2 Day Training: Tuesday (10/23) and Wednesday (10/24)
Class Summary: Secure programming is the best defense against hackers.
This multilayered Hands on course will demonstrate live real time hacking methods, analyze the code deficiency that enabled the attack and most importantly teach how to prevent such vulnerabilities by adopting secure coding best practices in order to bullet-proof your .NET application.
The methodology of the Cycle of knowledge is as follows: Understand, Identify, Prevent
This methodology presents the student with analytical tools to keep a deeper understanding of coding vulnerabilities and implement security countermeasures in different areas of the software development lifecycle.
The hands on labs will enable the student to get a firsthand experience of the Hacker’s world and what could be done to stop him.
Using sound programming techniques and best practices shown in this course, you will be able to produce high-quality code that stands up to attack. The course covers major security principles in the .NET framework, programming vulnerabilities, and specific security issues in ASP.NET web applications and Winform applications.
The course topics include:
• Application level attacks – live demonstrations of the OWASP Top 10
• Validating users’ data securely
• Securing DB connections
• Cryptography – Sensitive Data protection & Data integrity
• Authentication & Authorization
• Secure .NET Configuration
• Session Management
• Exception Management
• Auditing and Logging
• .NET Framework best practices
Computer Minimum Requirements: Laptop Equipped with VMWare Player/ Workstation, 2GB of RAM, and about 15GB of Disk Space for Software Installation. Each student will receive a personal DVD equipped with a LAB VM, code samples, slides, etc
Erez Metula is a world renowned application security expert, spending most of his time finding software vulnerabilities and teaching developers how they should avoid them. Erez has an extensive hands-on experience performing security assessments, code reviews and secure development trainings for worldwide organizations, and had previously talked at international security conferences such as BlackHat, Defcon, OWASP, RSA, SOURCE, CanSecWest and more.
His latest research on Managed Code Rootkits, presented at major conferences throughout the world, was published recently as a book by Syngress publishing. He is the founder of AppSec Labs, where he focuses on advanced application security topics.