Writing Secure Code in .NET

Organiser
JB International Consultants Ltd
Date
14-16 May 2007 (Add to calendar) GMT
Venue
JB International , London, GB
Cost
£1200+VAT

Writing Secure Code in .NET Training Course Outline

Security Overview

The Need for Secure Systems
Trustworthy Computing
Proactive Security Development
SD 3 : Secure by Design, by Default, and in Deployment
Security Principles
Threat Modelling

Security Techniques

Preventing Buffer Overruns
Determining Appropriate Access Control
Running with Least Privilege
Cryptographic Techniques
Protecting Secret Data
Guarding against Input
Canonical Representation Issues
Database Input Issues
Web-Specific Input Issues
Internationalization Issues
Socket Security
Securing RPC, ActiveX Controls, and DCOM
Protecting Against Denial of Service Attacks


Writing Secure .NET Code

Code Access Security Overview
Using FxCop
Strong-Named Assemblies
Specifying Assembly Permission Requirements
Use of Assert
Demands and Link Demands
Limiting Who Uses Your Code
XML and Configuration Files
Partial Trust Assemblies
Issues with Delegates
Issues with Serialization
The Role of Isolated Storage
Tracing and Debugging
General Good Practices


Security Testing

The Role of the Security Tester
Building Security Test Plans from a Threat Model
Testing Clients with Rogue Servers
Determining Attack Surface
Performing a Security Code Review


Secure Software Installation

Principle of Least Privilege
Using the Security Configuration Editor
Low-Level Security APIs



Building Privacy into Your Application

Malicious vs. Annoying Invasions of Privacy
Major Privacy Legislation
Privacy vs. Security
Building a Privacy Infrastructure
Designing Privacy-Aware Applications

 

Writing Security Documentation and Error Messages

Security Issues in Documentation
Security Issues in Error Messages
Information Disclosure Issues
Security Usability


Developers Security Checklist

You might also like...

Comments

Other nearby events

Map

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“You can stand on the shoulders of giants OR a big enough pile of dwarfs, works either way.”