Course Duration : 3 Days
EC-Council Certified Secure Programmer. NET (ECSP.NET)
.Net is widely used by almost all organizations as the leading framework to build web applications.
The course teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications.
EC-Council Certified Secure Programmer lays the foundation required by all application developers and development organizations to produce applications with greater stability and fewer security risks to the consumer. The Certified Secure Application Developer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.
Students in this course will acquire knowledge in the following areas:
- .Net framework security features and various secure coding principles
- .Net framework run time security model, role-based security, code access security (CAS), and class libraries security
- Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
- Defensive techniques against session attacks, cookie security, and View State security
- Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
- Defensive techniques against path traversal attacks and defensive techniques against canonicalization attack and file ACLs
- Mitigating vulnerabilities in machine config files, mitigating the vulnerabilities in app config files, and security code review approaches
- The importance of secure programmers and certified secure programmers, the career path of secure programmers, and the essential skill set of secure programmers
The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET Framework. It is designed for developers who have .NET development skills.
- Module 1 : Introduction to .NET Application Security
- Module 2 : .NET Framework Security
- Module 3 : Input Validation and Output Encoding
- Module 4 : .NET Authorization and Authentication
- Module 5 : Secure Session and State Management
- Module 6 : .NET Cryptography
- Module 7 : .NET Error Handling, Auditing, and Logging
- Module 8 : .NET Secure File Handling
- Module 9 : .NET Configuration Management and Secure Code Review