Topics
Security Principles, .NET Framework Architecture, Threat Modelling, Discovering Vulnerabilities, Penetration Testing Techniques, Secure Coding Techniques.
Overview
This is an cutting-edge and exciting 2 Day course in which you will push your knowledge of the ASP.NET security framework to the limit. You will be shown how ASP.NET applications and environments can be exploited by skilled attackers. Advanced exploitation techniques will be presented together with low-level technical analysis of the .Net Framework. You will also learn advanced defence techniques such as building an ASP .NET Security Protection Layer how to create Authorization and Data Validation Solutions.
Instructor
Dinis Cruz is a renowned application security expert who is passionate about training developers to move beyond the ‘comfort zone’ of standard ASP.NET development and into the world of advanced security aware development with the aim of making the Web Applications as secure as possible against malware and malicious hackers. Dinis is also the project leader for the OWASP .Net Project and the and the main developer of several of OWASP .Net tools (SAM’SHE, ANBS, SiteGenerator, PenTest Reporter, ASP.Net Reflector, Online IIS Metabase Explorer). author of many Open Source security tools (see http://www.owasp.org/index.php/.Net).
Agenda
The Course is made of 4 modules (2 per day, one in the morning and one in the afternoon)
Module 1: Security Principles and .NET Framework Architecture.
In this module you will lean the principles and architecture of the .NET Framework relating to Security.
Module 2: Threat Modelling and Exploiting ASP.NET Applications.
In this module, you will use quick-and-dirty threat models to discover vulnerabilities in the target application and how to exploit vulnerabilities in ASP.NET Applications, including exploiting Buffer Overflows and Windows vulnerabilities via ASP.NET Applications.
Module 3: Exploiting Full Trust and Partial Trust Asp.Net Environments.
Day 2 will start with a practical demonstration of the power of Full Trust ASP.NET Applications, how attackers could patch the .Net Framework and CLR and launching internal attacks to compromise servers and the data centres. You will also look how to exploiting insecure Partial Trust ASP.NET Environments.
Module 4: Advanced ASP.NET Countermeasures
Now you know what the threats are and what could be done to jeopardise your ASP.NET applications, you will now learn how to defend against these attacks. You will learn how to create secure Data Validation and Authorization architectures, how to create secure ASP.NET hosting environments and how to build an ASP.NET Security Protection.
At the end of this course you will walk away with a much better understanding of some of the weaknesses of .NET applications, particularly the internals of the .NET framework. You will also get the chance to put your skills to the test against a target application over the course of the class.
Equipment Requirements
A laptop with VMWare Player pre-installed. A VMWare image containing all necessary lab tools will be provided.
Knowledge Prerequisites
This is an advanced course targeted at industry professionals who want to understand the weaknesses and the power of the .Net Framework. To get the most of this course the participants should have commercial experience on either application development or security auditing.
Miscellaneous
The course is a 2 day residential course and costs £900 for individuals with discounts available for multiple bookings (this INCLUDES all food for the 2 days and accommodation for one night) . For more details and to register for the course go to http://www.nxtgenug.net/Courses.aspx?courseid=4
Review
Read a review of this course here.
Technorati Tags: OWASP, Dinis Cruz, Security Principles, .NET Framework Architecture, Threat Modelling, Discovering Vulnerabilities, Penetration Testing Techniques, Secure Coding Techniques
