Course Outline

Microsoft's .NET framework for building and delivering Web services has a rich security model. The .NET Security for Developers Part 1 training from ATS starts with security basics including system design, security policy, and Windows security fundamentals, and then shows you how to effectively employ .NET features like SQL Server security and isolated storage. Expert instructors Andy Baron and Mary Chipman combine a practical approach to solving security problems faced by .NET developers with lots of code examples and explanations of underlying theory and concepts. At the conclusion of this training course, you'll be able to begin taking advantage of the security features in the .NET framework.

Prerequisites: Previous programming experience with Visual Basic.NET. (Bundle of 5 CD-Rom Multimedia modules).

Module 1
Section A: Introduction Security Systems
COM Environment
.NET Framework
Access/Permission
Managed vs. Unmanaged
Code Access Security
Permissions Sets
Security Concept

Section B: Assemblies Parts
Private vs. Strong-named
Global Assembly
Cache View Contents
View Manifest
Trusted Local Code
Partial Trusted Code

Section C: Edit Configuration Policy
.NET Framework Config.
Adjust Zone Security
Zone Effects

Section D: Design Secure Systems
Evaluate Risk
STRIDE Model
Prioritize Threats
Mitigating Threats
10 Laws of Security
Physical Protection
Password/Administration
Encryption/Viruses/Access

Section E: Security Policy
Policy Levels
Configuration Files
User Configuration
Configuration Tool Policy
Nodes Default
Zones Create Code
Group Set Permissions

Section F: Configure Policy
Runtime Security Policy
Adjust Zone Security
Set Internet Security
Edit Trusted Code Group
Membership Condition
Permission Sets
Add to Trusted Site

Section G: Create Evidence
Evidence Evaluation
Location Identity
Applying Evidence
No Additional Evidence
Load Assembly
Create Evidence
Load with New Evidence

Module 2
Section A: Security Tools Caspol
Using Caspol Edit
Confirmations Scripting
Caspol Verify Batch
Run Certificate
Security Tools
Additional Security Tools
Other Security Tool

Section B: Strong-Named Assemblies
Digital Signing
Hashes vs. Encryption
Signing Process Keys and Tokens
Signing Assembly
Delayed Signing

Section C: Exception Handling
Exception Class
Try/Catch Block
Unhanded Exception
Exception Object
Build Exceptions
Security Exception

Section D: Advanced Handling
Conditional Messages
Using Debug Mode
Conditional Constant Logging
Exception Log Event
.NET Error Handling
Redirect Pages

Section E: Best Code Practices
Building Assemblies
Code for Attacks
Trust Issues

Section F: Permission Requests
Create Permission
Set Run/View Permission Sets
Declarative Security
RequestMinimum Permission/Attributes
Provide Permission
Policy Exception

Section G: Declarative Options
Optional Permissions
RequestOptional
Permission Effects
RequestRefuse
SecurityException
PermissionSet
Inadequate Permissions

Module 3
Section A: Imperative Permissions
EnvironmentPermission
Object Imperative Security
ChangePermission
Set FileIOPermission
Declarative Techniques
Imperative Techniques
The Stack Walk

Section B: Effective Permissions
Remove Exclusive
Create Code
Group Evaluate
Assembly Least Restrictive
Using PermView Tool

Section C: Effective Permissions (cont.)
Copy Permission Sets
Change Permissions
NewMachine Code Group
Policy Levels
Most Restrictive Policy Levels

Section D: Windows Security Basics
Access Token View
Access Token
Securable Objects
Access Rights
DACL User Rights
Inherited Rights

Section E: DACLs & .NET GAC
Access Process
WMI Generate
WMI Wrapper
View/Use WMI
Class Copy DACL

Section F: Role-based Security Overview
Create Users and Groups Identities
Generic Identity
Windows Identity Objects
IsInRole
Enable Buttons Permissions

Module 4
Section A: Custom Application Security
Custom Roles
GenericPrincipal Setup
Role Arrays
Add Indentities to Role
Use Windows Indentity
Security Action Demand

Section B: Understanding Isolated Storage
Benefits Quota Controls Implementation
Limitations Isolated Store Structure
Use Store
Create Isolated Store
Reference Properties/Methods

Section C: Mechanics of Isolated Storage
Access Isolated Store
Create Directories
Create File in Store
FileModes
Create File in Subdirectory
Write/Read to File
Delete Methods

Section D: Using Isolated Storage Sample
Application Basic Process
Create Object Method
Serialize Object to File Use xmlserializer
Class Recall
Serialized Object
Use Deserialized Data
View XML File

Section E: Isolation Storage Types Overview
AppDomain Type
User/Assembly Types
GetStore Method
Roaming Users Types

Section F: Administering Isolated Storage Permissions Options Permission Settings
Permission Level Risks

Module 5

Section A: Installing SQL Server Service Accounts
Least-Privileged Acct
Authentication Modes
Desktop Engine (MSDE) sa login
Install Desktop Engine

Section B: SQL Server in Visual Studio.NET
Visual Database Tools
Server Explorer
Overview Design
View Database Connection

Section C: Enable Windows Accounts Authentication Setup Authentication Windows
Users Add Group in SQL Database
Access Add Admin
User Enable ASPNET login
Machine.Config File

Section D: SQL Server Logins
Create SQL Accounts
Add User with Scripts
Run/Verify Users
Add SQL Login
Deny SQL Access
Deny Users with Scripts
Revoke Users

Section E: SQL Server Roles Overview
Fixed Server Roles
Fixed Database Roles
Public Role

Section F: Custom Database Roles
Guest User
Standard Roles
Application Roles
Enterprise Manager
Object Ownership

Section G: Permissions Overview
Permission Statements
Permission Settings
Ownership
Chains Stored Procedures
Examples

Section H: Fine-tuning Permissions
Creating Objects
Add New Reference Results
View Scripts
Scripting Permissions