IT Skills Software Design and Development Microsoft Defensive Programming
Defensive Programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs/actions. In this course you will explore common risks to C#, how to counter common risks, the best way to deal with user input, and finally how to secure WCF applications.
| Objectives |
Risks in C# Applications - start the course
- list potential risks to C# UI applications
- describe what buffer overflows are and their impact
- identify how to prevent buffer overflows
Defending Against Attacks - identify what form injection attacks typically take in C# applications
- describe how to mitigate injection attacks in C# applications
- identify how to prevent shatter attacks in .NET applications
- recognize how to prevent DLL highjacking in .NET applications
- use exceptions in C# applications
Working with User Input - specify how to deal with bad data in your C# applications
- how to use input validation in a C# application
- how to use regular expressions to help in input validation
- recognize how to constrain user input to prevent bad data input
Defending SQL Data in C# - describe what SQL injection attacks are
- recognize how to use Stored Procedures to aid in the defense of SQL injection attacks
- describe some of the pitfalls of using dynamic SQL
Securing WCF Applications - illustrate how authentication works in WCF
- recognize how to verify service identities
- identify how to prevent NTLM attacks
- recognize how to work with the WindowsIdentity class
- describe potential XML risks in ASP.NET applications
- identify how to prevent against XML Entity expansion attacks
- list the potential problems that path traversal may cause
- recognize how to prevent path traversal attacks
Practice: Securing a C# Application - use defensive coding techniques to create secure C# application
|
