Defensive Programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs/actions. In this course you will explore common risks to C#, how to counter common risks, the best way to deal with user input, and finally how to secure WCF applications.
Learning Objectives
Risks in C# Applications
- start the course
- list potential risks to C# UI applications
- describe what buffer overflows are and their impact
- identify how to prevent buffer overflows
Defending Against Attacks
- identify what form injection attacks typically take in C# applications
- describe how to mitigate injection attacks in C# applications
- identify how to prevent shatter attacks in .NET applications
- recognize how to prevent DLL highjacking in .NET applications
- use exceptions in C# applications
Working with User Input
- specify how to deal with bad data in your C# applications
- how to use input validation in a C# application
- how to use regular expressions to help in input validation
- recognize how to constrain user input to prevent bad data input
Defending SQL Data in C#
- describe what SQL injection attacks are
- recognize how to use Stored Procedures to aid in the defense of SQL injection attacks
- describe some of the pitfalls of using dynamic SQL
Securing WCF Applications
- illustrate how authentication works in WCF
- recognize how to verify service identities
- identify how to prevent NTLM attacks
- recognize how to work with the WindowsIdentity class
- describe potential XML risks in ASP.NET applications
- identify how to prevent against XML Entity expansion attacks
- list the potential problems that path traversal may cause
- recognize how to prevent path traversal attacks
Practice: Securing a C# Application
- use defensive coding techniques to create secure C# application