The EC-Council Certified Secure Programmer .Net (ECSP) enables developers to identify flaws in the cybersecurity and improve the quality of products and applications by implementing the security countermeasures through the entire lifecycle of software development
This course lays the foundation for all application developers and development organizations intended to deliver applications with few security risks and greater stability to customers.
The objective of the course
To gain familiarity with .Net Application Security, ASP .Net Security Architecture that will help in understanding the need for application and common security threats to framework
Understand the security attacks on the .Net framework and explaining the life cycle of secure software development
Get introduced to threats to .Net assemblies and understand the stack walking processes
Understand the need for input validations, approaches, attacks, vulnerabilities and the best practises
Getting familiarized with the common threats and processes of authorization and authentication.
Discuss various security principles for:
session management tokens,
common threats to session management,
ASP.Net session management techniques, and
various session attacks
Understanding the importance of cryptography, cryptographic attacks, and namespaces in.Net
Covering the concepts of symmetric and asymmetric encryption, digital and XML signatures and digital certificates.
Understanding principles of error handling, levels of exception handling and various logging tools in.Net
A: Students in this course will acquire knowledge in the following areas:
.Net framework security features and various secure coding principles
.Net framework run time security model, role-based security, code access security (CAS), and class libraries security
Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
Defensive techniques against session attacks, cookie security, and View State security
Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
Defensive techniques against path traversal attacks and defensive techniques against canonicalization attack and file ACLs
Mitigating vulnerabilities in machine config files, mitigating the vulnerabilities in app config files, and security code review approaches
The importance of secure programmers and certified secure programmers, the career path of secure programmers, and the essential skill set of secure programmers
A: iLearn is EC Council’s online, self-paced option which means that all of the same modules taught in the live course are recorded and presented in a streaming video format. A certification candidate can set their own learning pace by pausing the lectures and returning to their studies as their schedule permits!