fbpx

Course Security in C# .NET Development

The course Security in C# .NET Development covers how the Android operating system and mobile apps on Android can best be secured. Attention is paid to the Google Security Services, the security architecture of the Android platform and kernel and application security. The training also discusses the implementation of security and the reporting of security issues.

Region:
  • Content
  • Training
  • Modules
  • General
    General
  • Reviews
  • Certificate
  • Course Security in C# .NET Development : Content

    Intro Security

    The course Application Security for Android starts with an explanation of important security concepts such as authentication, encryption, data resilience, backup, recovery, confidentiality, integrity and access control.

    Google Security Services

    Next the Security Services offered by Google are discussed, such as App Services, Safety Net Attestation, Google Play, Penetration Testing and the Android Device Manager.

    Platform Security Architecture

    Attention is also paid to the Android Platform Architecture that provides protection for Apps, User Data, Networking and Inter Process Communication. App Signing and App and User Permissions are also covered.

    Kernel Security

    Part of the program of the Application Security for Android course is also a discussion of kernel security that is based on Linux. This includes paying attention to the application sandbox, safe mode, filesystem permissions, storage encryption and the verified boot.

    Application Security

    Next application security is discussed with a focus on the Android Permission Model for accessing Protected APIs, working with content providers, Sensitive Data Input Devices and Application Signing.

    Implementing Security

    Attention is also paid to the implementation of security in Android. That security is promoted by code reviews, the use of Android Lint and data logging. Also securing SUID files and configuration files and limiting directory and device driver access is treated.

    Security Updates and Reports

    Finally the importance of security updates, the reporting of security issues and the triaging of bugs are discussed. Key issues from Android Reports and White Papers from recent years are also reviewed.

  • Course Security in C# .NET Development : Training

    Audience Course Security in C# .NET Development

    The course Security in C# .NET Development is intended for C# Developers who want to learn how to protect C# applications against the many security risks.

    Prerequisites Course Security in C# .NET Development

    To participate in this course, knowledge of and experience with C# and the .NET Platform is required.

    Realization Training Security in C# .NET Development

    The course Security in C# .NET Development is a hands-on course. Theory explanation based on demos and presentations is interchanged with practice based on exercises.

    Certificate course Security in C# .NET Development

    After successfully completing the training, attendants will receive a certificate of participation in the course Security in C# .NET Development.

    NET910-Secure-C#.NET-Development
  • Course Security in C# .NET Development : Modules

    Module 1 : Intro Secure Coding

    Module 2 : Broken Access Control

    Module 3 : Cryptographic Failures

    Secure Coding practices
    Never trusting Input
    SQL injection and NoSQL injection
    OS command injection
    Session Fixation
    Cross Site Scripting and CSRF
    Sensitive Data Exposure
    Insecure Deserialization
    Security Misconfiguration
    Using Unsafe Components
    Implement Proper Authentication
    Broken Authentication
    Role Based Access Control (RBAC)
    Implement Use Session Management
    Session Timeout
    Access Control Lists (ACLs)
    Principle of Least Privilege (PoLP)
    URL and API Authorization
    Error Handling
    Regular Security Testing
    Sensitive Data Exposure
    Weak Key Generation
    Insecure Storage of Keys
    Using Outdated Algorithms
    Hardcoding Secrets
    Insufficient Key Management
    Avoid Homegrown Cryptography
    Verify Signatures
    Side-Channel Attacks
    Lack of Forward Secrecy

    Module 4 : Injection Flaws

    Module 5 : Insecure Design

    Module 6 : Misconfiguration Failures

    SQL Injection (SQLi)
    Cross-Site Scripting (XSS)
    Command Injection
    XML Injection
    LDAP Injection
    XPath Injection
    SSI Injection
    Object Injection
    Template Injection
    CRLF Injection
    Inadequate Authentication
    Inadequate Authorization
    Lack of Input Validation
    Excessive Data Exposure
    Insecure Session Management
    Hardcoding Secrets
    Insufficient Logging and Monitoring
    Insecure Data Storage
    Cross-Site Request Forgery
    Improper Error Handling
    Improper Access Control
    Unsecured APIs
    Open Database Ports
    Default Credentials
    Unused or Unnecessary Features
    Weak Password Policies
    Missing Security Updates
    Improper File Permissions
    Insecure Session Management
    Excessive Error Detail

    Module 7 : NuGet Packages

    Module 8 : Authentication Mistakes

    Module 9 : Logging and Monitoring

    Known Vulnerabilities
    Malicious Packages
    License Compliance
    Misconfigured Packages
    Dependency Chains
    Cryptographic Weaknesses
    Data Privacy and Compliance
    Resource Exhaustion
    Insecure Configuration Defaults
    Weak Password Policies
    No Account Lockout Mechanism
    Inadequate Password Storage
    Hardcoding Credentials
    Lack of Multi-Factor Authentication (MFA)
    Insufficient Session Management
    Missing CAPTCHA or Rate Limiting
    Overly Permissive Access Controls
    Improper Handling Forgotten Passwords
    Insufficient Logging
    Lack of Centralized Logging
    Logging Sensitive Information
    Inadequate Log Retention
    Unencrypted Logging
    Insufficient Access Controls
    Failure to Monitor Logs in Real-Time
    No Alerts or Notifications
    Ignoring Anomalous Activity
  • Course Security in C# .NET Development : General

    Read general course information
  • Course Security in C# .NET Development : Reviews

  • Course Security in C# .NET Development : Certificate