-
Learning by doing
-
Trainers with practical experience
-
Classroom training
-
Detailed course material
-
Clear content description
-
Tailormade content possible
-
Training that proceeds
-
Small groups
The course Security in C# .NET Development covers how the Android operating system and mobile apps on Android can best be secured. Attention is paid to the Google Security Services, the security architecture of the Android platform and kernel and application security. The training also discusses the implementation of security and the reporting of security issues.
The course Application Security for Android starts with an explanation of important security concepts such as authentication, encryption, data resilience, backup, recovery, confidentiality, integrity and access control.
Next the Security Services offered by Google are discussed, such as App Services, Safety Net Attestation, Google Play, Penetration Testing and the Android Device Manager.
Attention is also paid to the Android Platform Architecture that provides protection for Apps, User Data, Networking and Inter Process Communication. App Signing and App and User Permissions are also covered.
Part of the program of the Application Security for Android course is also a discussion of kernel security that is based on Linux. This includes paying attention to the application sandbox, safe mode, filesystem permissions, storage encryption and the verified boot.
Next application security is discussed with a focus on the Android Permission Model for accessing Protected APIs, working with content providers, Sensitive Data Input Devices and Application Signing.
Attention is also paid to the implementation of security in Android. That security is promoted by code reviews, the use of Android Lint and data logging. Also securing SUID files and configuration files and limiting directory and device driver access is treated.
Finally the importance of security updates, the reporting of security issues and the triaging of bugs are discussed. Key issues from Android Reports and White Papers from recent years are also reviewed.
The course Security in C# .NET Development is intended for C# Developers who want to learn how to protect C# applications against the many security risks.
To participate in this course, knowledge of and experience with C# and the .NET Platform is required.
The course Security in C# .NET Development is a hands-on course. Theory explanation based on demos and presentations is interchanged with practice based on exercises.
After successfully completing the training, attendants will receive a certificate of participation in the course Security in C# .NET Development.
Module 1 : Intro Secure Coding |
Module 2 : Broken Access Control |
Module 3 : Cryptographic Failures |
Secure Coding practices Never trusting Input SQL injection and NoSQL injection OS command injection Session Fixation Cross Site Scripting and CSRF Sensitive Data Exposure Insecure Deserialization Security Misconfiguration Using Unsafe Components |
Implement Proper Authentication Broken Authentication Role Based Access Control (RBAC) Implement Use Session Management Session Timeout Access Control Lists (ACLs) Principle of Least Privilege (PoLP) URL and API Authorization Error Handling Regular Security Testing |
Sensitive Data Exposure Weak Key Generation Insecure Storage of Keys Using Outdated Algorithms Hardcoding Secrets Insufficient Key Management Avoid Homegrown Cryptography Verify Signatures Side-Channel Attacks Lack of Forward Secrecy |
Module 4 : Injection Flaws |
Module 5 : Insecure Design |
Module 6 : Misconfiguration Failures |
SQL Injection (SQLi) Cross-Site Scripting (XSS) Command Injection XML Injection LDAP Injection XPath Injection SSI Injection Object Injection Template Injection CRLF Injection |
Inadequate Authentication Inadequate Authorization Lack of Input Validation Excessive Data Exposure Insecure Session Management Hardcoding Secrets Insufficient Logging and Monitoring Insecure Data Storage Cross-Site Request Forgery Improper Error Handling |
Improper Access Control Unsecured APIs Open Database Ports Default Credentials Unused or Unnecessary Features Weak Password Policies Missing Security Updates Improper File Permissions Insecure Session Management Excessive Error Detail |
Module 7 : NuGet Packages |
Module 8 : Authentication Mistakes |
Module 9 : Logging and Monitoring |
Known Vulnerabilities Malicious Packages License Compliance Misconfigured Packages Dependency Chains Cryptographic Weaknesses Data Privacy and Compliance Resource Exhaustion Insecure Configuration Defaults |
Weak Password Policies No Account Lockout Mechanism Inadequate Password Storage Hardcoding Credentials Lack of Multi-Factor Authentication (MFA) Insufficient Session Management Missing CAPTCHA or Rate Limiting Overly Permissive Access Controls Improper Handling Forgotten Passwords |
Insufficient Logging Lack of Centralized Logging Logging Sensitive Information Inadequate Log Retention Unencrypted Logging Insufficient Access Controls Failure to Monitor Logs in Real-Time No Alerts or Notifications Ignoring Anomalous Activity |