Szkolenia SCADEMY

Cel szkolenia szkolenie zdalne - dlearning

kod: CL-ONA | wersja: 1.0

This course is the next step for our participants, who completed our OWASP Top 10, C# Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the C#-specific aspects of secure coding instead of the general vulnerabilities.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Participants attending this course will:

  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography

Audience:

  • Web developers

Plan szkolenia Rozwiń listę

  1. Client-side security
    • JavaScript security
    • Same Origin Policy
    • Simple requests
    • Preflight requests
    • Clickjacking
      • Clickjacking
      • Exercise – IFrame, Where is My Car?
      • Protection against Clickjacking
      • Anti frame-busting – dismissing protection scripts
      • Protection against busting frame busting
    • AJAX security
      • XSS in AJAX
      • Script injection attack in AJAX
      • Exercise – XSS in AJAX
      • XSS protection in AJAX
      • Exercise CSRF in AJAX – JavaScript hijacking
      • CSRF protection in AJAX
  2. Practical cryptography
    • Rule #1 of implementing cryptography
    • Cryptosystems
      • Elements of a cryptosystem
      • .NET cryptographic architecture
      • FIPS 140-2
    • Symmetric-key cryptography
      • Providing confidentiality with symmetric cryptography
      • Symmetric encryption algorithms
      • Modes of operation
      • Encrypting and decrypting (symmetric)
    • Other cryptographic algorithms
      • Hash or message digest
      • Hash algorithms
      • SHAttered
      • Hashing
      • Message Authentication Code (MAC)
      • Providing integrity and authenticity with a symmetric key
      • Random number generation
        • Random numbers and cryptography
        • Cryptographically-strong PRNGs
        • Weak PRNGs in .NET
        • Strong PRNGS in .NET
        • Hardware-based TRNGs
    • Asymmetric (public-key) cryptography
      • Providing confidentiality with public-key encryption
      • Rule of thumb – possession of private key
      • The RSA algorithm
        • Introduction to RSA algorithm
        • Encrypting with RSA
        • Combining symmetric and asymmetric algorithms
        • Digital signing with RSA
        • Asymmetric algorithms in .NET
        • Exercise Sign
        • Exercise – using .NET cryptographic classes
    • Public Key Infrastructure (PKI)
      • Root of Trust Concept
        •  
        • Man-in-the-Middle (MitM) attack
        • Digital certificates against MitM attack
        • Certificate Authorities in Public Key Infrastructure
        • X.509 digital certificate
Pobierz konspekt szkolenia w formacie PDF

Dodatkowe informacje

Wymagania wstępne

General C# and Web application development.

Poziom trudności
Czas trwania 1 dzień
Certyfikat

The participants will obtain certificates signed by SCADEMY (course completion).

Prowadzący

Authorized SCADEMY Trainer.

Informacje dodatkowe

Related courses:

  • CL-ANS Secure desktop application development in C#
  • CL-NSM C# and Web application security master course
  • CL-WTS Web application security testing
  • CL-WSC - Web application security

Note: Training come with a number of easy-to-understand exercises providing live hacking fun. By accomplishing these exercises with the lead of the trainer, participants can analyze vulnerable code snippets and commit attacks against them in order to fully understand the root causes of certain security problems. All exercises are prepared in a plug-and-play manner by using a pre-set desktop virtual machine, which provides a uniform development environment.

Pozostałe szkolenia SCADEMY | Fundamentals

Szkolenia powiązane tematycznie

Programowanie

Bezpieczeństwo IT

Formularz kontaktowy

Prosimy o wypełnienie poniższego formularza, jeśli chcą Państwo uzyskać więcej informacji o powyższym szkoleniu.






* pola oznaczone (*) są wymagane

Informacje o przetwarzaniu danych przez Compendium – Centrum Edukacyjne Spółka z o.o.

CENA SZKOLENIA OD 1000 PLN NETTO

Najbliższe szkolenia SCADEMY

Harmonogram szkoleń SCADEMY