
Direct OS Command: Description and Mitigation
Path Traversal and Path Disclosure: Description and Mitigation
NULL Bytes: Description and Mitigation
Canonicalization Attacks: Description and Mitigation
URL Encoding: Description and Mitigation
Cookie Manipulation: Description and Mitigation
HTTP Header Manipulation: Description and Mitigation
HTML Form Field Manipulation: Description and Mitigation
URL Manipulation: Description and Mitigation

Other Problems

HTML Comments
Vendor Patches
System Configuration
Unused Files
Debug Commands
Default Accounts

The Need for Privacy

About Web Browsers and Personal Data
About Shared Web Browsers
Protecting Personal Data
Enhanced Browser Privacy
About Browser History and Related Settings

About Cryptography

Symmetric versus Asymmetric Cryptography
Public Keys, Private Keys and Certificates
About SSL
About Digital Signatures and Hash Values
Implementing a Complete Cryptographic Solution with .NET or Java

Course Locations

  • Ottawa

  • Montreal

  • Toronto

Related IT Security Training

IT Security Training: Essential Concepts

The course Essential Concepts (IT Security Training) introduces the art and science of IT security. The training begins with an overview of IT security management and its various disciplines. The course then discusses threat types & the complete Plan, Detect, Respond and Protect lifecycle. The training includes the use of firewalls, anti-virus, information security policies, user management, network management & more. If you to create, publish, implement and maintain a corporate Information Security Policy, this is the course for you. Training course titled IT Security Training: Essential Concepts that will allow you to hone your professional skills.

Sep 18 - 21, 2018$2,775.00Oct 16 - 19, 2018$2,775.00Nov 13 - 16, 2018$2,775.00Dec 11 - 14, 2018$2,775.00

IT Security Training: Offensive & Defensive Hack Proofing

The course Offensive & Defensive Hack Proofing (IT Security Training) is an introduction to white hat hacking. The course teaches you how to perform every stage of the hacking process so that you may protect your environment. The training includes tools for information gathering & target scoping, target discover & enumeration, vulnerability mapping & social engineering. You are taught how to use the Metasploit Framework to perform target identification & exploitation so that you may stop it from happening to you. The progressive & hands-on practical lab allow you to execute a hack from initial identification to privilege escalation & maintenance. Stop hackers in their tracks today! Training course titled IT Security Training: Offensive & Defensive Hack Proofing that will allow you to hone your professional skills.

Sep 11 - 14, 2018$3,350.00Oct 23 - 26, 2018$3,350.00Nov 20 - 23, 2018$3,350.00Dec 18 - 21, 2018$3,350.00

IT Security Training: The Definitive Boot Camp

The course The Definitive Boot Camp (IT Security Training) provides an introduction to the complex world of IT security. Corporate IT systems are more at risk today than they have ever been. The availability of information and the increased appetite for information and data requires organizations to expose their systems more and more to the vagaries of public consumption. This level of access means that an increasing number of people can compromise corporate data and IT infrastructure. Therefore, it is more important than ever for all employees to have a good understanding of the concepts and technologies that allow enforcement of the organization’s security policy. Why take the risk? Familiarize yourself and your staff with the many IT security concepts and technologies that protect you every day. Training course titled IT Security Training: The Definitive Boot Camp that will allow you to hone your professional skills.

Sep 17 - 18, 2018$1,150.00Oct 15 - 16, 2018$1,150.00Nov 12 - 13, 2018$1,150.00Dec 10 - 11, 2018$1,150.00

Server 2016 Training: Mastering Active Directory

The course Mastering Active Directory (Server 2016 Training) explores the design & implementation of Domains & Forests using Active Directory Domain Services with Windows Server 2016. The training includes active directory installation & configuration, domain & forest design & implementation as well as the creation & maintenance of Active Directory users & security groups. The course covers Active Directory schemas & fields, RODCs, global catalog servers, Active Directory replication, GPOs & GPO templates, Nano Servers, Server Virtualization and more. Training course titled Server 2016 Training: Mastering Active Directory that will allow you to hone your professional skills.

