Skill Up Card - Course Bundles

Pricing is per delegate, giving you huge savings over the cost of individual courses.

UK = £2,000 + VAT per Skill Up Card
Ireland = €2,400 per Skill Up Card

View our Microsoft Skill Up Cards now

Office & Adobe Power BI Data Analyst Azure Admin Architect Microsoft 365 Admin Expert Azure Security

.Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N)

4.6 out of 5 rating Last updated 14/11/2024 English

Jump to outline

Global Schedule

GTR = Guaranteed to Run

03 Feb 25 Book

15:00 - 23:00 Live Online 2,359

14 Apr 25 Book

15:00 - 23:00 Live Online 2,359

23 Jun 25 Book

15:00 - 23:00 Live Online 2,359

25 Aug 25 Book

15:00 - 23:00 Live Online 2,359

27 Oct 25 Book

14:00 - 22:00 Live Online 2,359

08 Dec 25 Book

15:00 - 23:00 Live Online 2,359

Duration

4 Days

24 CPD hours

Overview

With a strong focus on real-world case studies and labs, this course will sharpen your ability to identify, analyze, and resolve security issues in their applications.
Working in a lab-intensive, hands-on coding environment students will explore:
- Understanding Cybersecurity Concepts: Gain a solid foundation in cybersecurity principles, the evolving threat landscape, and the language of the industry to better identify and address security issues in .NET applications.
- Ethical Bug Hunting Techniques: Learn safe and appropriate methods for hunting bugs, ensuring responsible and ethical practices while working to uncover and address vulnerabilities in your applications.
- Web Application Security: Master the skills required to analyze, identify, and mitigate vulnerabilities in web applications, following best practices and guidelines from organizations such as OWASP, WASC, CWE, and CERT Secure Coding Standard.
- Utilizing Industry-Standard Tools and Frameworks: Acquire hands-on experience with widely used tools and frameworks, such as Visual Studio and .NET Cryptography, to effectively and efficiently secure your applications.
- Improved Problem Solving and Debugging: Enhance your ability to identify, analyze, and resolve security issues in your applications through real-world case studies, labs, and expert instruction.
- Defensive Programming Techniques: Learn and apply defensive programming techniques like securing trust boundaries, input validation, and proper exception handling to create more robust and secure .NET applications.
- Cryptography in .NET: Develop a deep understanding of .NET cryptographic services, hash algorithms, symmetric and asymmetric encryption, and gain hands-on experience with a cryptography wrapper for .NET.
- Secure Software Development Processes: Gain insight into secure software development processes, including the concept of "shifting left" and the implementation of secure design principles, enabling you to create safer and more reliable .NET applications.
If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.

Description

Discover the cutting-edge of cybersecurity and elevate your skills as a .NET developer with our comprehensive Bug Hunting and Application Security course. Designed specifically for experienced .NET developers, our .Net Secure Coding Camp | Attacking and Securing C# / ASP .Net Web (Core) Applications is an immersive, hands-on training program that delves deep into the world of bug hunting, ethical hacking, and web application security. Through real-world case studies, engaging labs, and expert instruction, you'll gain the knowledge and skills needed to fortify your applications, stay ahead of emerging threats, and protect your organization from costly security breaches.
Upon completing this course, you will not only acquire a profound understanding of application security concepts and best practices but also enhance your problem-solving, debugging, and overall software development prowess. Empowered with these new skills, you'll be well-prepared to identify, address, and prevent security threats in your .NET applications, ensuring a robust and secure digital environment for your organization.
NOTE: PCI Compliant Developer Training: This secure coding training addresses common coding vulnerabilities in software development processes. This training is used by one of the principal participants in the PCI DSS. Having passed multiple PCI audits, this course has been shown to meet the PCI requirements. The specifications of those training requirements are detailed in 6.5.1 through 6.5.7 on pages 60 through 65 of the PCI DSS Requirements 3.2.1 document.

