Certified C# and Web application security
From £3,077 + VAT was £4,090
- SFIA
Skills Framework for the Information Age (SFIA) identifies and describes over 100 skills and 7 levels of job roles. To find out more, read What is SFIA?
To book this course, call us on 0113 382 6276 or get in touch via the form.
Overview
This comprehensive three-day course empowers developers with the skills to secure C# and ASP.NET web applications against common vulnerabilities and advanced cyber threats. Participants will explore core IT security principles, secure coding practices, and .NET-specific security measures. Key topics include SQL injection, cross-site scripting (XSS), authentication flaws, and insecure deserialization, with a focus on how they affect ASP.NET applications.
The course also delves into the .NET framework’s security architecture, emerging issues, and cryptographic techniques. Through hands-on exercises, participants will gain practical experience in applying secure coding practices to real-world scenarios.
Prerequisites
- General C# development knowledge.
- Familiarity with web application concepts is beneficial but not mandatory.
Target Audience
- C# developers building or maintaining web applications.
- Software engineers seeking to enhance their knowledge of secure coding.
- IT professionals responsible for application security in .NET-based systems.
Learning Outcomes
By the end of this course, participants will be able to:
- Identify and mitigate common web vulnerabilities affecting .NET applications, including OWASP Top Ten issues.
- Apply secure coding practices in C# to prevent injection attacks, XSS, and insecure deserialization.
- Utilise the security features of the .NET framework to enhance application security.
- Strengthen authentication, session management, and access control in ASP.NET applications.
- Conduct vulnerability assessments using tools like static code analysis and penetration testing frameworks.
- Apply secure coding principles and follow key guidelines from industry standards such as OWASP and SEI CERT.
Course Outline
Day 1: Introduction to IT security and secure coding
- Fundamentals of IT security and risk management.
- Understanding security flaws and their exploitation in cybercrime.
- Overview of OWASP Top Ten vulnerabilities and secure coding principles.
- Injections:
- SQL Injection: Attack methods, blind SQL injection, and prevention using parameterized queries.
- Command Injection: Detection, prevention techniques, and hands-on exercises.
- XML Injection: Addressing and mitigating injection risks.
- Cross-Site Scripting (XSS): Persistent, reflected, and DOM-based XSS attacks with prevention strategies and exercises.
Day 2: Advanced web vulnerabilities and secure coding
- Authentication and Session Management:
- Best practices for secure authentication.
- Common vulnerabilities in session handling, including cookies and JWT tokens.
- Exercises on securing authentication and sessions.
- Business Logic Vulnerabilities:
- Identifying and preventing issues like privilege escalation and payment manipulation.
- Practical exercises on mitigating business logic flaws.
- Securing forms and session tokens against CSRF attacks.
- Prevention techniques with ASP.NET.
- Addressing path traversal and insecure file upload vulnerabilities.
- Exercises on secure coding practices.
- Understanding and mitigating race conditions in multi-threaded environments.
- Cross-Site Request Forgery (CSRF):
- File and Path Vulnerabilities:
- Race Conditions:
Day 3: .NET security and advanced topics
- .NET Security Architecture:
- Core security features, including role-based access control and secure error handling.
- Serialization and deserialization vulnerabilities and their mitigation.
- Practical Cryptography:
- Symmetric and asymmetric encryption techniques.
- Cryptographic APIs in .NET and best practices for key management.
- In-depth analysis of new vulnerabilities such as insecure deserialization and cookie injection.
- Tools and techniques for static code analysis, penetration testing, and vulnerability management.
- Exercises using tools like OWASP ZAP and SQLMap.
- Applying robust programming principles from Saltzer and Schroeder.
- Recommended resources and further reading for secure coding practices.
- Emerging Threats:
- Security Testing and Vulnerability Management:
- Principles of Secure Coding:
Exams and Assessments
- Multiple-choice exam (60 questions, 50% pass mark).
- The APMG Proctor-U exam is taken online after course completion.
- Delegates receive individual access to the APMG candidate portal (available two weeks post-exam).
QA is an approved training provider for ELCAS, proud to support service leavers in their transition into the tech industry. Learn more about Elcas approved training here.
NCSC Assured Training
Continuous Professional Development (CPD)
CPD points can be claimed for NCSC assured training courses at the rate of 1 point per hour of training for NCSC assured training courses (up to a maximum of 15 points).
Why choose QA
- Award-winning training, top NPS scores
- Nearly 300,000 learners in 2020
- Our training experts are industry leaders
- Read more about QA
Related courses
Cyber Security learning paths
Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.