EC-Council Certified Secure Programmer-.NET

Transcription

1 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline EC-Cuncil Certified Secure Prgrammer-.NET Curse Outline Mdule 01: Intrductin t.net Applicatin Security Micrsft.NET Applicatin Security.NET Applicatin Security Need fr.net Applicatin Security.NET Applicatin Attack Statistics Understanding Applicatin Security End-t-End Security What is Secure Cding? Why are Security Mistakes Made? Key Elements f.net Framewrk Architecture Security.NET Security Features.NET Framewrk Security Namespaces ASP.NET Security Architecture Cmmn Security Threats n.net Web Applicatin Security Frame Cmmn Security Threats n.net OWASP Tp 10 Attacks n.net Security Miscnfiguratin Crss-Site Scripting (XSS) Attacks SQL Injectin Attacks Crss-Site Request Frgery (CSRF) Attack Failure t Restrict URL Access Insufficient Transprt Layer Prtectin Unvalidated Redirects and Frwards Insecure Direct Object References Brken Authenticatin and Sessin Management Insecure Cryptgraphic Strage Secure Develpment Lifecycle (SDL) Phases f SDL Page 1 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

2 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline SDL Prcess Integrating Security int the Develpment Lifecycle Security in the Design Stage: Threat Mdeling Threat Mdeling Prcess The STRIDE mdel The DREAD mdel Guidelines fr Applying Security in Implementatin Phase f SDL Security Testing Secure Cding Principles Guidelines fr Develping Secure Cdes Mdule 02:.NET Framewrk Security Intrductin t.net Framewrk.NET Framewrk Architecture Basic Cmpnents f.net Framewrk.Net Runtime Security.NET Framewrk Runtime Security Mdel Rle-Based Security Rle-Based Security: Windws Principal Rle-Based Security: Generic Principal Cde Access Security (CAS) Using Cde Access Security in ASP.NET Evidence-Based Security Permissins Cde Access Permissins Identity Permissins Rle-Based Security Permissins Permissins Classes in.net Type Safety SkipVerificatin Stack Walk Declarative and Imperative Security Syntax Islated Strage Page 2 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

3 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Data String Prcess in Islated Strage Managing Data Islatin using Stre s Identity Levels f Islatin Limitatins f Islated Strage Administering Islated Strage Granting Islated Strage Permissins with Mscrcfg.msc Granting Islated Strage Permissins with Caspl.exe Managing Existing Stres.NET Class Libraries Security Class Libraries Security Writing Secure Class Libraries Security Demands Link Demands Security Hles in Link Demands Inheritance Demands Overriding Security Checks Security Optimizatins.NET Assembly Security.NET Assembly Cmmn Threats t.net Assemblies Privileged Cde Secure Assembly Design Cnsideratins Secure Class Design Cnsideratins Securing Assemblies Using Strng Name Signing Securing Assemblies with Cde Access Attributes Securing Assemblies Against Decmpilatin Using Obfuscatin Dtfuscatr:.NET Obfuscatr Prtecting Assemblies Using Publisher Certificate Securing Assemblies Using Applicatin Dmain Permissins Vulnerability in Serializing Sensitive Objects Vulnerabilities in Multithreaded Assemblies Vulnerabilities in Static Class Methds/ Cnstructrs f Assemblies Vulnerability in Dispse Methds Page 3 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

4 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline.NET Security Tls Cde Access Security Plicy Tl: Caspl.exe Caspl.exe Parameters Sftware Publisher Certificate Test Tl: Cert2spc.exe Certificate Manager Tl: Certmgr.exe Optins in Certmgr.exe Certificate Creatin Tl: Makecert.exe Optins in Makecert.exe PEVerify Tl: Peverify.exe Optins in Peverify.exe.NET Security Anntatr Tl: SecAnntate.exe Sign Tl: SignTl.exe Strng Name Tl: Sn.exe Islated Strage Tl: Streadm.exe Best Practices fr.net Framewrk Security Mdule 03: Input Validatin and Output Encding Input Validatin Why Input Validatin? Input Validatin Input Validatin Specificatin Input Validatin Appraches Client-side Input Validatin Server-side Input Validatin Client-Server Input Validatin Reliability Input Filtering Input Filtering Technique: Black Listing Input Filtering Technique: White Listing Perfrm Input Validatin and Filtering using a Regular Expressin String Manipulatin and Cmparisn Data Type Cnversin ASP.NET Validatin Cntrls Set f ASP.NET Validatin Cntrls Page 4 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

5 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline RequiredField Validatin Cntrl Range Validatin Cntrl Cmparisn Validatin Cntrl RegularExpressin Validatin Cntrl Custm Validatin Cntrl Validatin Summary Cntrl Input Validatin Attacks Crss Site Scripting (XSS) Attack SQL Injectin Attacks HTML Tags Used in XSS Attack Defensive Techniques against XSS Attacks XSS Attack Defensive Techniques Need fr Securing Validatin Cntrls Securing RequiredField Validatin Cntrl Securing Range Validatin Cntrl Specifying the Crrect Data Type in Range Validatr Securing Cmparisn Validatin Cntrl Securing RegularExpressin Validatin Cntrl Securing Custm Validatin Cntrl Integrating Security fr Multiple Validatin Cntrls Defensive Techniques against SQL Injectin Attacks SQL Injectin Attack Defensive Techniques Using Parameterized Queries Using Parameterized Stred Prcedures Using Escape Rutines t Handle Special Input Characters Database Specific Escaping: Oracle Escaping Using a Least-Privileged Database Accunt Cnstraining Input Output Encding ASP.NET Cntrls with Encding Supprt Encding Unsafe Output using HtmlEncde Encding Unsafe Output using UrlEncde Anti-XSS Library Page 5 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

6 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Encding Output using Anti-XSS Library Sandbxing Sandbxing Sftware: Sandbxie Sandbxing Sftware: BufferZne Pr Sandbxing API in.net Framewrk Creating Sandbx fr Partial Trust Cde Best Practices Micrsft Cde Analysis Tl.NET (CAT.NET) Mdule 04:.NET Authrizatin and Authenticatin Intrductin t Authenticatin and Authrizatin Cmmn Threats with User Authenticatin and Authrizatin Authenticatin and Authrizatin in.net Web Applicatin Security Security Relatinship between IIS and ASP.NET Authenticatin ASP.NET Authenticatin ASP.NET Authenticatin Mdes Security Settings Matrix between IIS and ASP.NET Frms Authenticatin Passprt Authenticatin Implementing Passprt Authenticatin Custm Authenticatin Implementing Custm Authenticatin Scheme Windws Authenticatin Selecting an Apprpriate Authenticatin Methd Determining an Authenticatin Methd Enterprise Services Authenticatin SQL Server Authenticatin Authrizatin Identities, Principals, and Rles ASP.NET Authrizatin URL Authrizatin File Authrizatin Page 6 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

7 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline What is Impersnatin? Impersnatin Optins Delegatin Cde-based Authrizatin Declarative Authrizatin Imperative Authrizatin Explicit Authrizatin Authrizatin using ASP.NET Rles Enterprise Services Authrizatin SQL Server Authrizatin Authenticatin and Authrizatin Vulnerabilities Securing Frms Authenticatin Tickets Securing Hash Generatin using SHA1 Securing Encryptin using AES Securing Frms Authenticatin Ckies using SSL Securing Frms Authenticatin Credentials Preventing Sessin Hijacking using Ckieless Authenticatin Securing Authenticatin Tken Using Sliding Expiratin Aviding Frms Authenticatin Ckies frm Persisting Using DisplayRememberMe Prperty Aviding Frms Authenticatin Ckies frm Persisting Using RedirectFrmLginPage Methd Aviding Frm Authenticatin Ckies frm Persisting Using SetAuthCkie Methd Aviding Frm Authenticatin Ckies frm Persisting Using GetRedirectUrl Methd Aviding Frm Authenticatin Ckies frm Persisting Using FrmsAuthenticatinTicket Cnstructr Securing Passwrds with minrequiredpasswrdlength Securing Passwrds with minrequirednnalphanumericcharacters Securing Passwrds with passwrdstrengthregularexpressin Restricting Number f Failed Lgn Attempts Securing Applicatin by Using Abslute URLs fr Navigatin Securing Applicatins frm Authrizatin Bypass Attacks Creating Separate Flder fr Secure Pages in Applicatin Validating Passwrds n CreateUserWizard Cntrl using Regular Expressins Authenticatin and Authrizatin Best Practices Page 7 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

8 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Applicatin Categries Cnsideratins: Authenticatin-Frms Applicatin Categries Cnsideratins: Authrizatin Guidelines fr Secure Authenticatin and Authrizatin Cding Secure Develpment Checklists: Authenticatin Secure Develpment Checklists: Authrizatin Secure Develpment Checklists: User-Server Authenticatin Secure Cmmunicatin String Secrets Optins fr String Secrets in ASP.NET Mdule 05: Secure Sessin and State Management Sessin Management Basic Security Principles fr Sessin Management Tkens Cmmn Threats t Sessin Management Sessin Management Techniques in ASP.NET ASP.NET Sessin Management Techniques Client-Side State Management Client-Side State Management Using Ckies Client-Side State Management Using Hidden Fields Client-Side State Management Using View State Client-Side State Management Using Cntrl State Client-Side State Management Using Query Strings Server-Side State Management Server-Side State Management Using Applicatin Object Server-Side State Management Using Sessin Object Server-Side State Management Using Prfile Prperties Sessin Attacks and Its Defensive Techniques Sessin Hijacking Securing ASP.NET Applicatin frm Sessin Hijacking Implementing SSL t Encrypt Ckies Setting a Limited Time Perid fr Expiratin Avid using Ckieless Sessins Avid using UseUri Ckieless Sessins Page 8 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

9 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Avid Specifying Ckie Mdes t AutDetect Avid Specifying Ckie Mdes t UseDevicePrfile Enabling regenerateexpiredsessinid fr Ckieless Sessins Resetting the Sessin when User Lgs Out Tken Predictin Attack Generating Lengthy Sessin Keys t Prevent Guessing Sessin Replay Attack Defensive Techniques fr Sessin Replay Attack Sessin Fixatin Sessin Fixatin Attack Securing ASP.NET Applicatin frm Sessin Fixatin Attack Crss-Site Script Attack Preventing Crss-Site Scripting Attack using URL Rewriting Preventing Sessin Ckies frm Client-Side Scripts Attacks Crss-Site Request Frgery Attack Implementing the Sessin Tken t Mitigate CSRF Attacks Defensive Techniques fr Crss Site Request Frgery Attack Securing Ckie Based Sessin Management Ckie-Based Sessin Management Persistent Ckies Infrmatin Leakage Avid Setting the Expire Attribute t Ensure Ckie Security Ensuring Ckie Security using the Secure Attribute Ensuring Ckie Security using the HttpOnly Attribute Ensuring Ckie Security using the Dmain Attribute Ensuring Ckie Security using Path Attribute ViewState Security Cmmn Threats n ViewState ViewState Data Tampering Attack ViewState neclick Attacks Securing ViewState Securing ViewState with Hashing Securing ViewState with Encryptin Securing ViewState by Assigning User-Specific Key Page 9 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

10 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Guidelines fr Secure Sessin Management Mdule 06:.NET Cryptgraphy Intrductin t Cryptgraphy Cryptgraphic Attacks What Shuld Yu D t Keep the.net Applicatin Away frm Cryptgraphic Attacks? Cryptgraphy Functins f Cryptgraphy Cmmn Threats n Functins f Cryptgraphy and Their Mitigatin Techniques Types f Cryptgraphic Attacks in.net.net Cryptgraphy Namespaces.NET Cryptgraphic Class Hierarchy Symmetric Encryptin SymmetricAlgrithm Class Members f the SymmetricAlgrithm Class Prgramming Symmetric Data Encryptin and Decryptin in.net Securing Infrmatin with Strng Symmetric Encryptin Algrithm Cipher Functin Cipher Mdes Vulnerability in Using ECB Cipher Mde Padding Prblem with Zers Padding Symmetric Encryptin Keys Securing Symmetric Encryptin Keys frm Brute Frce Attacks Resisting Cryptanalysis Attack Using Large Blck Size Generating Nn-Predictable Cryptgraphic Keys using RNGCryptServicePrvider String Secret Keys and String Optins Prtecting Secret Keys with Access Cntrl Lists (ACLs) Prtecting Secret Keys with DPAPI Self Prtectin fr Cryptgraphic Applicatin Encrypting Data in the Stream using CryptStream Class Asymmetric Encryptin AsymmetricAlgrithm Class Page 10 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

