View Course Outline

In this course, you'll learn about the security features in .NET. You'll gain an understanding of the new security architecture in the .NET Framework, and about Code Access Security in the Common Language Runtime. You'll explore how to administer security policy using visual and command-line tools. You also learn how to write script to implement security.

Course includes 45+ hours of total training time...

• 11 CDs
• Over 15 hours of media run time
• Over 700 pages of courseware on CD-ROM
• Step-by-step hands-on-labs
• Sample code

.NET Security

.NET revolutionizes application security by providing the framework for developing secure Windows and Web applications. This course teaches you the basic concepts underlying Code Access Security, role-based security, and how to implement security in your applications to protect your code and your users against attack.

In this course you will learn how to..

• Administer security policy.
• Create and digitally sign assemblies.
• Validate data and handle errors safely.
• Choose the right permission set for your code.
• Manage Windows security.
• Use Windows role-based security in your applications.
• Work with Isolated Storage.
• Secure your ASP.NET applications effectively.
• Implement ASP.NET security using SQL Server.
• Implement COM+ security with Serviced Components.
• Secure Remoting with IIS and ASP.NET.
• Create secure Web Services.
• Deploy security policy and secure applications.
• Understand Cryptography in .NET.
• Handle common threats like buffer overflows, SQL injection and cross-site scripting.

SESSION 1

Overview of Security in .NET

• Security as a System
• Security in .NET
• Designing Secure Systems

Security Administration

• Security Policy in the CLR
• Configuring Policy

SESSION 2

Security Administration (continued)

• Working with Command Line Tools
• Other Security Tools

Creating Secure Assemblies

• Assembly Overview
• Exception Handling
• Protecting Source Code
• Coding Best Practices

Digging into Code Access Security

• Permission Requests

SESSION 3

Digging into Code Access Security (continued)

• Permission Requests (continued)
• Determining Effective Permissions

Understanding and Using Windows Security

• Windows Security Basics
• DACLs and .NET

Role-Based Security for Windows Applications

• Role-Based Security Overview
• .NET Security Classes
• Implementing Application Security

SESSION 4

Role-Based Security for Windows Applications (continued)

•  Implementing Application Security (continued)

Isolated Storage

• Understanding Isolated Storage
• Mechanics of Isolated Storage
• Types of Isolation
• Administering Isolated Storage

SESSION 5

Securing SQL Server Data

• Installing SQL Server
• SQL Server in Visual Studio .NET
• SQL Server Security Architecture

SESSION 6

ASP.NET Security

• ASP.NET Security Overview
• Windows Authentication
• Forms Authentication

SESSION 7

ASP.NET Security (continued)

• Custom Authentication

Enterprise Services

• Enterprise Services Overview

SESSION 8

Enterprise Services (continued)

• Creating Serviced Components
• Administering COM+ Security
• Testing the Inventory Application

Security for .NET Remoting

• .NET Remoting Overview
• Hosting Remoting in ASP.NET

SESSION 9

Security for .NET Remoting (continued)

• Secure Remoting with IIS and ASP.NET

Web Services

• Web Services Overview
• Disabling Unwanted Protocols
• Secure Web Services with IIS and ASP.NET

SESSION 10

Web Services (continued)

• Secure Web Services with IIS and ASP.NET (cont.)

Deployment

• Deploying Security Policy
• No-Touch Deployment
• .NET Deployment Options
• Deploying ASP.NET Applications

Cryptography in .NET

• Basic Cryptographic Concepts
• Working with Data

SESSION 11

Cryptography in .NET (continued)

• Using Asymmetric Cryptography
• Hash Codes
• Digital Signatures
• Creating Random Keys

Handling Common Threats

• Thinking About Security
• Buffer Overflows
• SQL Injection
• Cross-Site Scripting
• Keeping Current
• The Human Element

back to top

back to top