.NET, ASP.NET, ASP.NET Core, Security, XSRF

Secure .NET Programming

In order to avoid attacks your systems are now be continuously updated to the latest versions, firewalls and Anti-virus applications make the systems secure.

However, are your self-developed applications secured?

In this workshop, you will learn typical attacks, what you need to consider in your applications, and how to prevent SQL injection, cross-site scripting (CSS), HTTP response site splitting, and cross-site request forgery (XSRF, CSRF).

This workshop gives you information how to make your ASP.NET Core, ASP.NET MVC, and ASP.NET Web Forms applications secure.

Attendees

This workshop is for all .NET programmers and software architects who think about the security of their applications.

Prerequisites

Knowledge of C# and .net is assumed.

Topics

Intro to security and security attacks

• Buffer overruns
• String formatting
• Integer overflows
• Command injection
• Race conditions
• Information leakage
• Too much privileges

SQL Server and Entity Framework

• Security with SQL Server
• How to avoid SQL Injection
• Connection Strings
• Privileges with SQL Server

Crypto APIs

• Using of .NET Crypto APIs
• Random Numbers
• Data Protection
• Protecting Stored Data
• User Secrets

Security of Web Applications and Services

• Correct implementation of exception handling
• Monitoring and logging
• Protecting network traffic
• HTML, URL and JavaScript encoding
• Password management
• Cross-Site Scripting (CSS)
• HTTP Response Splitting
• Cross-Site Request Forgery (CSRF, XSRF)
• Magic URLS
• Predictable Cookies and Hidden Form Fields
• Authentication and Authorization

Topics will be adapted to the needs of the attendees.