LearnKey Training

.NET Security For Developers
Part 2
.NET Security Part 2


.NET Security For Developers Part 2

6 Sessions –
18 Hours of Interactive Training
In the .NET Security for Developers Part 2 course from LearnKey, expert instructors Andy Baron and Mary Chipman continue the instruction begun in Part 1. You’ll learn about evaluating security risks and handling common threats, building secure web applications with ASP.NET, deploying and working with enterprise services (COM+), and using cryptography in .NET. At the conclusion of this course, you’ll be able to take advantage of the security features in the .NET framework and understand security issues and threats that developers encounter.

Prerequisites: Completion of .NET Security for Developers Part 1 recommended.

Benefits
  • Increase your earning potential and technical security credibility.
  • Enhance employment opportunities with in-demand Internet security knowledge.
  • LearnKey courses will arm you with the latest technology on security issues.
    • About The Authors
    Mary Chipman and Andy Baron are Senior Consultants with MCW Technologies, and both are Microsoft MVPs for 5 years running. Specializing in database application development and writing about SQL Server, Visual Basic, the .NET framework, and related technologies, they are co-authors of the Microsoft Access Developer's Guide to SQL Server, published by Sams, and Mary co-authored SQL Server 7.0 in Record Time, published by Sybex. Their combination of experience brings a unique programming and management view to the concepts of SQL development.
    Session 1

    Section A: Config Authentication
    · Configuration Settings
    · Web.config File
    · Windows Authentication
    · Authorization
    · Web.config Example
    · Anonymous Users
    · Lock Config Settings

    Section B: Configuring IIS Settings
    · Directory Security
    · Anonymous Access
    · Basic Authentication
    · Digest Authentication
    · Integrated Authentication
    · Secure Communications

    Section C: Windows Authentication
    · ProcessModel
    · ASPNET Account
    · Web.config
    · Group Membership
    · No Impersonation
    · Deny Access
    · WindowsIdentity

    Section D: Form-Based Authentication
    · Authentication Cookie
    · Persist Cookie
    · Attributes
    · Credentials
    · Authenticate Method
    · Log Off
    · User.Identity

    Section E: Credential Storage Options
    · Hashed Passwords
    · Hashing Algorithms
    · Test Hash
    · Create Hash
    · XML File
    · Userlist
    · Server.MapPath
    · Redirect


    Session 2

    Section A: Custom Authentication
    · SQL Server Logins
    · WebUser Objects
    · Salt Hashed Passwords
    · WebRoles
    · Stored Procedures
    · Permissions

    Section B: Creating Custom Credentials
    · Create User
    · Add Roles
    · Validate Name
    · Store User
    · Retrieve Roles

    Section C: WebUsers Class
    · Connection Strings
    · Store User Information
    · Return String

    · Generate Hash
    · Add to Role
    · Retrieve Data
    · Validate Password

    Section D: Start Custom Authentication
    · Web.config File
    · Validate User
    · Authorization Ticket
    · Call Response.Redirect
    · Authenticate Request
    · Populate Array
    · Test CustomAuth
    · Role Membership Code

    Section E: Enterprise Services
    · COM+ Features
    · Configured Components
    · Component Services
    · COM+ Security
    · COM+ Roles
    · COM+ vs. CLR


    Session 3

    Section A: Create Serviced Components
    · Attributes
    · Declaring Roles
    · Methods
    · Installing in COM+
    · Manual Registration

    Section B: Administering Security
    · Application Security
    · Application Identity
    · Component Permissions
    · Test Permissions
    · SQL Profiler Trace
    · Using ComPlusAccount
    · Programmatic Security
    · Imperative Security

    Section C: .NET Remoting Features
    · Mobile/Remote Objects
    · Activation Modes
    · Lifetime Management
    · Server/Client Sharing
    · Shared Assembly
    · Shared Interface
    · Other Sharing Options

    Section D: .NET Remoting Example
    · Object
    · Server Application
    · Create Channel
    · Register Object
    · Client Application
    · Client Channel
    · References
    · Test Application

    Section E: Host Remoting in ASP.NET
    · Choosing a Host
    · IIS/ASP.NET
    · Create Web Application
    · Web.config File
    · Define Object
    · HTTP Client Channel
    · Startup Properties

    		Session 4

    Section A: Remoting Authentication
    · Authentication
    · Passing Credentials
    · Hard Code User

    Section B: Remoting Authorization
    · Web.config File
    · Allow Users
    · Test Authorization
    · Principal Permission

    Section C: Web Services Introduction
    · View Code
    · Namespace
    · WebMethod
    · StreamWriter
    · Client Form
    · Client Form Code
    · Permissions

    Section D: Web Reference & Proxy
    · Add Web Reference
    · Protocols
    · Reference Parts
    · Reference.vb

    Section E: Disabling Protocols
    · Locking Down
    · HttpPost & HttpGet
    · Override Settings
    · Undo Changes

    Section F: Web Services Authentication
    · Directory Security
    · Client Credentials
    · PreAuthenticate
    · NetworkCredential


    Session 5

    Section A: Web Services Authorization
    · Specify User
    · Wrong User
    · Method Level
    · Troubleshoot

    Section B: Deploying Security Policy
    · Policy Configuration
    · Policy Packages
    · Deployment Options
    · Grant Full Trust
    · Create Deployment Pkg

    Section C: No Touch Deployment
    · Deploy RichClient
    · Adjust Security Policy
    · Adjust Zone Security
    · Reset Default Policies

    Section D: .NET Deployment Options
    · Private Assemblies
    · Shared Assemblies
    · Assembly Versioning
    · Global Assembly Cache
    · Install from GAC
    · Uninstall from GAC

     



    .NET Security For Developers Part 2 continued

    Section E: Deploy with Visual Studio
    · Create Setup Project
    · Define Setup Project
    · Create/Add Merge Module
    · Create Client Install
    · Customize Setup Project
    · Other Editors
    · Finalize Project
    · Install/Uninstall Project

    Section F: Deploy ASP.NET Applications
    · Copy Project
    · Web Setup Project
    · Add Merge Module
    · Configure Security
    · DeployWeb.msi

    Section G: Cryptography Types
    · Symmetric Cryptography
    · Asymmetric Cryptography
    · Symmetric/Asymmetric

    Section H: Cryptography Types (cont.)
    · Symmetric Example
    · Crypto Provider
    · CryptoStream
    · Decrypt
    · Encryption/Decryption


    Session 6

    Section A: Asymmetric Cryptography
    · Create Key Files
    · Test Encryption
    · Public Key Code
    · Add Private Key
    · Convert to Byte Arrays
    · Encrypt Data
    · Read Encrypted Text
    · Decrypt Data

    Section B: Hash Codes
    · Features
    · Create Hash
    · Array to Save
    · Calculate Hash
    · Verify Hash

    Section C: Digital Signatures
    · Not Verified
    · Select File
    · Calculate Hash
    · Create Signature
    · Verify Signature

    Section D: Generating Random Keys
    · Forms Authentication
    · machineKey Element
    · Verify View State
    · Generate Key
    · Generate Key Code
    · Convert to String

    Section E: Buffer Overflow
    · Generate Overflow
    · Unmanaged Code

    Section F: SQL Injection Attacks
    · Attack Example
    · How It Works
    · Attack Types
    · Stored Procedure
    · SQL Injection Protection

    Section G: Cross-Site Scripting Attack
    · Example
    · View Results
    · Fixing the Code
    · Closing Holes
    · Keeping Current

    Section H: The Human Element
    · Hackers
    · Hacker Scenario
    · Preventative Measures
    · The Insiders