Part One: Writing Secure Code – Threat Defense

In this session for experienced developers, you will learn established best practices for applying security principles throughout the development process. The session will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and you will learn effective strategies to defend against those threats.

1. Security threats
   1.1. Information disclosure
   1.2. Buffer overruns
      1.2.1. Stack overflows
      1.2.2. Heap overflows
      1.2.3. Integer overflows
   1.3. Cross-site scripting
   1.4. SQL injection attacks
   1.5. Canonicalization issues
   1.6. Cryptography weaknesses
   1.7. Unicode issues
   1.8. Denial of service
2. Defending against specific threats
   2.1. Defending against buffer overruns
   2.2. Defending against cross-site scripting
   2.3. Defending against SQL injection attacks
   2.4. Defending against canonicalization issues
   2.5. Defending against cryptography weaknesses
   2.6. Defending against unicode issues
   2.7. Defending against denial of service

Part Two: Implementing Application Security by Using the .NET Framework

In this session for experienced developers, you will learn how to implement additional security features to secure applications built on the .NET Framework. The session will discuss security features integrated into the .NET Framework and demonstrate the use of both code access security and role-based security to limit vulnerabilities. You will also learn how to use the cryptographic provider support in the .NET Framework to encrypt and sign data. The session will also cover security best practices for Web applications and Web services built using ASP.NET.

1. .NET Framework security features
   1.1. Managed execution
   1.2. Type-safety verification
   1.3. Strong name signing
   1.4. Detecting buffer overruns
   1.5. Isolated storage
2. Code access security
   2.1. Evidence-based security
   2.2. Security policy
   2.3. Permissions
   2.4. Security checks
   2.5. Partial trust
   2.6. Sandboxing
3. Role-based security
   3.1. Authentication and authorization
   3.2. Identities and principals
4. Cryptography
   4.1. Symmetric algorithms
   4.2. Asymmetric algorithms
   4.3. Signing data
5. Securing ASP.NET Web applications
   5.1. Forms authentication
   5.2. Configuration settings
   5.3. Validation controls
6. Securing ASP.NET Web services
   6.1. XML signature
   6.2. XML encryption
   6.3. Web Service Enhancements (WSE)
7. Tips for writing secure code with the .NET Framework