Secure Coding For C# Developers (March 2023 - 3 days)

Where: Online, Virtual, UNITED STATES
This event can also be attended online.

Course Dates: March 7 - 9, 2023 (3 days)
Course Fee: $1,995 U.S.

In the Secure Coding for C# Developers course, students get familiar with security principles, in particular concepts that are relevant for C# programmers. This course takes students through the security issues intrinsic to the C# programming languages and associated libraries. The course consists of two parts, a theoretical lecture-based part providing the basics around various topics like security in general, cryptography, authentication & authorization, injection attacks and secure coding, as well as a hands-on practical part. After this course, the participants will be able to develop robust and secure C# applications.

The theoretical part covers the following areas:

Introduction to Cyber Security

  • Cyber attacks
  • Types of attacks
  • Cyber security 101

Introduction of Cryptography

  • Encryption
  • Hashing
  • Signatures
  • Public-Key infrastructures
  • SSL / TLS

Introduction to Authentication and Authorization

  • Authorization concepts in general
  • Session management
  • Password handling and management
  • Multi-factor Authentication

Injection Attacks

  • SQL injection
  • Command injection
  • LDAP injection
  • Cross site scripting (XSS)

Introduction to Secure Coding and Motivation

  • History and security incidents in the past
  • Common pitfalls
  • Software dependencies
  • etc.

Secure Coding Best Practices in C#

  • Security best practices
  • Proper usage of types
  • Encapsulation
  • Code signing
  • Input data sanitization
  • Logging
  • Concurrency / multithreading
  • Exception handling
  • Data serialization and deserialization
  • Security libraries and fameworks

API Security Considerations

  • Security best practices
  • GraphQL

Wrap up

  • Code reviews
  • Static code analysis
  • Dynamic Code analysis / testing
  • Secure software development process

About the Labs for this Course

The practical part of this course will deepen the knowledge of the attendees and consist of multiple hands-on exercises allowing them to strengthen and practice the theoretical skills that they learn in this course:

  • Vulnerability discovery and exploitation: This part of the course relates to the identification and exploitation of an actual vulnerability within a vulnerable backend application written in C#. CODE Training created a vulnerable application to demonstrate common security errors and remediation as part of the hands-on exercises for this course.
  • Remediation and mitigation: The hands-on labs requires the attendees to apply the knowledge from this course and requires them to remediate the vulnerabilities within the backend application.