11 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Hashing Members f the AsymmetricAlgrithm Class Prgramming Asymmetric Data Encryptin and Decryptin in.net Asymmetric Encryptin Algrithm Key Security Securing Asymmetric Encryptin using Large Key Size String Private Keys Securely Prblem with Exchanging Public Keys Exchanging Public Keys Securely Asymmetric Data Padding Prtecting Cmmunicatins with SSL Hashing Algrithms Class Hierarchy in.net Hashing in.net Members f the HashAlgrithm Class Prgramming Hashing fr Memry Data Prgramming Hashing fr Streamed Data Impsing Limits n Message Size fr Hash Cde Security Setting Prper Hash Cde Length fr Hash Cde Security Message Sizes and Hash Cde Lengths Supprted by the.net Framewrk Hashing Algrithms Securing Hashing Using Keyed Hashing Algrithms Digital Signatures Attacker's Target Area n Digital Signatures Security Features f Digital Signatures.NET Framewrk Digital Signature Algrithms Digital Certificates.NET Supprt fr Digital Certificates Prgramming Digital Signatures using Digital Certificates XML Signatures Need fr Securing XML Files Securing XML Files using Digital Signatures Prgramming a Digital Signature fr a Sample XML File Page 11 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

12 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Mdule 07:.NET Errr Handling, Auditing, and Lgging Errr Handling Parameters t be Cnsidered while Designing Secure Errr Messages! What is an Errr? What are Exceptins/Runtime Errrs? Need f Errr/Exceptin Handling Secure Exceptin Handling Exceptin Handling in ASP.NET Handling Exceptins in an Applicatin Class-Level Exceptin Handling Class-Level Exceptin Handling Vulnerabilities Generic Exceptin Thrwing Vulnerability Generic Exceptin Catching Vulnerability Vulnerability in Printing StackTrace Vulnerability in Exceptin.TString() Methd Vulnerability in Swallwing Exceptins Cleanup Cde Vulnerability Vulnerability in Re-Thrwing Exceptin Rules f Thumb fr Gd Exceptin Management Page-Level Exceptin Handling Applicatin-Level Exceptin Handling Handling Exceptin with Applicatin_Errr Event Handler Handling Exceptin with ASP.NET Errr Page Redirectin Mechanism Managing Unhandled Errrs Expsing Detailed Errr Messages Sensitive Infrmatin Leakage Vulnerability in Custm Errr Message Unbserved Exceptin Vulnerability Exceptin Handling Best Practices Best Practices fr Cding Exceptins Safely D s and Dn ts in Exceptin Handling Guidelines fr Prper Exceptin Handling Errr Handling Security Checklists Auditing and Lgging Page 12 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

13 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline What is Lgging and Auditing? Need f Secure Lgging and Auditing Cmmn Threats t Lgging and Auditing What Shuld be Lgged? What Shuld NOT be Lgged? Where t Perfrm Event Lgging? Perfrming Lg Thrttling in ASP.NET Health Mnitring System Windws Event Lg Preventing Windws Event Lg frm Denial f Service Attack Securing Windws Event lg Preventing Rgue Administratrs frm Tampering with Windws Event Lgs Centralizing Lgging and Cnfiguring its Security Tracing in.net Writing Trace Output t Windws Event Lg Using EventLgTraceListener Auditing and Lgging Best Practices Tracing Security Cncerns and Recmmendatins Secure Auditing and Lgging Best Practices: Prtecting Lg Recrds Secure Auditing and Lgging Best Practices: Fixing the Lgs Auditing and Lgging Security Checklists.NET Lgging Tls Apache Fundatin s lg4net SmartInspect NLg Lgview4net.NET Lgging Tls Mdule 08:.NET Secure File Handling File Handling System.IO Namespace Classes Attacks n File and Its Defensive Techniques Path Traversal Attack Prtecting Path Traversal Attack Pssible Methds t Prevent Path Traversal Page 13 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

