• After six month, I almost finished developing my last course : Application Security! The following are topics that is discussed in this course :

 Session 1 -Introduction

  • Introduction to Security
  • Main Concepts
  • Authentication, Authorization, Auditing
  • Confidentiality, Integrity, Availability

 

Session 2- Top Ten Security Bugs (1)

  • SQL Injection
  • DOM-based XSS
  • Stored XSS
  • HTTP Response Splitting
  • Cross-site Request Forgery

 

Session 3- Top Ten Security Bugs (2)

  • Predictable Cookie
  • Hidden Fields
  • Executing Code with Too much Privilege
  • Mobile Code
  • Use of Weak Password-based System

 

Session 4- Thread Modeling

  • STRIDE Approach
  • Microsoft Security Development Lifecycle (SDL)
  • Session 5- Code Access Security
  • CAS Basics
  • Writing Secure Assemblies
  • Controlling Access Permission

 

Session 6- Cryptography

  • Hashing
  • Symmetric Algorithms
  • Asymmetric Algorithms

 

Session 7- ASP.Net Security

  • Forms Authentication/Membership/Role Management Overview
  • Implementing Custom Role Provider
  • Top Ten Security Mistakes in ASP.Net

 

Session 8- IIS/ SQL Server Security

  • Authentication in IIS
  • Implementing HTTPS

 

Session 9- Active Directory

  • Active Directory Integration
  • Active Directory Application Mode (ADAM)
  • Active Directory Federation Services Overview

 

Session 10- WCF Security

  • Security Types
  • Using Certificates
  • Federated Security Overview

 

Session 11- Designing Authentication/Cryptography Mechanisms

  • Implementing Single-Sign-On
  • Using Application Service Client Profile
  • Using Security Application Block

 

Session 12- Designing Authorization Mechanism

  • RBAC Standard
  • Using Authorization Manager

 

Session 13- ISO 27001 Overview

  • Basics of ISO 27001
  • ISO 27001 Processes

 

Session 14- Security Tools

  • Code Analysis Tools
  • Thread Modeling Tools
  • Security Test Tools