Back to Search Results

Training Course Summary:

This three-day instructor-led course provides students with the knowledge and skills that are needed to build Web applications by using secure coding techniques.. Students will learn how to identify Web application security vulnerabilities and understand the trade-offs between functionality and performance when choosing the appropriate security mechanisms for their Web applications. Throughout this course, students will get hands-on experience in creating secure Web applications.

Pre-Requisites:

Before attending this course, students must have:

Familiarity with n-tier application architecture.
Experience in developing or designing distributed Web applications.
Experience with one or both of the following programming languages:
Microsoft C#
Microsoft Visual Basic® .NET
Experience in writing server-side and client-side scripts by using one or both of the following scripting languages:
Active Server Pages (ASP)
Microsoft ASP.NET
Familiarity with all of the following Microsoft products and technologies is recommended:
SQL Server 2000
Microsoft Internet Information Services (IIS)
In addition, it is recommended, but not required, that students have completed:
Course 2310—Developing Web Applications Using Microsoft Visual Studio .NET
Course 1017—Developing Web Applications Using Microsoft Visual InterDev®

Who Should Attend:

This course is intended for students who are responsible for the design and development of Web applications. These students typically have three to five years of experience in developing or designing distributed Web applications. Actual job role titles vary throughout the technology industry, and they may include, but are not limited to:

Web Developer: The Web developer is responsible for developing the logic, coding, testing, and debugging of Web applications and Web application software.
Solutions Architect: The Solutions Architect is responsible for the design of the technical architecture of Web applications and Web-based software applications

Training Course Overview/Content:

After completing this course, students will be able to:

Define the basic principals of, and motivations for, Web security.
Perform a threat analysis of Web-accessible assets.
Use knowledge of authentication, Security Identifiers (SIDs), Access Control Lists (ACLs), impersonation, and the concept of running with least privilege to ensure access to only those system resources that are necessary to accomplish normal request processing.
Protect file system data by using the features in Microsoft® Windows® 2000.
Use the Microsoft SQL ServerTM Security model and Microsoft ADO.NET to protect a Web application against SQL Server injection attacks.
Use one of the CryptoService classes of the System.Security.Cryptography namespace to transform a block of data into cyphertext.
Protect the portion of a Web application that requires private communications by using Secure Sockets Layer (SSL), .
Use general security coding best practices to ensure a secure Web application.
Use the Microsoft .NET Framework to build secure Web applications.
Employ a structured approach to testing for Web application security.
Use a systematic approach and knowledge of security best practices to secure an existing Web application.

Qualifications:

There are no Microsoft Certified Professional exams associated with this course.