14 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Cannicalizatin Cannicalizatin Attack Prtecting the Applicatins against Cannicalizatin Attacks Securing Files Securing the Static Files Adding Rle Checks t File Access Securing File I/O frm Untrusted File Input Securing File I/O with Abslute Path Cnstrain File I/O by Cnfiguring Cde Access Security Plicy Securing User-Specified Files with FileIOPermissin Virtual Path Mapping Using MapPath Preventing Crss-Applicatin Mapping Using MapPath Validating File Names using GetFullPath Securing User Upladed Files File Extensin Handling Active Server Pages (ASP) Directry Listing Creating Directry Listing Islated Strage Islated Strage - Get Stre/ Open Stre Islated Strage Rt Lcatin Strage Files Islated Strage Example File Access Cntrl Lists (ACLs) File ACLs Required.NET Access Cntrl Lists (ACLs) Checklist fr Securely Accessing Files Mdule 09:.NET Cnfiguratin Management and Secure Cde Review Cnfiguratin Management ASP.NET Cnfiguratin Files ASP.NET Cnfiguratin File Mdel ASP.NET Cnfiguratin File Lcatins Cnfiguratin Management Threats Machine Cnfiguratin File Page 14 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

15 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline Machine Cnfiguratin File: Machine.cnfig Machine.cnfig Vulnerability Applicatin Cnfiguratin Files Applicatin Cnfiguratin File: Web.cnfig Web.cnfig Vulnerabilities: Default Errr Message Web.cnfig Vulnerabilities: Leaving Tracing Enabled in Web-Based Applicatins Web.cnfig Vulnerabilities: Leaving Debugging Enabled Web.cnfig Vulnerabilities: Ckies Accessible thrugh Client-Side Script Web.cnfig Vulnerabilities: Enabled Ckieless Sessin State Web.cnfig Vulnerabilities: Enabled Ckieless Authenticatin Web.cnfig Vulnerabilities: Failure t Require SSL fr Authenticatin Ckies Web.cnfig Vulnerabilities: Using Sliding Expiratin Web.cnfig Vulnerabilities: Using Nn-Unique Authenticatin Ckie Web.cnfig Vulnerabilities: Using Hardcded Credential Web.cnfig Vulnerabilities: Securing List-based Cntrls using EnableEventValidatin Web.cnfig Vulnerabilities: Securing Passwrds using PasswrdFrmat Web.cnfig Vulnerabilities: Changing Default Values f Membership Settings Web.cnfig Vulnerabilities: Securing Against XSS Attack Vulnerabilities Web.cnfig Vulnerabilities: Securing Against DS Attack Vulnerabilities Web.cnfig Vulnerabilities: Preventing ViewState frm Tampering Web.cnfig Vulnerabilities: Securing ViewState with SDL-apprved Cryptgraphic Algrithms Web.cnfig Vulnerabilities: Securing ViewState with Strng Validatin Key Web.cnfig Vulnerabilities: Securing ViewState using Encryptin Web.cnfig Vulnerabilities: Selecting Right Algrithm fr ViewState Encryptin Web.cnfig Vulnerabilities: Deplying Applicatin with Strng decryptin Key Web.cnfig Vulnerabilities: Ignring Validatin Errrs Applicatin Cnfiguratin Files: App.exe.cnfig App.exe.cnfig Vulnerabilities Cde Access Security Cnfiguratin Files Enterprise Plicy Cnfiguratin File: enterprisesec.cnfig Machine and User Plicy Cnfiguratin File: security.cnfig ASP. NET Plicy Cnfiguratin Files Page 15 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.

16 EC-Cuncil Certified Secure Prgrammer Exam Curse Outline.NET Framewrk Cnfiguratin Tl: Mscrcfg.msc Mscrcfg.msc Features Cde Access Security Plicy Tl: Caspl.exe Cnfiguratin Management Best Practices Secure Cde Review Why Secure Cde Review? Security Cde Review Apprach Step 1: Identify Security Cde Review Objectives Step 2: Perfrm Preliminary Scan Step 3: Review Cde fr Security Issues Step 4: Review fr Security Issues Unique t the Architecture Static Cde Analysis Tls Parasft dttest Micrsft FxCp StyleCp NDepend ReSharper Page 16 EC-Cuncil Certified Secure Prgrammer Cpyright by EC-Cuncil All Rights Reserved. Reprductin Is Strictly Prhibited.