Secure Coding For C# Developers (September 2023 - 2 days)

This event took place on Tuesday, September 5, 2023.

Course Dates: September 5 - 6, 2023 (2 days)
Course Fee: $1,600 U.S.

In the Secure Coding for C# Developers course, students get familiar with security principles, in particular concepts that are relevant for C# programmers. This course takes students through the security issues intrinsic to the C# programming languages and associated libraries. The course consists of two parts, a theoretical lecture-based part providing the basics around various topics like security in general, cryptography, authentication & authorization, injection attacks and secure coding, as well as a hands-on practical part. After this course, the participants will be able to develop robust and secure C# applications.

The theoretical part covers the following areas:

Introduction to Cyber Security

  • Cyber attacks
  • Types of attacks
  • Cyber security 101

Introduction of Cryptography

  • Encryption
  • Hashing
  • Signatures
  • Public-Key infrastructures
  • SSL / TLS

Introduction to Authentication and Authorization

  • Authorization concepts in general
  • Session management
  • Password handling and management
  • Multi-factor Authentication

Injection Attacks

  • SQL injection
  • Command injection
  • LDAP injection
  • Cross site scripting (XSS)

Introduction to Secure Coding and Motivation

  • History and security incidents in the past
  • Common pitfalls
  • Software dependencies
  • etc.

Secure Coding Best Practices in C#

  • Security best practices
  • Proper usage of types
  • Encapsulation
  • Code signing
  • Input data sanitization
  • Logging
  • Concurrency / multithreading
  • Exception handling
  • Data serialization and deserialization
  • Security libraries and fameworks

API Security Considerations

  • Security best practices
  • GraphQL

Wrap up

  • Code reviews
  • Static code analysis
  • Dynamic Code analysis / testing
  • Secure software development process

What Prior Attendees Have Shared About This Class

  • “I've learned about some tools and resources which I'm sure will help going forward.”
  • “Great course and great trainer.”
  • “The tools given to us during the training are good and useful. That's where I feel I got the most value.”
  • “I think overall the class was really good. I learned a lot and am looking forward to reviewing the slides so I can remember everything!”
  • “Great class. Provides great resources and real-world examples.”
  • “This is definitely a wonderful starting point for your cyber security journey.”
  • “There were some useful bits of knowledge that I took away from the course and have started to implement in my daily development routines.”

About the Labs for this Course

The practical part of this course will deepen the knowledge of the attendees and consist of multiple hands-on exercises allowing them to strengthen and practice the theoretical skills that they learn in this course:

  • Vulnerability discovery and exploitation: This part of the course relates to the identification and exploitation of an actual vulnerability within a vulnerable backend application written in C#. CODE Training created a vulnerable application to demonstrate common security errors and remediation as part of the hands-on exercises for this course.
  • Remediation and mitigation: The hands-on labs requires the attendees to apply the knowledge from this course and requires them to remediate the vulnerabilities within the backend application.