Why Hunt Bugs
The Language of Cybersecurity
The Changing Cybersecurity Landscape
AppSec Dissection of SolarWinds
The Human Perimeter
First Axiom in Web Application Security Analysis
First Axiom in Addressing ALL Security Concerns
Safe and Appropriate Bug Hunting/Hacking
Warning to All Bug Hunters
Working Ethically
Respecting Privacy
Bug/Defect Notification
Bug Hunting Pitfalls
Session: Scanning Web Applications

Scanning Applications Overview
Scanning Beyond the Applications
Fingerprinting
Vulnerability Scanning: Hunting for Bugs
Reconnaissance Goals
Data Collection Techniques
Fingerprinting the Environment
Enumerating the Web Application
Session: Moving Forward from Hunting Bugs

Removing Bugs
Open Web Application Security Project (OWASP)
OWASP Top Ten Overview
Web Application Security Consortium (WASC)
Common Weaknesses Enumeration (CWE)
CERT Secure Coding Standard
Microsoft Security Response Center
Software-Specific Threat Intelligence
Session: Bug Stomping 101

Unvalidated Data
CWE-787, 125, 20, 416, 434, 190, 476 and 119
Potential Consequences
Defining and Defending Trust Boundaries
Rigorous, Positive Specifications
Allow Listing vs Deny Listing
Challenges: Free-Form Text, Email Addresses, and Uploaded Files
A01: Broken Access Control
CWE-22, 352, 862, 276, and 732
Elevation of Privileges
Insufficient Flow Control
Unprotected URL/Resource Access/Forceful Browsing
Metadata Manipulation (Session Cookies and JWTs)
Understanding and Defending Against CSRF
CORS Misconfiguration Issues
A02: Cryptographic Failures
CWE-200
Identifying Protection Needs
Evolving Privacy Considerations
Options for Protecting Data
Transport/Message Level Security
Weak Cryptographic Processing
Keys and Key Management
NIST Recommendations
A03: Injection
CWE-79, 78, 89, and 77
Pattern for All Injection Flaws
Misconceptions With SQL Injection Defenses
Drill Down on Stored Procedures
Other Forms of Server-Side Injection
Minimizing Server-Side Injection Flaws
Client-side Injection: XSS
Persistent, Reflective, and DOM-Based XSS
Best Practices for Untrusted Data
A04: Insecure Design
Secure Software Development Processes
Shifting Left
Principles for Securing All Designs
Leveraging Common AppSec Practices and Control
Paralysis by Analysis
Actionable Application Security
Additional Tools for the Toolbox
A05: Security Misconfiguration
System Hardening: IA Mitigation
Risks with Internet-Connected Resources
Minimalist Configurations
Application Allow Listing
Secure Baseline
Segmentation with Containers and Cloud
CWE-611
Safe XML Processing
Session: Bug Stomping 102

A06: Vulnerable and Outdated Components
Problems with Vulnerable Components
Software Inventory
Managing Updates: Balancing Risk and Timeliness
Virtual Patching
Dissection of Ongoing Exploits
A07: Identification and Authentication Failures
CWE-306, 287, 798 and 522
Quality and Protection of Authentication Data
Anti-Automation Defenses
Multifactor Authentication
Proper Hashing of Passwords
Handling Passwords on Server Side
A08: Software and Data Integrity Failures
CWE-502
Software Integrity Issues and Defenses
Using Trusted Repositories
CI/CD Pipeline Issues
Protecting Software Development Resources
Serialization/Deserialization
A09: Security Logging and Monitoring Failures
Detecting Threats and Active Attacks
Best Practices for Logging and Logs
Safe Logging in Support of Forensics
A10: Server Side Request Forgeries (SSRF)
CWE-918
Understanding SSRF
Remote Resource Access Scenarios
Complexity of Cloud Services
SSRF Defense in Depth
Positive Allow Lists
Session: Moving Forward with Application Security

Applications: What Next
Common Vulnerabilities and Exposures
CWE Top 25 Most Dangerous SW Errors
Strength Training: Project Teams/Developers
Strength Training: IT Organizations
.NET Issues and Best Practices
Managed Code and Buffer Overflows
.Net Permissions
ActiveX Controls
Proper Exception Handling
Session: Exploring .Net Cryptography

.Net Cryptographic Services
The role of cryptographic services
Hash algorithms and hash codes
Encrypting data symmetrically
Encrypting data asymmetrically

Additional course details:

Nexus Humans .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the ITS Data Analytics course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) Course

Available Delivery Options for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training.

Live Instructor Led Classroom Online (Live Online)
Traditional Instructor Led Classroom (TILT/ILT)
Delivery at your offices in London or anywhere in the UK
Private dedicated course as works for your staff.

How many CPD hours does the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training provide?

The 4 day. .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training course give you up to 24 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

Which exam does the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training course prepare you for?

The .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) prepares you for the Yes official exam. You can take this exam at any exam center across UK including, England, Scotland, Cymru (Wales) or Northern Ireland or live online where ever you are. Exams vary in duration and if required you can request with the provider for any accommodations appropriate for you.

What is the correct audience for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training?

This is an intermediate level .Net programming course, designed for experienced .NET developers, software engineers, and
architects who are seeking to enhance their knowledge and skills in application security, bug hunting, and secure software
development. The course would also be well-suited for IT professionals, such as security analysts, security engineers, and
DevOps team members, who are responsible for ensuring the security and integrity of web applications in their organizations.

Do you provide training for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N).

Yes we provide corporate training, dedicated training and closed classes for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N). This can take place anywhere in UK including, England, Scotland, Cymru (Wales) or Northern Ireland or live online allowing you to have your teams from across UK or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) program.

The .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training takes place over 4 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

What other terms do people search for when looking for this course?

Popular related searched include C# / .Net; Application Security.

Why are Nexus Human the best provider for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N)?

Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for UK on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.

Is there a discount code for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training.

Yes, the discount code PENPAL5 is currently available for the .Net Secure Coding Camp | Attacking and Securing .Net Web Apps (for .Net Core / Latest Edition) (TT8320-N) training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us

Booking process was very easy. Once initial contact was made everything happened smoothly.

Pfizer

Great course yesterday and can’t give enough amazing feedback for John. I’ve never had a teacher hold attention of a class from start to finish, but yesterday he did this.

Jennifer O'Connor

Vistra

Alan delivered the training in an easy to understand and pleasant manner which was broken down into manageable chunks with an appropriate number of breaks to give folk time away from their laptops and screens. It is never easy to do 2 days of training on a fairly in-depth subject involving Software even in a classroom environment and remaining focused and engaged so doing it remotely adds another level of complexity, but I have to say that personally this was one of the best Training Events that I have attended for some years. I have gained so much knowledge of MS Project and it will certainly make my job easier going forward.

A large part of what I gained has to be credited to Alan’s manner and delivery and I should be grateful if you could pass on my thanks to him.

Also, the support, together with joining instructions & training literature etc from Nexus Human has been excellent – thank you for that. I intend feeding that back to our People and ICT Teams too

Nexus Human - Project class

December 2023

This was my 2nd course with Nexus Human and I enjoy the format of the courses.
This was very well-run, the instructor was superb and i will get a lot of benefit from having access for the next 6 months, I look forward to the next course.

Cathal

Kerry, Ireland

I would like to thank the staff of Nexus Human, who were very helpful, prompt, friendly and professional in helping me attain my Microsoft certification. I would like to thank Abdul in particular for his guidance during the course and commend him on his knowledge of software development.

Paul

ITC Group
Dublin

This is the 3rd course I have done with Arun. He is very helpful and always supportive if I have other questions outside the lecture parameters. I have already recommended him and Nexus Human to work colleges and would do so again after this course.

Philip

Nexus Human Classroom Student

The instructor was excellent. Was willing to field any questions we had and deal with our specific queries.

Excel student

The class just finished and I just wanted to mention to you that it was absolutely amazing. The quality of the training had very high standards, the trainer explained amazingly well and we actually practiced (did) all the steps. It was not learning by watching a presentation but by actually doing. The training has been delivered from Atlanta (US) and I cannot wait to go tomorrow in the office and recommend it. The connection and the lab environment were running perfectly.
Once again thank you very much and looking forward for the next trainings scheduled. Enrolling via Nexus Human was the perfect choice.

Cristina, Nexus Human IT Course Attendee

Firstly I would like to say thanks, I found the course I sat yesterday extremely beneficial and the instructor was fantastic, she was enthusiastic and engaging and I would highly recommend the course to friends and colleagues. The post class services are also excellent!

Adobe Student

Sharon was lovely and has a fantastic knowledge. Honestly I didn't think I needed part 1 but I am SO glad I came. Thank you. Will be back in for part 2.

Nexus Human Student

Excellent interaction and answered all of my questions. Looking forward to being able to apply some of the tips and features learned today which hopefully should have real impact on some of the more time consuming tasks currently encountered.

Nexus Human Power BI Attendee

Brilliant
Wonderful teacher
Course presented extremely well indeed

Nexus Human Student feedback