• Online, Self-Paced
Course Description

In this course, you will learn how to manage validation and prevent cross-site scripting and cross-site request forgery attacks, and how to implement a custom membership provider for ASP.NET MVC web applications.

Learning Objectives

Implementing Secure Sites

  • start the course
  • use HTML form encoding to prevent cross-site scripting attacks in an ASP.NET MVC web application
  • create and apply a salt to a hashed password before storing it in an ASP.NET MVC web application
  • create and use an SSL client certificate to provide SSL authentication in an ASP.NET MVC web application
  • encrypt a section of a application configuration file in ASP.NET MVC web application in Visual Studio 2017
  • implement deferred request validation in an ASP.NET MVC web application
  • use the AllowHtml attribute to disable request validation for a model property in an ASP.NET MVC web application
  • use the ValidateInput attribute to disable validation for an MVC controller action in an ASP.NET MVC web application
  • use parameterized SQL queries to prevent SQL injection attacks in an ASP.NET MVC web application
  • use an anti-forgery token along with the ValidateAntiForgeryTokenAttribute to protect against cross-site request forgery attacks in an ASP.NET MVC web application

Implementing Custom Membership Providers

  • set up a model class for a custom membership provider in an ASP.NET MVC web application in Visual Studio 2017
  • configure a custom membership provider in an ASP.NET MVC web application in Visual Studio 2017
  • test the operation of a custom membership provider in an ASP.NET MVC web application in Visual Studio 2017

Practice: Securing Communication

  • secure communication by applying SSL certificates; salt and hash passwords for storage

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.