Tujuan dari pelatihan ini adalah membahas berbagai macam teknik untuk mengamankan aplikasi web yang dibuat menggunakan teknologi ASP.NET.
Dengan mengikuti pelatihan ini peserta diharapkan dapat mengoptimalkan berbagai fitur yang ada pada framework ASP.NET untuk tujuan keamanan aplikasi web.
Materi:
- Configuration
- Setting up the Sample App
- Enabling Custom Errors
- Setting a Default Redirect Error Page
- Configuring the Redirect Mode
- Persisting Sessions in Cookies and URIs
- HTTP only Session Cookies
- Changing the Session Cookie Name
- Enabling and Using Tracing
- Request Validation
- Securing Content using the Location Element
- Hiding the ASP.NET Version Number
- Defaulting Cookies to HTTP Only
- Defaulting Cookies to Secure
- Enabling Retail mode on the Server
- The maxRequestLength Setting
- About Unsafe Header Parsing
- ASP.NET Identity
- Understanding ASP.NET Identity
- Creating a ASP.NET with ASP.NET Identity
- The Forms Authentication Auth Cookie
- Persisting Accounts in the Database
- Forms Authentication Timeout
- Cookieless, Requiring SSL, HttpOnly and Cookie Name
- Sliding Expiration
- The Protection Setting
- Configuring User
- Roles
- ASP.NET MVC
- Automatic Output Encoding
- Html.Raw Helper
- AllowHtml Attribute
- Anti Forgery Tokens
- Authorise Attribute
- AllowAnonymous Attribute
- RequireHttps Attribute
- HTTP verb Tampering
- ASP.NET Web Forms
- Understanding view State
- View State MAC Protection
- View State Encryption
- Output Encoding in Controls
- CSRF protection
- Enabling Unvalidated Requests
- Event Validation
- The ViewStateUserKey
- General Security Principles and Tools
- Manual HTML Encoding
- CSS and JavaScript
- Encoding with AntiXSS
- Creating Custom Response Headers
- Encrypting Connection Strings
- Creating Trusted Connections
- The Security Implications of ELMAH
Durasi: 3 hari
Actual Training 