M2350 – Visual Studio Developing and Deploying Secure Microsoft .NET Framework Applications
Enquire/Book this course
Trained over 60000 delegates
Course delivered by industry expert instructors
Highly competitive pricing
Prerequisites: Developers who will gain the most from this course have a working understanding of the .NET Framework and some project experience writing .NET Framework client applications by using either Visual Basic .NET or Visual C#. Before attending this course, students must have:
- Experience developing applications by using the .NET Framework, including using:
- The common language runtime
- Managed execution
- Basic file I/O classes, such as the FileStream class
- Programming experience with Visual Basic .NET or Visual C#, including:
- Opening, building, running, and debugging projects in Visual Studio .NET
- Declaring variables and using loops and conditional statements
- Creating classes and methods
- Using attributes
- Programming Microsoft .NET by Jeff Prosise (Wintellect)
- Applied Microsoft .NET Framework Programming in Microsoft Visual Basic .NET by Jeffrey Richter & Francesco Balena (Wintellect)
- Course 2349: Programming with the Microsoft .NET Framework (Microsoft Visual C# .NET)
- Course 2415: Programming with the Microsoft .NET Framework (Microsoft Visual Basic .NET)
- Understand basic security and deployment problems that the .NET Framework can help prevent.
- Use the MSIL Disassembler to view assembly and type metadata.
- Use reflection to programmatically access assembly and type metadata.
- Use the STRIDE threat model to develop a threat mitigation strategy for an application.
- Encrypt and decrypt data by using symmetric and asymmetric encryption.
- Use permission requests to specify and to limit those permissions that are granted to code.
- Create a single-file assembly or a multifile assembly, depending on the requirements of the software development project.
- Create a private assembly or a shared assembly, depending on the requirements of the software development project.
- Create and access files that are written to isolated storage.
- Create a setup project that specifies where to install the files, what conditions must be met before installing certain files, and after the installation, what custom actions to perform.
- Describe the process that the runtime uses to ensure that it finds and binds to the correct version of an assembly.
- Create configuration files to modify the assembly version and the locations that the runtime searches to find assemblies.
- Introduction to .NET Assemblies
- Overview of Security Measures
- Overview of Deployment Concepts
- Define the term .NET Framework assembly.
- List the possible contents of a .NET Framework assembly.
- Describe common security and deployment problems that can be addressed by using .NET Framework assemblies.
- Describe the security architecture of the .NET Framework.
- Define terms and concepts used to describe deployment of applications that are built with the .NET Framework.
- Understand basic security and deployment problems that the .NET Framework can help prevent.
- Viewing Metadata
- Using Reflection
- Define assembly metadata.
- Define type metadata.
- Describe how the compiler uses assembly and type metadata to resolve references.
- Use the MSIL Disassembler to view assembly and type metadata.
- Use reflection to programmatically access assembly and type metadata.
- Security Basics
- Creating and Using a Threat Model
- Type-Safety Verification
- Describe the concept of security as it applies to traditional security measures and to applications written by using the .NET Framework.
- Use the STRIDE threat model to develop a threat mitigation strategy for an application.
- Describe how type-safety verification forms the basis of .NET Framework application security.
- Cryptography and Signing Basics
- Encrypting and Decrypting Data with a Symmetric Algorithm
- Encrypting, Decrypting, and Signing Data with an Asymmetric Algorithm
- Signing Code
- Generate a key for a symmetric algorithm from a password and a random number.
- Encrypt data by using a symmetric algorithm.
- Decrypt data by using a symmetric algorithm.
- Describe symmetric and asymmetric encryption, hashing, and digital signing.
- Encrypt and decrypt data by using a password and symmetric encryption.
- Encrypt, decrypt, and sign data by using asymmetric encryption.
- Hash data.
- Sign and delay-sign an assembly with a strong name.
- Overview of Code Access Security
- Modifying Security Policy
- Security Operations Basics
- Performing Imperative Security Operations
- Performing Declarative Security Operations
- Adding Permission Requests
- Perform demand and assert operations by using imperative code access security.
- Add minimum and optional permission requests to an assembly.
- Describe how the .NET Framework security system uses code access security to control the amount of permission to access computing resources that is granted to code.
- Modify security policy that is applied to assemblies.
- Use code to assert and to demand permissions imperatively.
- Use attributes to assert and to demand permissions declaratively.
- Use permission requests to specify and to limit those permissions that are granted to code.
- Role-Based Security Basics
- Role-Based Security with Principal and Identity Objects
- Role-Based Security with Permission Objects
- Perform a role-based security check by using a principal object
- Perform a role-based security check by using a permission object
- Perform a role-based security check by using a permission attribute
- Describe how role-based security is implemented by the .NET Framework.
- Perform role-based security checks with principals and identities.
- Perform role-based security checks with permission objects.
- Isolated Storage Basics
- Using Isolated Storage
- Describe the types of isolated storage.
- Describe the scenarios for using isolated storage.
- List the security permissions that are required for using isolated storage.
- Open a store.
- Create, read, and write files and folders in a store.
- Creating Single-File and Multifile Assemblies
- Creating Privately Deployed and Shared Assemblies
- Create a single-file assembly or a multifile assembly, depending on the requirements of the software development project.
- Create a private assembly or a shared assembly, depending on the requirements of the software development project.
- Overview of Deployment
- Creating a Setup Project
- Choose whether to use the XCOPY command, Microsoft Windows( Installer, or a Cab project to deploy an assembly.
- Create a setup project that specifies where to install the files, what conditions must be met before installing certain files, and what custom actions to perform after installation is complete.
- Deployment of an updated shared component across an enterprise.
- Allow a specific application to continue to use an earlier version of a shared assembly.
- Enforce binding policy across the enterprise without exception.
- Versioning and Assembly Binding Basics
- Configuration File Syntax
- Creating Policy Configuration Files
- Describe the process that the runtime uses to ensure that it finds and binds to the correct version of an assembly.
- Identify the XML element in a configuration file that modifies binding instructions.
- Create configuration files to modify the assembly version and the locations that the runtime searches to find assemblies.