"Vi hjelper deg å nå dine kompetansemål i 2017"


Combined C/C++/C#, ASP.NET and Web application security

Kursavgift: kr 20 900 | Varighet: 4 dager

Beskrivelse:

Serving teams that use managed code (.NET and ASP.NET typically written in C#) together with native code development (typically C/C++), this training gives a comprehensive overview of the security issues in both environments.

Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.

The course also covers both the various general (like Web services) and specific security solutions and tools, and the most frequent and severe security flaws of managed code, dealing with both language-specific issues and the problems stemming from the runtime environment. The vulnerabilities relevant to the ASP.NET platform are detailed along with the general web-related vulnerabilities following the OWASP Top Ten list. The course consists of a number of exercises through which attendees can easily understand and execute attacks and protection methods.





Målgruppe:

C/C++/C#, .NET and ASP.NET developers, architects and testers


Forkunnskaper:

Preparedness: Advanced C/C++/C#, ASP.NET and Web



Innhold:

  • Security technologies and services:
    Code Access Security, Role Access Security, Remoting Architecture; ASP.NET trust levels; form authentication; session handling; provider model; membership, role management and the Microsoft Passport Network; SOAP and REST; secure communication and transport-layer security (TLS/SSL and IPSEC), application- and container-managed authentication, authorization; End-to-end security; Web Services Security (WSS), signing (XML Sig) and encryption (XML Enc)

  • Common security vulnerabilities and mitigation techniques:
    Buffer Overflow (BOF), heap overflow; integer problems: widthness bug, signedness bug, arithmetic overflow; Printf Format String bug (PFS); array indexing problems, unicode bug, side channels: the RSA timing attack, Time-of-Checking-to-Time-of-Usage (TOCTTOU) race conditions, Directory Traversal Vulnerability (DTV); No eXecute (NX bit) access mode of Virtual Memory Management (VMM); Data Execution Prevention (DEP); Address Space Layout Randomization (ASLR) – PaX, ExecShield; Stack Smashing Protection (SSP) – /GS, StackGuard, ProPolice; Source Code Analyzers (SCA tools).

  • .NET and ASP.NET vulnerabilities, attacks and mitigations:
    integer overflows in .NET; injection flaws in ASP.NET: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), log forging; unsafe native calls; Equals() and toString() problems; attacking PostBack and ViewState; string termination attacks; direct call to GC.Collect(); implementation of ICloneable; class comparison methods; using the [Serializable] attribute; unsafe reflection; attacking PostBack and ViewState; string termination attacks; and many more...

  • Exercises:
    exploiting stack overflow – executing shell codes; crafting a printf format attack string – write-what-where (WWW) possibilities; understanding integer problems; applying mitigation techniques; circumventing them by return-to-libc attack or argument overwriting; and many spot- and-correct-the-bug exercises. WS Security with username and password; XMLS Signature; XML Encryption; exploiting SQL injection step-by-step; crafting Cross-Site Scripting attacks; uploading and running executable code




Bestill kurset her

arrow

Velg kurssted

    arrow

    Velg dato

    kurs merket med * har startgaranti

    arrow

    Mailen er sendt:

    Ditt tips er registrert og sendt!
    Vi håper snarlig å se deg på kurs hos oss!

    Feilmelding:

    OBS! Vi har problemer med å sende ditt tips!

    Vi anbefaler deg å sjekke om du har skrevet inn en gyldig mailadresse.

    Tips sjefen

    Lyst til å delta på dette kurset, men må overbevise sjefen først?

    Glasspaper har laget en tips funksjon, som gjør det enklere for deg å overbevise din sjef om at dette kurset er perfekt for deg.
    Det eneste du trenger å gjøre er å fylle ut kontaktinformasjon, så sender vi relevant informasjon om kurset rett til dine utvalgte kontaktpersoner.
    Bruk gjerne funksjonen til å tipse venner og kollegaer om at dette er et nyttig kurs for dem





    Kontakt oss

    Kursansvarlig

    Henning Solberg

    93 09 01 29

    henning@glasspaper.no


    Glasspaper er kåret til Årets Microsoft Kurspartner 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2008!