Secure coding / application security is the practice of developing applications, whether for computers, mobile devices or the web, in such a manner as to provide defense-in-depth against malicious attacks. Although security and threat modeling discussions often focus on the network and hardware resources to be implemented, software should be written with an approach of defensive coding as well. Best practices are in place for coders, but many in the application development field either don't know these best practices, or don't know them well enough to move quickly through the development process enough to reach their application launch goals. That's where this class comes in. We teach an all encompassing secure coding best practices course that prepares developers for quick know-how when meeting tough application demands. Plus, this class is mapped to the EC-Council Certified Secure Programmer (ECSP) certification.
- .Net framework security features and various secure coding principles
- .Net framework run time security model, role-based security, code access security (CAS), and class libraries security
- Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
- Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.