On-line training course catalogue

Security Seminar for Developers

Type of course: Classroom

Course details

Fee	£350
Days	1
Course code	MS2805

We currently do not have public dates scheduled for this course.
If you have a requirement for this course, please contact us for the latest course information.

Print this page | Download as Word document |

Overview

This one-day, instructor-led seminar introduces developers to the knowledge and skills required to identify and mitigate security threats.

Prerequisites

Before attending this course, students must have development experience with Visual Basic, C, C++, or Java.

Delegates will learn how to

• Recognize the threats of buffer overruns and how to avoid them.
• Describe the complexities of storing secret information.
• Execute code with least privilege.
• Encrypt and decrypt data with classes in the System. Security. Cryptography namespace.
• Secure ASP.NET applications and XML Web services.
• Recognize the threats of canonicalization and how to avoid them.
• Recognize the threats of cross-site scripting and how to avoid them.
• Recognize the threats of denial of service (DoS) attacks and how to avoid them.
• Create secure Web sites.
• Implement code access security in the .NET Framework.
• Describe role-based security in the .NET Framework.
• Determine security policy settings in the .NET Framework.
• Implement best practices for writing secure .NET code.
• Describe current security technologies and standards.
• Secure software solutions built by using the .NET Enterprise Servers.
• Implement threat modelling to analyse software vulnerabilities.
• Recognize the threats of SQL injection and how to avoid them.
• Describe the intricacies and benefits of access control lists (ACLs).
• Specify the security technologies used in the .NET Enterprise Servers.

Outline

The seminar is divided into three sessions:

Session I:

“Writing Secure Code” will highlight common techniques that hackers use to compromise software systems. In addition, the audience will learn strategies and a series of best practices that can mitigate these threats. Threats covered will include buffer overruns, cross-site scripting, SQL injection, canonicalization issues, cryptography hacking, COM safe for script issues, and denial of service attacks.

Session II:

“Security and the .NET Framework” will cover the security features of the Microsoft .NET Framework. Topics will include .NET Framework security features, implementing code access and role-based security, cryptography, and securing Microsoft ASP.NET and XML Web services. For advanced learners who are already familiar with these concepts, the first part of the session may be skipped or covered at an accelerated pace. For this audience, the instruction of this session will focus on “Advanced Topics: Tips for Writing Secure .NET Code,” which focuses on best practices when writing secure .NET code.

Session III:

“Developing Secure Applications with .NET Enterprise Servers” will cover the security features available with the .NET Enterprise Servers. This session provides a high-level overview of security concepts and Microsoft product features from which managers, network administrators, developers, and architects can benefit. This session is designed to be customized for specific audiences, and trainers should be aware of the background of the audience and their interest in specific products and solutions before delivering this session.

Recommended follow on course

• MS2806 Microsoft Security Guidance Training for Developers