This online clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Students will learn about the need for implementing security at every stage of the development process and best practices for applying security principles. Students will also learn how to use established threat modeling methodologies and tools with other best practices to minimize vulnerabilities and limit damage from attacks. Finally, students will learn how to implement security features to enhance security for Web applications and Web services that are built by using Microsoft ASP.NET.
At the end of the course, students will be able to:
Understand the historical implications of Trustworthy Computing.
Identify potentially hostile applications.
Identify common types of attacks.
Understand the consequences of poor security.
Recognize examples of security intrusions.
Identify challenges involved in implementing security.
Understand the need for process improvement throughout the development process.
Describe the security framework.
Understand the secure product development timeline.
Describe the principles of designing with security in mind.
Understand the importance of data security.
Identify threat scenarios.
Target who are we defending against.
Describe common types of attacks.
Describe .NET Framework security features.
Explain how code access security works.
Explain how role-based security works.
Explain how to use cryptography to sign and verify data.
Enhance security for ASP.NET Web applications.
Enhance security for ASP.NET Web services.
Apply appropriate tips for writing secure code with the .NET Framework.
Modules & Lessons
Clinic 2806: Microsoft® Security Guidance Training for Developers
Essentials of Application Security
Welcome to Essentials of Application Security
The Importance of Application Security
Secure Application Development Practices
Secure Development Guidelines
Writing Secure Code – Threat Defense
Welcome to Writing Secure Code – Threat Defense
The Need for Secure Code
Defending Against Memory Issues
Defending Against Arithmetic Errors
Defending Against Cross-Site Scripting
Defending Against SQL Injection
Defending Against Canonicalization Issues
Defending Against Cryptography Weaknesses
Defending Against Unicode Issues
Defending Against Denial of Service Attacks
Writing Secure Code – Best Practices
Welcome to Writing Secure Code – Best Practices
Secure Development Process
Security Best Practices
Implementing Application Security Using the Microsoft
Welcome to Implementing Application Security Using the
Microsoft .NET Framework
.NET Framework Security Features
Code Access Security
Securing ASP.NET Web Applications
Securing ASP.NET Web Services
Clinic Summary and Evaluation
To view this course, you need:
A Pentium II, 256 MB RAM with a processor speed greater than or equal to 400 MHZ
Microsoft® Windows® 2000 or higher
Microsoft Internet Explorer 6.0 or higher
Adobe Flash 7.0 or higher (1MB disk space needed to install)
Microsoft Silverlight 4.0 or higher
Microsoft Windows Media Player 7.0 or higher
Microsoft XML Core Services 3.0 or higher
A Super VGA monitor with minimum screen resolution 1024x768, with 16-bit color.
A sound card, and either speakers or headphones (for multi-media audio).
Internet bandwidth of 56K or faster. Broadband internet access is recommended.
For courses containing Virtual Server-based labs (courses in the IT Professional and Developer Catalog), you will need:
Microsoft Virtual Server ActiveX control (1MB disk space needed to install)