Back to Search Results

Training Course Summary:

This one-day, instructor-led seminar introduces developers to the knowledge and skills required to identify and mitigate security threats. The seminar is divided into four sessions:

Session I: Overview of Security Technologies introduces the main concepts and terminology that will be used throughout the seminar.
Session II: Writing Secure Code will highlight common techniques hackers use to compromise software systems. In addition, the audience will learn strategies, precautions, and best practices that can mitigate these threats. Threats covered will include buffer overruns, cross-site scripting, SQL injection, canonicalization issues, cryptography hacking, and denial of service attacks.
Session III: Security and the .NET Framework will cover the security features of the Microsoft .NET Framework. Topics will include .NET Framework security features (managed execution, type-safety verification, strong names, and isolated storage), implementing code access and role-based security, cryptography, and securing Microsoft ASP.NET and XML Web services. For advanced learners who are already familiar with these concepts, the first part of the session may be skipped or covered at an accelerated pace. For this audience, the instruction of this session will focus on "Advanced Topics: Tips for Writing Secure .NET Code," which focuses on best practices when developing .NET-connected applications.
Session IV: Developing Secure Applications with Microsoft Windows Server System™ will cover the security features available on the products that comprise the Windows Server System, including Microsoft Windows Server™ 2003, Microsoft SQL Server™ 2000, and Internet Security and Acceleration (ISA) Server 2000. Session IV provides a high-level overview of security concepts and Microsoft product features from which managers, network administrators, developers, and architects can benefit, including a discussion of best practices for implementing security in N-tier application architectures. This session is designed to be customized for specific audiences, and trainers should be aware of the background of the audience and their interest in specific products and solutions before delivering this session.

Pre-Requisites:

Before attending this course, students must have development experience with Visual Basic, C, C++, or Java.

Who Should Attend:

The target audience consists of developers and architects of varying degrees of aptitude and experience who use different programming languages and platforms. To a lesser extent, business decision makers and project managers will also benefit from the seminar.

Primary Audience

Software architects. This audience consists of experienced architects and designers of software solution and applications. This audience typically designs and troubleshoots a wide range of application types.
Professional Microsoft Visual Basic® developers. This audience typically builds Web or Microsoft Windows® applications based on Microsoft Win32® or the Microsoft .NET Framework by using Microsoft Visual Basic 6.0 or Microsoft Visual Basic .NET.
Professional C++ and C# developers. This audience builds a wide range of applications including Win32-based applications, Web applications, COM components, and .NET-connected applications. They are familiar with some of the hacking techniques used to compromise systems and will easily understand the content.
Secondary Audience

Business decision makers. This audience does not have the technical background to fully understand all of the content covered in the clinic. However, they are interested in learning enough to make intelligent decisions regarding schedules and resources.

Training Course Overview/Content:

After completing this course, students will be able to:

Implement threat modeling to analyze software vulnerabilities.
Recognize the threats of buffer overruns and how to avoid them.
Recognize the threats of canonicalization and how to avoid them.
Recognize the threats of SQL injection and how to avoid them.
Examine the intricacies and benefits of access control lists (ACLs).
Examine the complexities of storing secrets.
Execute code with least privileges.
Avoid cross-site scripting issues.
Create secure Web sites.
Implement code access security in .NET.
Examine role-based security in .NET.
Determine security policy settings in .NET.
Specify the security technologies used in Windows Server System.