This course measures a students ability to implement code using methods to minimize security risks and take advantage of the security functionality built into the .NET Framework.  When you pass the Implementing Security for Applications with Microsoft Visual Basic .NET exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

• Elective credit toward Microsoft Certified Application Developer (MCAD) for Microsoft .NET certification
• Elective credit toward Microsoft Certified Solution Developer (MCSD) for Microsoft .NET certification

As a Microsoft IT Academy Program Member, UCertifyOnline follows the approved Microsoft course curriculum, ensuring you receive the training and knowledge needed to succeed.  UCertifyOnline is so certain this course meets and exceeds the exam objectives, we guarantee you will possess the skills and knowledge required to pass your exam!

 Course Duration: 3 Months

Learning segments

Developing Applications by Using Security Best Practices

Develop code under a least privilege account within the development environment
Configure the Microsoft .NET development environment and operating system
Select the appropriate privileges
Develop code that runs under a least privilege account at run time
Develop code to run under a least privilege account that does not have administrator privileges
Use least privilege for access to resources such as the file system, registry entries, and database
Analyze security implications of calling unknown code
Write code to verify that the identity of a COM component matches the identity expected
Validate that data to and from third-party components conforms to the expected size, format, and type
Test for integrity of data after transmission
Evaluate unmanaged code
Write code that addresses failures in a manner that does not compromise security
Write code that defaults to a permission set that is more secure than the permission set that existed before the errors or issues occurred
Create error messages that do not compromise security
Develop code that includes security measures in each tier of the solution, also known as defense in depth
Implement application functionality to apply defaults that minimize security threats
Write code to prevent canonicalization problems
Create canonical references for resources
Validate that a reference is canonical
Validate external input at every boundary level to prevent security problems
Write code to test strings by using regular expressions
Write code to test the size of data
Write code to prevent SQL injection and cross-site scripting

Developing .NET Applications That Include Security Enhancements

Implement security by using application domains
Implement authentication
Implement a custom authentication mechanism in a Windows Forms application
Implement an appropriate Web application or Web service authentication mechanism to accommodate specific application security requirements
Implement functionality by consuming authenticated user information such as the IPrincipal, Membership, and Identity components of the .NET base class library
Write authorization code
Programmatically control access to functionality and data by using user information such as user identity, group membership, and other custom user information
Control access to Web applications by using URL authorization
Programmatically control access to functionality and data by using identities or criteria that are independent of user identity

Sign data by using certificates

Implement data protection
Use .NET cryptographic techniques

Encrypt and decrypt data by using symmetric and asymmetric cryptographic functions
Compute hashes by using cryptographic functions
Write code to create cryptographically random numbers for cryptographic functions
Protect data in files and folders by creating, modifying, and deleting discretionary access control list (DACL) or security access control list (SACL) entries
Encrypt and decrypt data by using the Data Protection API (DPAPI)
Implement security for an application or shared library by using .NET code access security.
Demand a code access permission such as FileIOPermission
Group code access permissions into a permission set
Override code access security checks
Protect a resource in a library
Specify the permission requests of an application
Customize code access security
Access remote functionality in a manner that minimizes security risks
Use Web Services Enhancements for Microsoft .NET (WSE), such as WS-Security and WS-Interoperability
Configure .NET remoting for security

Configuring Application Security by Using the Microsoft .NET Framework and Operating System Tools

Work with .NET Security policies. Tools include the .NET Framework Configuration tool and the Code Access Security Policy tool
Analyze the code access permissions of an assembly by using the Permissions View tool
Configure security by using IIS and ASP.NET
Understand the security implications of impersonation
Configure ASP.NET impersonation
Configure Web folder permissions
Set appropriate permissions on Web application files
Configure a Web page or Web service to use SSL/TLS

Stabilizing and Releasing Applications in a Manner That Minimizes Security Risks

Perform unit testing on applications and components to identify security vulnerabilities
Release applications in a manner that minimizes security risks
Evaluate when to sign an assembly
Implement delayed signing
Create a strong named assembly
Configure security settings by using the .NET Framework Configuration tool and the Code Access Security Policy tool at deployment

For More Information E-Mail us at sales@UCertifyOnline.com