Writing Secure Code in .NET Training Course Outline
Security Overview
The Need for Secure Systems
Trustworthy Computing
Proactive Security Development
SD 3 : Secure by Design, by Default, and in Deployment
Security Principles
Threat Modelling
Security Techniques
Preventing Buffer Overruns
Determining Appropriate Access Control
Running with Least Privilege
Cryptographic Techniques
Protecting Secret Data
Guarding against Input
Canonical Representation Issues
Database Input Issues
Web-Specific Input Issues
Internationalization Issues
Socket Security
Securing RPC, ActiveX Controls, and DCOM
Protecting Against Denial of Service Attacks
Writing Secure .NET Code
Code Access Security Overview
Using FxCop
Strong-Named Assemblies
Specifying Assembly Permission Requirements
Use of Assert
Demands and Link Demands
Limiting Who Uses Your Code
XML and Configuration Files
Partial Trust Assemblies
Issues with Delegates
Issues with Serialization
The Role of Isolated Storage
Tracing and Debugging
General Good Practices
Security Testing
The Role of the Security Tester
Building Security Test Plans from a Threat Model
Testing Clients with Rogue Servers
Determining Attack Surface
Performing a Security Code Review
Secure Software Installation
Principle of Least Privilege
Using the Security Configuration Editor
Low-Level Security APIs
Building Privacy into Your Application
Malicious vs. Annoying Invasions of Privacy
Major Privacy Legislation
Privacy vs. Security
Building a Privacy Infrastructure
Designing Privacy-Aware Applications
Writing Security Documentation and Error Messages
Security Issues in Documentation
Security Issues in Error Messages
Information Disclosure Issues
Security Usability
Comments