Combined C#, C/C++ and Web Applications Security

Serving teams that use managed code (.NET and ASP.NET typically written in C#) together with native code development (typically C/C++), this training gives a comprehensive overview of the security issues in both environments.

Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.

The course also covers both the various general (like web services) and specific security solutions and tools, and the most frequent and severe security flaws of managed code, dealing with both language-specific issues and the problems stemming from the runtime environment. The vulnerabilities relevant to the ASP.NET platform are detailed along with the general web-related vulnerabilities following the OWASP Top Ten list. The course consists of a number of exercises through which attendees can easily understand and execute attacks and protection methods.

Audience

§ C/C++, C# and Web application Developers

§ Architects

§ Testers

Course Objectives

Participants attending this course will:

§ Understand basic concepts of security, IT security and secure coding

§ Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

§ Learn client-side vulnerabilities and secure coding practices

§ Learn to use various security features of the .NET development environment

§ Have a practical understanding of cryptography

§ Learn about denial of service attacks and protections

§ Realize the severe consequences of unsecure buffer handling in native code

§ Understand the architectural protection techniques and their weaknesses

§ Learn about typical coding mistakes and how to avoid them

§ Get practical knowledge in using security testing techniques and tools

§ Get sources and further readings on secure coding practices

Prerequisites

Advanced C/C++, C# and Web development

Outline

§ IT security and secure coding

§ Web application security

§ Client-side security

§ .NET security architecture and services

§ Practical cryptography

§ Denial of service

§ x86 machine code, memory layout and stack operations

§ Buffer overflow

§ Some additional native code-related vulnerabilities

§ Common coding errors and vulnerabilities

§ Security testing techniques

§ Principles of security and secure coding

§ Knowledge sources