LearnKey Training

.NET Security For Developers
Part 1
.NET Security Part 1


.NET Security for Developers Part 1

5 Sessions –
15 Hours of Interactive Training
Microsoft’s .NET framework for building and delivering web services has a rich security model. The .NET Security for Developers Part 1 course from LearnKey starts with security basics including system design, security policy, and Windows security fundamentals, and then shows you how to effectively employ .NET features like SQL Server security and isolated storage. Expert instructors Andy Baron and Mary Chipman combine a practical approach to solving security problems faced by .NET developers with lots of code examples and explanations of underlying theory and concepts. At the conclusion of this course, you’ll be able to begin taking advantage of the security features in the .NET framework.

Prerequisites: Previous programming experience with Visual Basic.NET.

Benefits
  • Increase your earning potential and technical security credibility.
  • Enhance employment opportunities with in-demand Internet security knowledge.
  • LearnKey courses will arm you with the latest technology on security issues.
    • About The Authors
    Mary Chipman and Andy Baron are Senior Consultants with MCW Technologies, and both are Microsoft MVPs for 5 years running. Specializing in database application development and writing about SQL Server, Visual Basic, the .NET framework, and related technologies, they are co-authors of the Microsoft Access Developer's Guide to SQL Server, published by Sams, and Mary co-authored SQL Server 7.0 in Record Time, published by Sybex. Their combination of experience brings a unique programming and management view to the concepts of SQL development.
    Session 1

    Section A: Introduction
    · Security Systems
    · COM Environment
    · .NET Framework
    · Access/Permission
    · Managed vs. Unmanaged
    · Code Access Security
    · Permissions Sets
    · Security Concept

    Section B: Assemblies
    · Parts
    · Private vs. Strong-named
    · Global Assembly Cache
    · View Contents
    · View Manifest
    · Trusted Local Code
    · Partial Trusted Code

    Section C: Edit Configuration Policy
    · .NET Framework Config.
    · Adjust Zone Security
    · Zone Effects

    Section D: Design Secure Systems
    · Evaluate Risk
    · STRIDE Model
    · Prioritize Threats
    · Mitigating Threats
    · 10 Laws of Security
    · Physical Protection
    · Password/Administration
    · Encryption/Viruses/Access

    Section E: Security Policy
    · Policy Levels
    · Configuration Files
    · User Configuration
    · Configuration Tool
    · Policy Nodes
    · Default Zones
    · Create Code Group
    · Set Permissions

    Section F: Configure Policy
    · Runtime Security Policy
    · Adjust Zone Security
    · Set Internet Security
    · Edit Trusted Code Group
    · Membership Condition
    · Permission Sets
    · Add to Trusted Site

    Section G: Create Evidence
    · Evidence Evaluation
    · Location
    · Identity
    · Applying Evidence
    · No Additional Evidence
    · Load Assembly
    · Create Evidence
    · Load with New Evidence


    Session 2

    Section A: Security Tools
    · Caspol
    · Using Caspol
    · Edit Confirmations
    · Scripting Caspol
    · Verify Batch Run
    · Certificate Security Tools
    · Additional Security Tools
    · Other Security Tool

    Section B: Strong-Named Assemblies
    · Digital Signing
    · Hashes vs. Encryption
    · Signing Process
    · Keys & Tokens
    · Signing Assembly
    · Delayed Signing

    Section C: Exception Handling
    · Exception Class
    · Try/Catch Block
    · Unhanded Exception
    · Exception Object
    · Build Exceptions
    · Security Exception

    Section D: Advanced Handling
    · Conditional Messages
    · Using Debug Mode
    · Conditional Constant
    · Logging Exception
    · Log Event
    · .NET Error Handling
    · Redirect Pages

    Section E: Best Code Practices
    · Building Assemblies
    · Code for Attacks
    · Trust Issues

    Section F: Permission Requests
    · Create Permission Set
    · Run/View Permission Sets
    · Declarative Security
    · RequestMinimum
    · Permission/Attributes
    · Provide Permission
    · Policy Exception

