• Online, Self-Paced
Course Description

Defensive Programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs/actions. In this course you will explore common risks to C#, how to counter common risks, the best way to deal with user input, and finally how to secure WCF applications.

Learning Objectives

Risks in C# Applications

  • start the course
  • list potential risks to C# UI applications
  • describe what buffer overflows are and their impact
  • identify how to prevent buffer overflows

Defending Against Attacks

  • identify what form injection attacks typically take in C# applications
  • describe how to mitigate injection attacks in C# applications
  • identify how to prevent shatter attacks in .NET applications
  • recognize how to prevent DLL highjacking in .NET applications
  • use exceptions in C# applications

Working with User Input

  • specify how to deal with bad data in your C# applications
  • how to use input validation in a C# application
  • how to use regular expressions to help in input validation
  • recognize how to constrain user input to prevent bad data input

Defending SQL Data in C#

  • describe what SQL injection attacks are
  • recognize how to use Stored Procedures to aid in the defense of SQL injection attacks
  • describe some of the pitfalls of using dynamic SQL

Securing WCF Applications

  • illustrate how authentication works in WCF
  • recognize how to verify service identities
  • identify how to prevent NTLM attacks
  • recognize how to work with the WindowsIdentity class
  • describe potential XML risks in ASP.NET applications
  • identify how to prevent against XML Entity expansion attacks
  • list the potential problems that path traversal may cause
  • recognize how to prevent path traversal attacks

Practice: Securing a C# Application

  • use defensive coding techniques to create secure C# application

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Software Development
  • Test and Evaluation
  • Vulnerability Assessment and Management