image description

Implementing Security for Applications

Register Now 

Length: 5 days   Fee: $2,495   Course #: 2840

Course Description

This five-day instructor-led class provides students with a thorough grounding in Microsoft .NET security implementation and general development security best practices. This course will prepare a student to take the Implementing Security for Applications exam (available in Microsoft Visual Basic .NET 70-330 and Microsoft Visual C# 70-340).

Course Objectives:

  • Explain the basic concept of application security.
  • Implement platform security best practices.
  • Implement coding security best practices.
  • Implement security using CLR and application domains.
  • Implement role-based security by using the Microsoft .NET Framework.
  • Implement CAS to secure applications.
  • Implement cryptography in .NET.
  • Improve the Security of remote applications built on the .NET Framework.
  • Improve the Security of ASP.NET applications.
  • Manage and configure security policies using Framework tools.
  • Test application security.
  • Deploy applications in a manner that minimizes security risks.

Course Audience:

This course is intended for experienced, professional application developers, including those employed by software companies or working on corporate development teams.

Course PreRequisites:

Before attending this course, students should have a minimum of 1 year of experience using Microsoft Visual Studio .NET 2003 (.NET Framework 1.1) and 2-3 years of additional development experience and experience in either Visual Basic .NET or Visual C#.

Course Outline:

  1. Overview of Application Security
    1. The Importance of Application Security
    2. Application Security Best Practices
  2. Implementing Platform Security Best Practices
    1. Security Best Practices for COM+, IIS, and SQL Server 2000
    2. Using ACLs and DACLs
    3. Using Windows Least-Privilege Accounts
    4. Using Audit Trails
    5. Implementing Platform Cryptography
    6. Implementing Data Protection
  3. Implementing Coding Security Best Practices
    1. Validating Application Input
    2. Evaluating Canonicalization Issues
    3. Using Security Exceptions
  4. Using .NET Framework Security Features
    1. Implementing CLR Security Mechanism
    2. Implementing Security Using Application Domains
  5. Implementing Role-based Security
    1. Basics of Role-Based Security
    2. Role-Based Security with Principal and Identity Objects
    3. Role-Based Security with Permission Objects
  6. Implementing Code-Access Security
    1. Overview of Code-Access Security
    2. Performing Basic Security Operations
    3. Performing Imperative Security Operations
    4. Performing Declarative Security Operations
    5. Adding Permission Requests
  7. Implementing Cryptography in .NET
    1. Implementing Symmetric Cryptograph
    2. Implementing Asymmetric Cryptography
  8. Securing ASP.NET Applications
    1. Implementing Authentication in ASP.NET Applications
    2. Implementing Authorization in ASP.NET Applications
    3. Implementing Impersonation in ASP.NET Applications
    4. Securing Web Files and Folders
  9. Securing Remote .NET Applications
    1. Introducing .NET Application Security
    2. Implementing Authentication and Authorization in .NET Remoting Applications
    3. Introducing Web Service Security
    4. Implementing WS Security
  10. Configuring .NET Security
    1. Managing Security Policies Using Mscorcfg.msc
    2. Managing Security Policy Levels Using Mscorcfg.msc
  11. Implementing Security Testing
    1. Overview of Security Testing
    2. Creating a Security Test Plan
    3. Performing Security Testing
  12. Deploying Applications with Security
    1. Deploying .NET Applications with Security Settings
    2. Deploying .NET Applications with Publisher Identity and Code Integrity

Register Now