Sep 26 - 28, 2018$1,675.00Oct 24 - 26, 2018$1,675.00Nov 21 - 23, 2018$1,675.00Dec 19 - 21, 2018$1,675.00

Cisco Training: Mastering Network Security

The course Mastering Network Security (Cisco Training) delves into the details of Cisco network security. Every aspect of the security policy implementation is covered, starting with basic protocol considerations to the use of firewalls, IPS and IPv6. The training includes ACLs, tunneling and routing protocols. Training course titled Cisco Training: Mastering Network Security that will allow you to hone your professional skills.

Sep 18 - 21, 2018$2,775.00Oct 16 - 19, 2018$2,775.00Nov 13 - 16, 2018$2,775.00Dec 11 - 14, 2018$2,775.00

IT Security Training: Advanced Hacking and Intrusion Detection

The course Advanced Hacking and Intrusion Detection (IT Security Training) explores advanced hacking from an offensive security perpsective. The course covers hacking with Metasploit and discussed common attack techniques including SQL Injection, Cross-Site Scripting, Phishing, Spoofing & more. The training also discusses how to plan & implement an Intrusion Detection System together with the design & implementation of related IT security processes including Incident, Problem, Event and IT Security management. Training course titled IT Security Training: Advanced Hacking and Intrusion Detection that will allow you to hone your professional skills.

Sep 18 - 21, 2018$3,350.00Oct 16 - 19, 2018$3,350.00Nov 13 - 16, 2018$3,350.00Dec 11 - 14, 2018$3,350.00

IT Security Training: An Introduction to Penetration Testing

The course An Introduction to Penetration Testing (IT Security Training) is an introduction to white hat hacking. The course teaches you how to perform every stage of the hacking process so that you may protect your environment. The training includes tools for information gathering & target scoping, target discover & enumeration, vulnerability mapping & social engineering. You are taught how to use the Metasploit Framework to perform target identification & exploitation so that you may stop it from happening to you. Training course titled IT Security Training: An Introduction to Penetration Testing that will allow you to hone your professional skills.

Sep 5 - 7, 2018$2,250.00Oct 3 - 5, 2018$2,250.00Oct 31 - Nov 2, 2018$2,250.00Nov 28 - 30, 2018$2,250.00

IT Security Training: Cybersecurity Essentials

The course Cybersecurity Essentials (IT Security) is a full lifecycle exploration of corporate IT Security. The training starts with a review of key networking concepts including IP addressing, switches, routers, VLANs, VOIP and concludes with a comprehensive study of cybersecurity concepts such as information assurance, cryptography, authentication and legal and regulatory considerations. The course then leverages theses foundation concepts to explore the practical aspects of securing routers, switches and computers that run Windows and Linux. The training also covers intrusion detection systems (IDS) and essential policies and procedures that support IT security in an organization. The course course concludes with a detailed study of hacker attacks, including attack methods, the attack vector, incident handling and mitigation techniques. Training course titled IT Security Training: Cybersecurity Essentials that will allow you to hone your professional skills.

Sep 10 - 14, 2018$3,500.00Oct 8 - 12, 2018$3,500.00Nov 5 - 9, 2018$3,500.00Dec 3 - 7, 2018$3,500.00

IT Security Training: Inspecting Networks with SNORT

The course Inspecting Networks with SNORT (IT Security Training) is a complete exploration of SNORT from installation and configuration to the development of complex rules for malicious data extraction and network intrusion detection. The training starts with an overview of the theoretical foundations of network data analysis with SNORT. This is followed by a detailed investigation of working with SNORT pre-processors to analyze traffic and detect malicious attacks. The training course also discusses the use of filters and events and the writing of SNORT rules for payload detection, non-payload detection and post detection processing. The training ends with a discussion of best practices and challenges in writing rules and the use of the AppId pre-processor for user created application detectors. Wow! This is quite the jam packet IT security course. Training course titled IT Security Training: Inspecting Networks with SNORT that will allow you to hone your professional skills.

Oct 23 - 26, 2018$3,500.00Nov 20 - 23, 2018$3,500.00Dec 18 - 21, 2018$3,500.00

IT Security Training: Network Forensics Analysis

The course Network Forensics Analysis (IT Security Training) explores the complexities of gathering digital evidence over a network. The training starts with a general discussion of evidence types and related evidence gathering techniques. This is followed by a detailed exploration of the fundamental tools of the digital forensics trade including the Squid proxy server, common packet analysis tools including tcpdump, Wireshark and NetFlow. The course includes a detailed study of application level protocols and services, firewalls, intrusion detection systems (IDS) and network security managers. The training concludes with an exploration of centralized logging, the Elastic Stack, wireless network considerations, encryption and SSL inspection. Training course titled IT Security Training: Network Forensics Analysis that will allow you to hone your professional skills.

Sep 3 - 7, 2018$3,500.00Oct 1 - 5, 2018$3,500.00Oct 29 - Nov 2, 2018$3,500.00Nov 26 - 30, 2018$3,500.00

IT Security Training: Windows Forensics from A to Z

The course Windows Forensic Forensics Analysis (IT Security Training) explores the complexities of gathering digital evidence on everything Windows. The training starts with a general discussion of evidence types and related evidence gathering techniques. This is followed by a detailed exploration of love response and the collection of both volatile and non-volatile data on the Windows platform. The training course covers the analysis of Windows memory, the FAT and NTFS file systems and various Windows artefacts including web browsers, event logs, page files and more. Training course titled IT Security Training: Windows Forensics from A to Z that will allow you to hone your professional skills.

Sep 10 - 14, 2018$3,500.00Oct 22 - 26, 2018$3,500.00

Java Training: The Complete Security Workshop

The course The Complete Security Workshop (Java Training) is essential for any developer who is working on front-end web applications or working on the security infrastructure of JEE applications. The course content aims to demystify Java SE and EE security at all levels. Starting with an overview of threats and risks, the student is guided in a hands-on exploration of JAAS (Java Authentication and Authorization services), followed by creating custom security providers and best practices. Training course titled Java Training: The Complete Security Workshop that will allow you to hone your professional skills.

Sep 18 - 21, 2018$2,775.00Oct 16 - 19, 2018$2,775.00Nov 13 - 16, 2018$2,775.00Dec 11 - 14, 2018$2,775.00

Linux Training: Security & Hacking Complete Course

The course Security & Hacking Complete Course (Linux Training) focuses on Linux security and hacking. Beginning with a Linux security deep-dive, the course discusses the anatomy of a hacker attack on Linux. Every part of the Linux OS is included in the discussion including the kernel, networking components, databases, web servers & more. Training course titled Linux Training: Security & Hacking Complete Course that will allow you to hone your professional skills.

Sep 4 - 7, 2018$2,775.00Oct 2 - 5, 2018$2,775.00Oct 30 - Nov 2, 2018$2,775.00Nov 27 - 30, 2018$2,775.00

Server 2016 Training: Windows Advanced Active Directory

The course Windows Advanced Active Directory (Server 2016 Training) covers advanced Active Directory installation, configuration and maintenance. The training includes GPO, global catalog servers, service replication, sites, replication topology, PowerShell scripting & troubleshooting. If you need to know everything about the Active Directory, this is the course for you. Training course titled Server 2016 Training: Windows Advanced Active Directory that will allow you to hone your professional skills.

Sep 25 - 28, 2018$2,775.00Oct 23 - 26, 2018$2,775.00Nov 20 - 23, 2018$2,775.00Dec 18 - 21, 2018$2,775.00

Server 2016 Training: Windows Advanced Security

The course Windows Advanced Security (Server 2016 Training) is an exploration of Windows Server security. Beginning with a tour of threat types, the training includes a complete exploration of the Plan, Detect, Respond and Protect lifecycle with Windows Server. If you want to protect your Windows servers from malware and hacker attacks, this is the course for you. Training course titled Server 2016 Training: Windows Advanced Security that will allow you to hone your professional skills.

Sep 4 - 7, 2018$2,775.00Oct 2 - 5, 2018$2,775.00Oct 30 - Nov 2, 2018$2,775.00Nov 27 - 30, 2018$2,775.00