    Section G: Declarative Options
    · Optional Permissions
    · RequestOptional
    · Permission Effects
    · RequestRefuse
    · SecurityException
    · PermissionSet
    · Inadequate Permissions


    Session 3

    Section A: Imperative Permissions
    · EnvironmentPermission Object
    · Imperative Security
    · ChangePermission Set
    · FileIOPermission
    · Declarative Techniques
    · Imperative Techniques
    · The Stack Walk

    Section B: Effective Permissions
    · Remove Exclusive
    · Create Code Group
    · Evaluate Assembly
    · Least Restrictive
    · Using PermView Tool

    Section C: Effective Permissions (cont.)
    · Copy Permission Sets
    · Change Permissions
    · NewMachine Code Group

    · Policy Levels
    · Most Restrictive
    · Policy Levels

    Section D: Windows Security Basics
    · Access Token
    · View Access Token
    · Securable Objects
    · Access Rights
    · DACL
    · User Rights
    · Inherited Rights

    Section E: DACLs & .NET
    · GAC
    · Access Process
    · WMI
    · Generate WMI Wrapper
    · View/Use WMI Class
    · Copy DACL

    Section F: Role-based Security
    · Create Users and Groups
    · Identities
    · Generic Identity
    · Windows Identity Objects
    · IsInRole
    · Enable Buttons
    · Permissions


    Session 4

    Section A: Custom Application Security
    · Custom Roles
    · GenericPrincipal
    · Setup Role Arrays
    · Add Indentities to Role
    · Use Windows Indentity
    · Security Action Demand

    Section B: Understanding Isolated Storage
    · Benefits
    · Quota Controls
    · Implementation
    · Limitations
    · Isolated Store Structure
    · Use Store
    · Create Isolated Store Reference
    · Properties/Methods

    Section C: Mechanics of Isolated Storage
    · Access Isolated Store
    · Create Directories
    · Create File in Store
    · FileModes
    · Create File in Subdirectory
    · Write/Read to File
    · Delete Methods

    Section D: Using Isolated Storage
    · Sample Application
    · Basic Process
    · Create Object Method
    · Serialize Object to File
    · Use xmlserializer Class
    · Recall Serialized Object
    · Use Deserialized Data
    · View XML File

     

    .NET Security For Developers Part 1 continued

    Section E: Isolation Storage Types
    · AppDomain Type
    · User/Assembly Types
    · GetStore Method
    · Roaming Users Types

    Section F: Administering Isolated Storage
    · Permissions Options
    · Permission Settings
    · Permission Level Risks


    Session 5

    Section A: Installing SQL Server
    · Service Accounts
    · Least-Privileged Acct
    · Authentication Modes
    · Desktop Engine (MSDE)
    · sa login
    · Install Desktop Engine

    Section B: SQL Server in Visual Studio.NET
    · Visual Database Tools
    · Server Explorer Overview
    · Design View
    · Database Connection

    Section C: Enable Windows Accounts
    · Authentication
    · Setup Authentication
    · Windows Users
    · Add Group in SQL
    · Database Access
    · Add Admin User
    · Enable ASPNET login
    · Machine.Config File

    Section D: SQL Server Logins
    · Create SQL Accounts
    · Add User with Scripts
    · Run/Verify Users
    · Add SQL Login
    · Deny SQL Access
    · Deny Users with Scripts
    · Revoke Users

    Section E: SQL Server Roles
    · Fixed Server Roles
    · Fixed Database Roles
    · Public Role

    Section F: Custom Database Roles
    · Guest User
    · Standard Roles
    · Application Roles
    · Enterprise Manager
    · Object Ownership

    Section G: Permissions
    · Permission Statements
    · Permission Settings
    · Ownership Chains
    · Stored Procedures
    · Examples

    Section H: Fine-tuning Permissions
    · Creating Objects
    · Add New Reference
    · Results
    · View Scripts
    · Scripting Permissions