Le portail de la formation tout au long de la vie
LU
DE
EN
FR
PT
Vous êtes ici: Accueil > Formations > Proximus Luxembourg

.NET, C# and ASP.NET security development

3 jour(s)

Objectifs

A number of programming languages are available today to compile code to.NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding- level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using.NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general Web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.

Contenu

Web vulnerabilities:
OWASP top 10 and beyond:
  • SQL Injection and other injection flaws, Cross-Site Scripting: persistent and reflected XSS, session handling challenges, using cookies, remote code execution, Insecure Direct Object Reference, Cross-Site Request Forgery (CSRF), restricting URL access.
.NET and ASP.NET security technologies and services:
  • Code Access Security, permissions, the stack walk, trust levels
  • Role-based Security
  • cryptography in.NET; ASP.NET authentication and authorization solutions, windows and form authentication, Live SDK, roles; session handling
  • XSS protection, validation features, viewstate protection in ASP.NET
.NET specific vulnerabilities:
  • input validation problems, using native code, integer overflows in.NET, using the checked keyword, log forging
  • improper use of cryptographic features, insecure randomness in.NET, challenges of password management, cracking hashed passwords with search engines
  • improper error and exception handling
  • time and state problems, race conditions, synchronization and mutual exclusion, deadlocks, file and database race conditions
  • general code quality issues, object hijacking, immutable objects, serialization of sensitive information
  • Denial-of-Service (DoS) in.NET, hashtable collision, attacks against ASP.NET, string termination inconsistency, and many more...
Exercises:
  • exploiting SQL injection step-by-step
  • exploiting command injection
  • crafting Cross-Site Scripting attacks through both reflective and persistent XSS
  • HTML injection
  • session fixation
  • uploading and running executable code
  • insecure direct object reference
  • committing Cross-Site Request Forgery (CSRF)
  • sandboxing.NET code, using roles, using cryptographic classes in.NET, implementing form authentication, input validation in ASP.NET
  • crashing native code
  • unsafe reflections
  • hash cracking by googling
  • using reflection to break accessibility modifiers
  • information leakage through error reporting
  • missing

Public cible

Prérequis

Basic.NET, C# and ASP.NET

Evaluation

Certificat, diplôme

Un certificat de formation est remis à chaque participant à la fin du cours.

Voir les coordonnées de l'organisme


Le contenu de ce descriptif de formation est de la seule responsabilité de son auteur, l'organisme de formation Telindus Training Institute / Proximus Luxembourg .

Imprimer Tout voir/cacher
Partager sur Facebook Partager sur Twitter Partager sur LinkedIn Partager sur Google+ Envoyer à un ami
Voir les coordonnées de l'organisme
Caractéristiques
Niveau Avancé
Organisation Formation intra-entreprise
Langues de prestation
lifelong-learning.lu utilise des cookies

En consultant ce site, vous acceptez l'utilisation des cookies nécessaires à la navigation et permettant de réaliser des statistiques.

Vous pouvez modifier les paramètres des cookies à tout moment dans votre navigateur.

OK En savoir plus