- Overview of Mobile Application Security
- Authentication and Authorization for iOS/Android Mobile Devices
- Data Protection for Android
- Validation and Encoding for Android
- Introduction to Web Application Security
- Secure Coding
for Java - Secure Coding
for .NET - Threat Modeling
- Software Security Remediation Basics
- CSRF Explained
Secure Coding for .NET
Course Duration: 4 hours
Intended Audience: Developers
Once developers understand the basics, they are in a position to start learning more specific design and coding techniques for .NET application security. This self-paced, e-Learning course approaches application security practices and associated vulnerabilities as part of nine lessons. This course is also available in a Java security training version so that developers learn platform-specific concerns and countermeasures.
Lesson 1: Trust Boundaries
Course Objectives: After completing this lesson, you should be able to:
- Describe the concept of trust boundaries and how they apply to application security
- Demonstrate an understanding of general approaches for handling trust boundaries in applications
Lesson 2: Authentication
Course Objectives: After completing this lesson, you should be able to:
- Identify common authentication approaches
- Identify common authentication vulnerabilities
Lesson 3: Authorization
Course Objectives: After completing this lesson, you should be able to:
- Describe common approaches for authorizing system access
- Describe where authorization should occur
- Demonstrate knowledge of common authorization vulnerabilities
Lesson 4: Validation and Encoding
Course Objectives: After completing this lesson, you should be able to:
- Describe best practices for input validation
- Identify common vulnerabilities that proper validation can help address
Lesson 5: Information and Error Handling
Course Objectives: After completing this lesson, you should be able to:
- Describe the risks associated with poor information and error handling
- Describe best practices for containing sensitive information and handling application failure
Lesson 6: Non-Repudiation and Auditing
Course Objectives: After completing this lesson, you should be able to:
- Describe the value of non-repudiation, separation of duties, and support for auditing
- Identify best practices for logging and reporting error conditions
Lesson 7: Data Protection
Course Objectives: After completing this lesson, you should be able to:
- Demonstrate knowledge of the general concepts of modern cryptography
- Describe cryptographic best practices and common mistakes
- Identify approaches for handling data classification standards
Lesson 8: Configuration and Deployment
Course Objectives: After completing this lesson, you should be able to:
- Demonstrate knowledge of how proper configuration and deployment can manage the impact of existing vulnerabilities and prevent others
- Describe common configuration and deployment flaws and the danger they post to applications
Lesson 9: Defense in Depth
Course Objectives: After completing this lesson, you should be able to:
- Describe the concept of defense in depth
- Discuss how defense in depth applies to secure design and implementation
What Is ThreadStrong?
ThreadStrong is a self-paced, e-Learning solution designed by Denim Group's secure application development experts to help developers understand and apply the principles of secure design and coding.
ThreadStrong combines the hands-on knowledge of working software developers with the experience of world-sought trainers, who use best practices to provide practical and in-depth application security training content. Read more >>
Learn More About ThreadStrong
On-Site Training Available
If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.