The Synopsys Software Integrity Group is now Black Duck®. Learn More

Foundations of .NET Platform Security

Course Description

The .NET platform serves as a powerful framework for developing a wide range of applications, from rich websites and desktop applications to versatile shared libraries and embedded systems. The platform’s specific architecture and unique security model set it apart from other environments. While these traits offer developers and architects a variety of enhancements to the capabilities of their applications, they also introduce specific risks from an application security perspective. In this course, you’ll learn how to avoid application security risks when using .NET platforms.

Learning Objectives

  • Identify the .NET framework components and related concepts
  • Identify and strategize the use of .NET security features
  • Identify limitations for each security feature
  • Implement security processes into the development of .NET applications based on best practices 

Details

Delivery Format: eLearning

Duration: 40 Minutes

Level: Intermediate
Intended Audience: 
  • Architects
  • Back-End Developers
  • Front-End Developers
  • QA Engineers

Prerequisites: 

Course Outline

Introduction
  • .NET Overview
  • Significant Features
  • Related Components and Courses

Data Validation

  • Sanitization and Validation
  • Blacklisting and Whitelisting

Injection Defense

  • SQL Injection
  • Encoding Reserved Control Sequences Within Untrusted Input
  • XML Parser Defense

Cryptography

  • Symmetric Encryption
  • Asymmetric Encryption
  • Cryptographic Hashes
  • Cryptographic Randomness

Logging

  • Logging Domains
  • Logging Security Use Cases
  • Design, Implementations, and Testing Considerations
  • Events to Log
  • Event Attributes

Logging Systems

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster