Developing Secure Web Applications



Similar documents
Advanced Web Application Development using Microsoft ASP.NET

Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory. Infrastructure. Key Data. Audience. At Course Completion

Administering a Microsoft SQL Server 2000 Database

Advanced Web Application Development using Microsoft ASP.NET

Maintaining a Microsoft Windows Server 2003 Environment

2311A: Advanced Web Application Development using Microsoft ASP.NET Course 2311A Three days Instructor-led

Deploying Microsoft Windows Rights Management Services

MS-55096: Securing Data on Microsoft SQL Server 2012

Table of Contents. Introduction. Audience. At Course Completion

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

Securing Data on Microsoft SQL Server 2012

Implementing and Supporting Microsoft Windows XP Professional

Developing ASP.NET MVC 4 Web Applications

Developing ASP.NET MVC 4 Web Applications Course 20486A; 5 Days, Instructor-led

Table of Contents. Introduction. Audience. At Course Completion

EC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET)

Updating your Active Directory Technology Skills to Windows Server 2008 (Beta 3)

Course Syllabus. 2553A: Administering Microsoft SharePoint Portal Server Key Data. Audience. At Course Completion.

This three-day instructor-led course provides students with the tools to extend Microsoft Dynamics CRM 4.0.

2667A - Introduction to Programming

Course Title: ITAP 4371: E-Commerce. Semester Credit Hours: 3 (3,0)

Developing Microsoft Azure Solutions 20532B; 5 Days, Instructor-led

Advanced Web Application Development using Microsoft ASP.NET

MOC DEVELOPING WINDOWS AZURE AND WEB SERVICES

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

This module provides an overview of service and cloud technologies using the Microsoft.NET Framework and the Windows Azure cloud.

MS-6422A - Implement and Manage Microsoft Windows Server Hyper-V

MS PRO: Designing Applications for Microsoft SharePoint 2010

Preliminary Course Syllabus

Developing ASP.NET MVC 4 Web Applications MOC 20486

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites

Designing Security for Microsoft SQL Server 2005

Course Syllabus. Configuring and Troubleshooting Internet Information Services in Windows Server Key Data. Audience. At Course Completion

Deploying Windows Server 2008 (Beta 3)

Course 20532B: Developing Microsoft Azure Solutions

2933A: Developing Business Process and Integration Solutions Using Microsoft BizTalk Server 2006

Planning, Deploying, and Managing an Enterprise Project Management Solution

Designing and Developing Microsoft SharePoint Server 2010 Applications Course Outline

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites. Microsoft Certified Professional Exams

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

IINS Implementing Cisco Network Security 3.0 (IINS)

Effective Team Development Using Microsoft Visual Studio Team System

Implementing Cisco IOS Network Security v2.0 (IINS)

Administering a Microsoft SQL Server 2000 Database

Extending Microsoft Dynamics CRM 4.0

Catálogo de cursos plataforma elearning Microsoft Imagine Academy: Microsoft SQL Server y Visual Studio

Dev01: Kentico CMS 7 Developer Essentials Syllabus

90% of data breaches are caused by software vulnerabilities.

Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005

ASP.NET: THE NEW PARADIGM FOR WEB APPLICATION DEVELOPMENT

Developing Microsoft Azure Solutions

Course 10175A - Microsoft SharePoint 2010, Application Development

Course 6437A: Designing a Windows Server 2008 Applications Infrastructure

Implementing Cisco IOS Network Security

Developing and Implementing Web Applications with Microsoft Visual C#.NET and Microsoft Visual Studio.NET

Course 10174B: Configuring and Administering Microsoft SharePoint 2010

Programming in C# with Microsoft Visual Studio 2010

Designing a Windows Server 2008 Applications Infrastructure

Configuring and Administering Microsoft SharePoint 2010

Course: 8911B: Installation and Deployment in Microsoft Dynamics CRM 4.0

DE-20489B Developing Microsoft SharePoint Server 2013 Advanced Solutions

"Charting the Course to Your Success!" MOC B Configuring and Administering Microsoft SharePoint Course Summary

Transition your MCPD Web Developer Skills to MCPD ASP.NET Developer 3.5 (VB)

Configuring and Administering Microsoft SharePoint 2010 Course 10174B; 5 Days, Instructor-led

ADS2013: App Development with SharePoint 2013

Administering the Web Server (IIS) Role of Windows Server

Developing XML Web Services Using Microsoft ASP.NET Delivery Guide. Course Number: 2524B

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites. Microsoft Certified Professional Exams

Course Syllabus. Microsoft Dynamics GP Installation & Configuration. Key Data. Introduction. Audience. At Course Completion

Course: Fundamentals of Microsoft Server 2008 Active Directory

Web Plus Security Features and Recommendations

SPT2013: Developing Solutions with. SharePoint DAYS AUDIENCE FORMAT COURSE DESCRIPTION STUDENT PREREQUISITES

MS Designing and Optimizing Database Solutions with Microsoft SQL Server 2008

CCNA Security 2.0 Scope and Sequence

Developing Windows Azure and Web Services

Microsoft Windows Server 2008: Configuring and Troubleshooting Internet Information Services IIS

Last update: February 23, 2004

Programming with the Microsoft.NET Framework Using Microsoft Visual Studio 2005 (VB)

MS 20487A Developing Windows Azure and Web Services

ERIE COMMUNITY COLLEGE COURSE OUTLINE A. COURSE NUMBER CS ADVANCED WEB DEVELOPMENT & PROGRAMMING II

Course 55006A: COURSE DETAIL. Systems Center 2012 Operations Manager OVERVIEW. About this Course

Microsoft Training and Certification Guide. Current as of December 31, 2013

Developing Database Business Applications using VB.NET

Microsoft Visual Basic Scripting Edition and Microsoft Windows Script Host Essentials

Planning and Administering Windows Server 2008 Servers

Course 10174B: Configuring and Administering Microsoft SharePoint 2010

CCNA Security v1.0 Scope and Sequence

Configuring and Administering Microsoft SharePoint 2010

Developing Microsoft Azure Solutions 20532A; 5 days

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Course 5431: Getting Started with Microsoft Office PowerPoint Course 5420: Editing and Proofreading Documents in Microsoft Office Word 2007

10972B: Administering the Web Server (IIS) Role of Windows Server

Security Issues with Distributed Web Applications

Microsoft Certified Applications Developer (MCAD) exams

Understanding and evaluating risk to information assets in your software projects

Developing and Implementing Windows-Based Applications With Microsoft Visual C#.NET and Microsoft Visual Studio.NET

ASP.NET Using C# (VS2012)

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

MS Enterprise Library 5.0 (Logging Application Block)

Transcription:

Developing Secure Web Applications Elements of this syllabus are subject to change. Key Data Course #: 2300 Number of Days: 3 Format: Instructor-Led Certification Exams: None Certification Track: MCSD This course syllabus should be used to determine whether the course is appropriate for the students, based on their current skills and technical training needs. Course content, prices, and availability are subject to change without notice. This three-day instructor-led course provides students with the knowledge and skills that are needed to build Web applications by using secure coding techniques.. Students will learn how to identify Web application security vulnerabilities and understand the trade-offs between functionality and performance when choosing the appropriate security mechanisms for their Web applications. Throughout this course, students will get hands-on experience in creating secure Web applications. Audience This course is intended for students who are responsible for the design and development of Web applications. These students typically have three to five years of experience in developing or designing distributed Web applications. Actual job role titles vary throughout the technology industry, and they may include, but are not limited to: Web Developer The Web developer is responsible for developing the logic, coding, testing, and debugging of Web applications and Web application software. Solutions Architect The Solutions Architect is responsible for the design of the technical architecture of Web applications and Web-based software applications At Course Completion After completing this course, students will be able to: Define the basic principals of, and motivations for, Web security. Perform a threat analysis of Web-accessible assets. Use knowledge of authentication, Security Identifiers (SIDs), Access Control Lists (ACLs), impersonation, and the concept of running with least privilege to ensure access to only those system resources that are necessary to accomplish normal request processing. Protect file system data by using the features in Microsoft Windows 2000. Use the Microsoft SQL Server Security model and Microsoft ADO.NET to protect a Web application against SQL Server injection attacks. Use one of the CryptoService classes of the System.Security.Cryptography namespace to transform a block of data into cyphertext. Protect the portion of a Web application that requires private communications by using Secure Sockets Layer (SSL),. Use general security coding best practices to ensure a secure Web application. Use the Microsoft.NET Framework to build secure Web applications. Employ a structured approach to testing for Web application security. Use a systematic approach and knowledge of security best practices to secure an existing Web application. For more information and to register for classes contact ISONET Education Services 15th Floor RS Tower, 121/56 Ratchadapisek Rd., Dindaeng, Bangkok 10320 Tel: (662) 641-2200-8 Fax: (662) 641-2199 Email: training@isonet.co.th

Prerequisites Before attending this course, students must have: Familiarity with n-tier application architecture. Experience in developing or designing Web applications. Experience with one or both of the following programming languages: o Microsoft Visual Basic o C# o Microsoft Visual Basic.NET Experience in writing server-side and client-side scripts by using one or both of the following scripting languages: o Active Server Pages (ASP) o Microsoft ASP.NET Familiarity with all of the following Microsoft products and technologies is recommended: o Microsoft SQL Server 2000 o Microsoft Internet Information Services (IIS) In addition, it is recommended, but not required, that students have completed: Course 2310, Developing Web Applications Using Microsoft Visual Studio.NET Course 1017, Developing Web Applications Using Microsoft Visual InterDev Student Materials The student kit includes a comprehensive workbook and other necessary materials for this class.

