MOC 2840 Implementing Security for Applications - Seminare

Seminar-Ziel

This five-day instructor-led class provides students with a thorough grounding in Microsoft .NET security implementation and general development security best practices. This course will prepare a student to take the Implementing Security for Applications exam

Teilnehmer Zielgruppe

This course is intended for experienced, professional application developers, including those employed by software companies or working on corporate development teams.

Kurs Voraussetzungen

• 1 year of experience using Microsoft Visual Studio® .NET 2003 (.NET Framework 1.1) and 2–3 years of additional development experience
• Experienced in either Visual Basic .NET or Visual C#.

Seminar-Inhalt

Module 1: Overview of Application Security

This module introduces students to the concept of application security. It explains the importance of security and the various application security loopholes. The module discusses the essential components of a successful Secure Development Process, such as threat modeling and threat mitigation. In addition, the module explains the security best practices.

Module 2: Implementing Platform Security Best Practices

This module focuses on implementing platform security best practices. It discusses the concept of ACLs and DACLs and enables students to use various built-in functions for implementing platform security using ACLs and DACLs. The module also explains how to create custom accounts with least privilege for running Microsoft ASP.NET applications and how to view audit trails. In addition, the module explains how to implement security defaults in an application. Finally, the module discusses the use of digital certificates and signatures and how to implement platform cryptography.

Module 3: Implementing Coding Security Best Practices

This module focuses on implementing coding security best practices. It enables students to validate application input for securing applications. The module also discusses how to secure local and third-party components and evaluate canonicalization issues. In addition, the module enables students to implement error-handling guidelines to defend against security exceptions.

Module 4: Using .NET Framework Security Features

This module focuses on .NET Framework security features. It explains how to use stack walks to defend against lurking attacks. In addition, the module enables students to implement security using application domains.

Module 5: Implementing Role-based Security

This module discusses programming techniques for implementing role-based security by using the Microsoft .NET Framework.

Module 6: Implementing Code-Access Security

This module focuses on implementing CAS. It explains how to work with code access permissions and apply CAS checks. In addition, the module discusses the default membership conditions and the four CAS policy levels.

Module 7: Implementing Cryptography in .NET

This module focuses on implementing symmetric and asymmetric cryptography to secure .NET applications.

Module 8: Securing ASP.NET Applications

This module focuses on securing ASP.NET applications. It discusses the various ASP.NET security features, such as authentication, authorization and impersonation, and how to implement each of these security features. In addition, the module explains how to secure Web files and folders.

Module 9: Securing Remote .NET Applications

This module focuses on securing remote .NET applications. The module enables students to implement Web Service Enhancements. It also explains how to configure remoting for security.

Module 10: Configuring .NET Security

This module focuses on configuring security using .NET tools. It explains how to manage security policies using Mscorcfg.msc and Caspol.exe.

Module 11: Implementing Security Testing

This module focuses on testing application security. It explains the need for security testing and discusses the best practices to be followed for security testing. The module also explains how to assess application security by using techniques such as footprint analysis and penetration testing. In addition, the module enables students to test application security by using various security testing tools.

Module 12: Deploying Applications with Security

This module focuses on deploying secure applications. It enables students to sign assemblies. In addition, the module discusses strong-named assemblies and how to configure security settings with Mscorcfg.exe and Caspol.exe.

Literatur

nach Absprache

[ Zurück ]