Course Outline

In the .NET Security for Developers Part 2 training course from ATS, continue the instruction begun in the Part 1 course. You’ll learn about evaluating security risks and handling common threats, building secure Web applications with ASP.NET, deploying and working with enterprise services (COM+), and using cryptography in .NET. At the conclusion of this training course, you’ll be able to take advantage of the security features in the .NET framework and understand the security issues and threats developers need to be aware of.

Prerequisites: Completion of Part 1 recommended.
(Bundle of 6 CD-Rom Multimedia modules).

Module 1
Section A: Config Authentication
Configuration Settings
Web.config File
Windows Authentication
Authorization Web.config Example
Anonymous Users
Lock Config Settings

Section B: Configuring IIS Settings
Directory Security
Anonymous Access
Basic Authentication
Digest Authentication
Integrated Authentication
Secure Communications

Section C: Windows Authentication Overview
ProcessModel ASPNET Account Web.config
Group Membership
No Impersonation
Deny Access
WindowsIdentity

Section D: Form-Based Authentication Overview
Authentication Cookie
Persist Cookie Attributes
Credentials Authenticate Method
Log Off User.Identity

Section E: Credential Storage Options
Hashed Passwords
Hashing Algorithms
Test Hash
Create Hash XML File
Userlist Server.Map
Path Redirect

Module 2
Section A: Custom Authentication Overview
SQL Server Logins
WebUser Objects
Salt Hashed Passwords
WebRoles
Stored Procedures Permissions

Section B: Creating Custom Credentials Overview
Create User Add Roles
Validate Name
Store User
Retrieve Roles

Section C: WebUsers Class Overview
Connection Strings
Store User Information
Return String
Generate Hash
Add to Role
Retrieve Data
Validate Password

Section D: Start Custom Authentication
Web.config File
Validate User Authorization
Ticket Call
Response.Redirect
Authenticate Request
Populate Array Test
CustomAuth Role
Membership Code

Section E: Enterprise Services
COM+ Features
Configured Components
Component Services
COM+ Security
COM+ Roles
COM+ vs. CLR

Module 3
Section A: Create Serviced Components Overview
Attributes Declaring Roles
Methods Installing in COM+
Manual Registration

Section B: Administering Security
Application Security
Application Identity
Component Permissions Test
Permissions SQL Profiler
Trace Using ComPlusAccount
Programmatic Security
Imperative Security

Section C: .NET Remoting Features Overview
Mobile/Remote Objects
Activation Modes
Lifetime Management Server/Client
Sharing Shared Assembly
Shared Interface
Other Sharing Options

Section D: .NET Remoting Example
Object Server Application
Create Channel Register
Object Client Application
Client Channel References
Test Application

Section E: Host Remoting in ASP.NET
Choosing a Host IIS/ASP.NET
Create Web Application
Web.config File Define
Object HTTP Client Channel
Startup Properties

Module 4
Section A: Remoting Authentication
Authentication Passing Credentials
Hard Code User

Section B: Remoting Authorization
Web.config File
Allow Users Test Authorization
Principal Permission

Section C: Web Services Introduction Overview
View Code
Namespace WebMethod
StreamWriter Client Form
Client Form Code Permissions

Section D: Web Reference and Proxy
Add Web Reference Protocols
Reference Parts
Reference.vb

Section E: Disabling Protocols Overview
Locking Down HttpPost and HttpGet
Override Settings
Undo Changes

Section F: Web Services Authentication Overview
Directory Security
Client Credentials
PreAuthenticate NetworkCredential

Module 5
Section A: Web Services Authorization
Specify User
Wrong User Method
Level Troubleshoot

Section B: Deploying Security Policy
Policy Configuration
Policy Packages
Deployment Options
Grant Full Trust
Create Deployment Pkg

Section C: No Touch Deployment Overview
Deploy RichClient
Adjust Security Policy
Adjust Zone Security
Reset Default Policies

Section D: .NET Deployment Options
Private Assemblies
Shared Assemblies
Assembly Versioning
Global Assembly
Cache Install from GAC
Uninstall from GAC

Section E: Deploy with Visual Studio
Create Setup
Project Define Setup
Project Create/Add
Merge Module
Create Client
Install Customize Setup
Project Other Editors
Finalize Project
Install/Uninstall Project

Section F: Deploy ASP.NET Applications
Copy Project
Web Setup Project
Add Merge Module
Configure Security
DeployWeb.msi

Section G: Cryptography Types Overview
Symmetric Cryptography
Asymmetric Cryptography
Symmetric/Asymmetric

Section H: Cryptography Types (cont.)
Symmetric Example
Crypto Provider
CryptoStream Decrypt
Encryption/Decryption

Module 6
Section A: Create Key Files
Test Encryption
Public Key Code
Add Private Key
Convert to Byte Arrays
Encrypt Data
Read Encrypted
Text Decrypt Data

Section B: Hash Codes Features
Create Hash Array to Save
Calculate Hash
Verify Hash

Section C: Digital Signatures Overview
Not Verified Select File
Calculate Hash
Create Signature
Verify Signature

Section D: Generating Random Keys
Forms Authentication
machineKey Element
Verify View
State Generate Key
Generate Key Code
Convert to String

Section E: Buffer Overflow Overview
Generate Overflow
Unmanaged Code

Section F: SQL Injection Attacks
Attack Example
How It Works
Attack Types
Stored Procedure
SQL Injection Protection

Section G: Cross-Site Scripting
Attack Overview Example
View Results
Fixing the Code
Closing Holes
Keeping Current

Section H: The Human Element Hackers
Hacker Scenario
Preventative Measures
The Insiders