Module 1: Introduction to Web Security This module provides an overview of the terms and concepts of, along with the justification for, Web security. Why Build Secure Web Applications? Using the STRIDE Model to Determine Threats Implementing Security: An Overview There is no lab for this module Describe why security is an essential consideration in Web application development. Describe the basic methods of cryptography, hashing, and digital signing. Module 2: Planning for Web Application Security This module describes the general process of incorporating security in the Web application planning and design process. A Design Process for Building Secure Web Applications Lab 2: There is no lab for this module Describe the iterative process of designing security into a Web application and be able to describe how each step relates to the other steps. Categorize and identify the most common types of attacks, the potential threat that those attacks pose to systems, services, and data within the organization, and the relationship between these threats. Module 3: Validating User Input This module explains the methods that can be used for checking user input, along with a discussion of the consequences of not performing those checks. User Input Types of User Input Attacks Performing Validation Revealing as Little Information as Possible to the User Lab 3: Verifying User Input The student will be given the task of identifying and repairing several unchecked user input fields on the checkout shipping screen. Identify the sources of user input in a Web application. Describe the security aspects of the client/server Web paradigm. Implement user input verification.

Use communications analysis and coding best practices to avoid providing information to users that can be leveraged for security attacks. Use proper error handling to ensure all fallback paths are expected, wanted, and do not suspend resource allocations. Reduce the impact of enialervicedenial of Service (DoS) attacks of varying types, such as application crashing, CPU starvation, resource starvation, and bandwidth choking. Module 4: Internet Information Services Authentication This module explains the Web client authentication methods that are supported by IIS and Windows 2000 Server. Introduction to Web Client Authentication Configuring Access Permission for a Web Server Selecting a Secure Client Authentication Method Running Services As an Authenticated User Lab 4: Authentication and Access Control Students will configure and implement the authentication and process identification for the online store Web application. Describe all of the authentication methods that are supported by IIS and Windows 2000 Server and be able to select the best method for a given set of requirements. Use knowledge of Windows 2000 access control mechanisms and process identification to properly configure identities for all of the processes in an ASP/COM+ Web application processing path. Use knowledge of Windows 2000 access control mechanisms and process identification to properly configure resource access for the identities that are defined for a Web application. Module 5: Securing Web Pages This module covers security in the context of Web applications that are built by using the.net framework. ASP Forms-Based Authentication.NET Code Access and Role-Based Security Overview of ASP.NET Authentication Methods Working with Windows-Based Authentication in ASP.NET security Working with ASP.NET Forms-Based Authentication Lab 5: Securing Web Pages Students will be given the task of completing the implementation of an ASP.NET Web application and setting up the authentication and impersonation methods.

Describe the elements that make up the core security model of the.net Framework. Use security best practices and a complete understanding of the security model while implementing ASP.NET Web applications. Module 6: Securing File System Data This module teaches a Web developer how to protect file system data that is typically part of a Web application. Overview of Securing Files Windows Access Control Creating ACLs Programmatically Protecting ASP.NET Web Application Files Lab 6: Securing Files with ACLs The students will secure file system data on an ASP.NET page. Describe how the Windows access control mechanisms are used to protect file system data. Use the features of Windows to protect Web application data from tampering. Use ASP.NET Web.config files to restrict access to files that are located in an ASP.NET Web application. Module 7: Securing Microsoft SQL Server This module will teach students how to protect Web applications from SQL Server injection attacks. SQL Server Connections and Security SQL Server Role-Based Security Securing SQL Server Communication Preventing SQL Injection Attacks Lab 7: Securing Microsoft SQL Server Data The student will be given the task of repairing the Web application implementation by using stored procedures and Microsoft ActiveX Data Objects (ADO) command parameters. Use the SQL Server Security model and ADO.NET to protect a Web application against attacks.

Module 8: Protecting Communication Privacy and Data Integrity This module teaches the mechanisms that can be used to ensure Web communication privacy and message data integrity, along with the guidelines for their proper use. The guidelines are presented as an attempt to avoid the common implementation mistakes that can compromise security and performance. Introduction to Cryptography Working with Digital Certificates Management Using Secure Sockets Layer/Transport Layer Security Protocols Using Internet Protocol Security Lab 8.1: Obtaining a Server Certificate Lab 8.2: Protecting Communication Privacy and Data Integrity Students will determine what portions of the course Web application require communication privacy and they will then implement SSL protection for those portions. Protect the portions of a Web application that require private communications by using SSL. Module 9: Encrypting, Hashing, and Signing Data This module explains how to use the cryptographic functionality, supported by Microsoft platforms, to encrypt and sign data. Encryption and Digital Signing Libraries Using CAPICOM Using System.Security.Cryptography Namespace to Hash Data Using System.Security.Cryptography Namespace to Encrypt and Sign Data Lab 9: Hashing Data Students will sign the contents of a file when it is stored and verify that signature to ensure data validity when the value is read again. Use one of the Cryptographic Services classes of the System.Security.Cryptography namespace to transform a block of data to cyphertext.

Module 10: Testing Web Applications for Security This module will provide students with the skills and knowledge that areis required to properly test a Web implementation for security. Testing Security in a Web Application Creating a Security Test Plan Performing Security Testing Lab 10: Test Cases for Security Testing students will perform test cases on the course Web application. Differentiate security testing from other types of testing. Create a security test plan. Successfully carry out a security test plan.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information