ECSP - EC-Council Certified Secure Programmer .NET

Course Description

The ECSP.Net course will be invaluable to software developers and programmers alike to code and develop highly secure applications and web applications. This is done throughout the software life cycle that involves designing, implementing, and deployment of applications.

.Net is widely used by organizations as a leading framework to build web applications. ECSP.Net teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications.

EC-Council Certified Secure Programmer lays the foundation required by all application developers and development organizations to produce with greater stability and fewer security risks to the consumer. The Certified Secure Programmer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.

This course is built with tons of labs peppered throughout the three days of training, offering participants critical hands on time to fully grasp the new techniques and strategies in secure programming.

Course Details

Course Objectives

Familiarize you with .Net Application Security, ASP.Net Security Architecture and help you understand the need for application security and common security threats to .Net framework
Discuss security attacks on .Net framework and explain the secure software development life cycle
Help you to understand common threats to .Net assemblies and familiarize you with stack walking processes
Discuss the need for input validation, various input validation approaches, common input validation attacks, validation control vulnerabilities, and best practices for input validation
Familiarize you with authorization and authentication processes and common threats to authorization and authentication
Discuss various security principles for session management tokens, common threats to session management, ASP.Net session management techniques, and various session attacks
Cover the importance of cryptography in .Net, different types of cryptographic attacks in .Net, and various .Net cryptography namespaces
Explain symmetric and asymmetric encryption, hashing concepts, digital certificates, digital and XML signatures
Describe the principles of secure error handling, different levels of exception handling, and various .Net logging tools
Examine file handling concepts, file handling security concerns, path traversal attacks on file handling, and defensive techniques against path traversal attack

Who Should Attend?

The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET Framework. It is designed for developers who have .NET development skills.

Exam Information

Number of questions: 50
Passing score : 70%
Test duration : 2 Hours
Test format : Multiple choice
Test delivery : EC-Council exam center
Exam prefix : 312-93

Course Content

.Net framework security features and various secure coding principles
.Net framework runtime security model, role-based security, code access security (CAS), and class libraries security
Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
Defensive techniques against session attacks, cookie security, and View State security
Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
Defensive techniques against path traversal attacks and defensive techniques against canonicalization attack and file ACLs
Mitigating vulnerabilities in machine config files, mitigating the vulnerabilities in app config files, and security code review approaches
The importance of secure programmers and certified secure programmers, the career path of secure programmers, and the essential skillset of secure programmers

Related Courses

ECSP - EC-Council Certified Secure Programmer JAVA

Total Seats:

Course Level:

Beginner

Duration :

40 Hours