This three-day instructor-led course provides students with the knowledge and skills that are needed to build Web applications by using security-enhanced coding techniques. Students will learn how to identify Web application security vulnerabilities and understand the trade-offs between functionality and performance when choosing the appropriate security mechanisms for their Web applications. Throughout this course, students will get hands-on experience in creating security-enhanced Web applications.

After completing this course, students will be able to:

• Define the basic principals of, and motivations for, Web security.
• Perform a threat analysis of Web-accessible assets
• Use knowledge of authentication, Security Identifiers (SIDs), Access Control Lists (ACLs), impersonation, and the concept of running with least privilege to help ensure access to only those system resources that are necessary to accomplish normal request processing
• Help protect file system data by using the features in Microsoft Windows 2000
• Use the Microsoft SQL ServerTM Security model and Microsoft ADO.NET to help protect a Web application against SQL Server injection attacks
• Use one of the CryptoService classes of the System.Security.Cryptography namespace to transform a block of data into cyphertext
• Help protect the portion of a Web application that requires private communications by using Secure Sockets Layer (SSL)
• Use general security coding best practices to help ensure a security-enhanced Web application
• Use the Microsoft .NET Framework to build security-enhanced Web applications
• Employ a structured approach to testing for Web application security
• Use a systematic approach and knowledge of security best practices to help protect an existing Web application

Before attending this course, students must have:

• Familiarity with n-tier application architecture.
• Experience in developing or designing distributed Web applications
• Experience with one or both of the following programming languages:
• Microsoft C#
• Microsoft Visual Basic .NET
• Experience in writing server-side and client-side scripts by using one or both of the following scripting languages:
• Active Server PAges (ASP)
• Microsoft ASP.NET
• Familiarity with all of the following Microsoft products and technologies is recommended:
• SQL Server 2000
• Microsoft Internet Information Services (IIS)

This course is intended for students who are responsible for the design and development of Web applications. These students typically have three to five years of experience in developing or designing distributed Web applications. Actual job role titles vary throughout the technology industry, and they may include, but are not limited to:

• Web Developer: The Web developer is responsible for developing the logic, coding, testing, and debugging of Web applications and Web application software

• Solutions Architect: The Solutions Architect is responsible for the design of the technical architecture of Web applications and Web-based software applications