Home : Technical Training Titles : Microsoft Technical Titles : Exam 70-340

Implementing Security for Applications with Microsoft Visual C# .NET - Exam 70-340

Course Description:

This course will give you the ability to implement code using methods to minimize security risks and take advantage of the security functionality built into the .NET Framework When you pass the Implementing Security for Applications with Microsoft Visual C# .NET exam, you achieve Microsoft Certified Professional status. You also earn:

Elective credit toward Microsoft Certified Application Developer (MCAD) for Microsoft .NET certification
Elective credit toward Microsoft Certified Solution Developer (MCSD) for Microsoft .NET certification

Prerequisites:

Candidates should work on an application development team in a software development environment that uses Microsoft Visual Studio® .NET 2003. Candidates have at least three years of experience developing n-tier applications and at least one year of experience using Visual Studio .NET 2003, including ASP.NET and ADO.NET.

Audience:

Candidates have experience developing both Web-based and Microsoft Windows®-based applications from start to finish

Deployment Options:

- Video Training
- CD-ROM
- E-learning
- ThinkTank Server Solution

Learning / Exam module:

MCSD Certification - Developing XML Web Services and Server Components with Microsoft Visual Basic .NET, Microsoft Visual C# .NET and the Microsoft .NET Framework Exam 70-310
Course Duration: 30-40 hours

About Our Experts:

Scott Anderson of IT Centers,
LLC has over 10 years training and consulting experience in the IT industry. He has developed software solutions for Fortune 1000 companies in America and Europe. His client list includes Blue Cross/Blue Shield of Northern New Jersey, Blue Cross/Blue Shield of North Carolina, CIGNA, Prudential Insurance Company and New York Life Insurance Company. Scott's experience in the IT industry has stemmed from developing solutions from a vendor neutral stance, thereby providing the best possible technology result. Scott instructs MCSD.NET classroom-based Boot Camps and Seminars across the United States.

Learning Segments:

INTRODUCTION

MODULE 1: Overview

.NET Assemblies

Assembly Parts

Metadata

Strong Name & Reflection

Security Overview

Type Safety Verification

Code signing

Encryption & Digital Signatures

Code Access & Role Base Security

Isolated Storage

Application Deployment

Versioning

Configuration

Review

MODULE 2: Overview

Metadata

Demo - ILDASM.exe

Reflection

Demo - Reflection

Review

MODULE 3: Overview

Security Basics Overview

Security Measures

Malicious Users & .NET

Best Practices

Threat Modeling

Creating Threat Models

Applying Threat Models

Review

MODULE 4: Overview

Cryptography & Digital Signing

Symmetric & Asymmetric Scenarios

Cryptography in the .NET Framework

Cryptography with Symmetric Algorithms

Demo - Symmetric Cryptography

Cryptography & Signing with Asymmetric Algorithms

Demo - Hashing

Signing Code

Demo - Strong Names

Review

MODULE 5: Overview

Evidence

Security Policy

Code Groups

Security Policy Level

Modifying Security Policy

Demo - Graphical Configuration

CasPol Tool

Demo - CasPol Tool

Security Operations Basics

Permission Demand

Permission Assert

Other Security Checks

Imperative & Declarative Security

AllowPartiallyTrustedCallers Attribute

Imperative Security

Demo - Imperative Security

Declarative Security

Demo - Declarative Security

Review

MODULE 6: Overview

Creating Windows Principal & Identity

Demo - Principal & Identity

Generic Identity & Principal

Demo - Generic Authentication

Principal Permission Object

Demo - Principal Permission

Review

MODULE 7: Overview

Defining Isolated Storage

Using Isolated Storage

Demo - Isolated Storage

Review

MODULE 8: Overview

Single & Multi-file Assemblies

Demo - Command Line Compilation

Private vs. Shared Assemblies

Demo - Global Assembly Cache

Review

MODULE 9: Overview

Deployment Methods

Creating a Setup Project

Demo - Deployment

Review

MODULE 10: Overview

Assembly Binding Basics

Side-By-Side Deployment

Configuration Files

Assembly Binding Process

Configuration File Syntax

Creating Policy Configuration Files

Demo - Assembly Redirection

Review

MODULE 11: Overview

Importance of Security

Security Challenges

Hackers & Attackers

Attack Types

Vulnerabilities

Implementing Security

Best Practices

Review

MODULE 12: Overview

Types of User Input

Why Validate Input?

Types of Validation

User Input Attacks

HTTP Cookie & Header Attacks

Form Data & Script Command Attacks

Demo - Web Form Attacks

Performing Validation

Concealing Information

Review

MODULE 13: Overview

ASP.NET Authentication Methods

Configuring ASP.NET

Windows Based Authentication

Demo - Windows Security

Forms Based Authentication

Implementing Forms Authentication

Demo - Forms Security

Review

MODULE 14: Overview

Internet Information Services (IIS)

Impersonation & User ID

Configuring Permissions

Client Authentication

Application Protection Level

Demo - IIS Server

IIS Summary

Windows Server 2000/2003

Access Control Lists

Best Practices

Demo - Creating ACLs

SQL Server

Authentication & Permissions

Best Practices

Demo - SQL Server

SQL to IIS Security

SQL Injection Attacks

Demo - Injection Attacks

Injection Attack Protection

Review

MODULE 15: Overview

Digital Certificates

SSL/TLS

IPSec

Review

MODULE 16: Overview

Web Security Differences

Creating a Test Plan

Performing a Security Test

Review

MODULE 17: Overview

Web Service Enhancements(WSE)

Cryptography

Web Application Security

User Input

General Good Practices

Critical Best Practices

Review

Related Products: