Masterclass: Secure Coding Techniques .NET

Live Virtual Class – Super Intensive Remote Training with Labs!
(9:00am – 4:00pm CEST Monday to Wednesday)

Register now - ask for price

Masterclass: Secure Coding Techniques .NET

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 12 participants by default, or supported by an assistant instructor if the number of delegates exceeds 12. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

Upcoming Live Virtual Classes

Live Virtual Class Length Start Date Instructor
Register Now 3 days-21h 13.09.2021 Przemysław Tomasik

See the schedule of our all Live Virtual Classes

Loads of Knowledge

Gartner reports states that over 70% of security vulnerabilities exist at the application layer. Industry standards including PCI DSS, NIST, FISMA are introducing requirements to comply with security coding guidelines and integrating application scanning into software development life cycle. Microsoft Security Development Lifecycle emphasizes the need of having at least one security training class each year. Such training can help ensure software is created with security and privacy in mind and can also help development teams stay current on security issues and modern security techniques.

CQURE Secure Coding Techniques course is prepared by experienced .NET and security consultants, conducting code reviews and consultancies for customers all over the world. We guarantee, that the knowledge being transferred is always up to date and includes latest security guidelines and techniques.

During 3-day instructor-led training you will learn and practice all important .NET security features (with special focus on web applications), ways of hacking applications and reviewing the code with security in mind. We will start by talking about security as a process – covering most important aspects of latest Microsoft SDL guidance, tools, architecture and design practices. Then we will go through everything that each .NET developer needs to know about secure coding practices with newest tools and services (Visual Studio 2017, TFS 2018 or Azure DevOps).

We will spend most of our time talking about securing ASP.NET applications and issues frequently observed. You will learn about OWASP TOP 10 – most critical web application security vulnerabilities, see them in practice (in ASP.NET) and mitigate the risks. We will see how to hack web applications by using various techniques and learn how to prevent those risks. You will learn about the latest version of ASP.NET Identity – modern framework for securing ASP.NET applications. We will cover fundamentals of ASP.NET Web API and see modern ways of protecting them by OAUTH 2, OpenID and claims-based authentication. At the end you will see how to put all the knowledge in practice to conduct code reviews. After finishing the course, attendees will be up-to date with the latest security techniques used in .NET applications and will be able to conduct .NET application code reviews by themselves.

To get more practice we offer three extra weeks of labs online!

This course is ideal for:

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.

Unique exercises:

All exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux. This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions! Remember that the labs will stay online for an extra three weeks so you may practice even more after the training is completed!

Platform and Technical Requirements:

To participate in the course you need a Stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the Lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.

Certification:

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

COURSE FORMULA

Remote Delivery

We are Experts in remote delivery. In the past year, we have organized over 200 days of trainings and we have tested many solutions. The experience remains the same as in the case of face-to-face trainings – a personalized, lab intense training with a lot of interaction between you and the instructor.

Virtual Labs

You will be granted a lab access for the duration of the training and a complementary access for additional 3 weeks after the training concludes with new challenging exercise instructions. With the extra self-study materials, you will be able to refresh your knowledge, acquire new skills and practically apply the techniques you have just learned.

Lifelong Certification

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.

COURSE SYLLABUS

Module 1

Security as a process

  1. Microsoft Security Development Lifecycle fundamentals
  2. Threat modeling

Module 2

.NET Security Features

  1. Code Access Security and other security features in .NET 4.7
  2. Security features of .Net Core
  3. Encryption
  4. Protecting data
  5. Obfuskation
  6. Secure coding guidelines

Module 3

General web application security issues

  1. OWASP Top 10 by example
  2. Hacking your web application

Module 4

SQL Security

  1. SQL Server security features
  2. Security and encryption in SQL Server 2017

Module 5

ASP.NET Security Features

  1. ASP.NET MVC security
  2. Web Forms security
  3. ASP.NET Identity

Module 6

Securing Web APIs

  1. ASP.NET Web API 2 fundamentals, OWIN Exploit Guard (ASR)
  2. Web API Security
  3. OAUTH 2, OpenID Connect

Module 7

Secure Web API Clients

  1. Fundamentals and security of AngularJS applications
  2. Mobile applications security
  3. Deploying DNS and DNSSEC
  4. OAUTH 2, OpenID Connect

Module 8

Code reviews

  1. Conducting a code review – in practice
  2. Security checklists
  3. Code reviews – lessons learned
  4. Working with Azure DevOps
Register now - ask for price

Click here to browse the modules:

YOUR TEACHER

Przemek Tomasik

Cybersecurity Expert

Przemysław Tomasik is CQURE’s Cybersecurity
Expert with over 15 years of IT experience, focusing
the last decade on security and compliance. He has
worked for financial, ecommerce, and hospitality
industry in Fortune 500 companies. In 2017 he
opened a new chapter in his IT career – educating in
security. Thanks to his practical and current
knowledge, he conducts training in an interesting
and accessible way, focusing on current trends.

WHO IS IT FOR?

Audience

The course is perfect for enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants.

Recommendations

We recommend to have at least 8 years in the field and experience in administering Windows infrastructure.

Exercises

All the exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux.

Our students say…

I have attended CQURE’s training as someone who is not a security professional, but just an enthusiast, and I feel like I learned a A LOT. The whole training was loaded with information and nice demos of the latest technologies. On top of that — having an opportunity to ask and talk to professionals was priceless.

Marek Chmel

SQL Server DBA | AT&T

Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!

Martin Weber

CTO | IT.innovation.4U GmbH

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.

Jack Perry

Security Principal Consultant

×