MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.

I'm not curious

ASP.NET Security Secrets Revealed

Course Summary

ASP.NET is full of little nuggets of security goodness, often doing their work in the background without you even noticing and other times secreted away within obscure corners of the framework. This course is about building familiarity with the breadth of

  • +

    Course Syllabus

    ● Introduction
        ◦ Introduction
    ● Configuration
        ◦ Setting up the Sample App
        ◦ Enabling Custom Errors
        ◦ Setting a Default Redirect Error Page
        ◦ Configuring the Redirect Mode
        ◦ Persisting Sessions in Cookies and URIs
        ◦ HTTP only Session Cookies
        ◦ Changing the Session Cookie Name
        ◦ Enabling and Using Tracing
        ◦ Request Validation
        ◦ Securing Content using the Location Element
        ◦ Hiding the ASP.NET Version Number
        ◦ Defaulting Cookies to HTTP Only
        ◦ Defaulting Cookies to Secure
        ◦ Enabling Retail mode on the Server
        ◦ The maxRequestLength Setting
        ◦ About Unsafe Header Parsing
        ◦ Summary
    ● Membership, Identity and Roles
        ◦ Understanding Membership and Identity
        ◦ Creating a Visual Studio 2012 Project
        ◦ The Forms Authentication Auth Cookie
        ◦ Persisting Accounts in the Database
        ◦ Forms Authentication Timeout
        ◦ Cookieless, Requiring SSL, HttpOnly and Cookie Name
        ◦ Sliding Expiration
        ◦ The Protection Setting
        ◦ Configuring Membership
        ◦ Roles
        ◦ Role Storage
        ◦ Summary
    ● MVC
        ◦ Automatic Output Encoding
        ◦ Html.Raw Helper
        ◦ AllowHtml Attribute
        ◦ Anti Forgery Tokens
        ◦ Authorise Attribute
        ◦ AllowAnonymous Attribute
        ◦ RequireHttps Attribute
        ◦ HTTP verb Tampering
        ◦ Summary
    ● Web Forms
        ◦ Understanding view State
        ◦ View State MAC Protection
        ◦ View State Encryption
        ◦ Output Encoding in Controls
        ◦ CSRF protection
        ◦ Enabling Unvalidated Requests
        ◦ Event Validation
        ◦ The ViewStateUserKey
        ◦ Summary
    ● General Security Principles and Tools
        ◦ Manual HTML Encoding
        ◦ CSS and JavaScript Encoding with AntiXSS
        ◦ Creating Custom Response Headers
        ◦ Encrypting Connection Strings
        ◦ Creating Trusted Connections
        ◦ The Security Implications of ELMAH
        ◦ NWebsec
        ◦ ASafaWeb
        ◦ Summary


Course Fee:
USD 29

Course Type:


Course Status:



1 - 4 hours / week

Attended this course?

Back to Top

Awards & Accolades for MyTechLogy
Winner of
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top