Defensive Coding for C#

Overview/Description
Defensive Programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs/actions. In this course you will explore common risks to C#, how to counter common risks, the best way to deal with user input, and finally how to secure WCF applications.

Target Audience
Developers seeking an introductory guide to developing efficient, secure, applications that are defendable against a variety of issues

Prerequisites
None

Expected Duration (hours)
1.5

Lesson Objectives

Defensive Coding for C#

• start the course
• list potential risks to C# UI applications
• describe what buffer overflows are and their impact
• identify how to prevent buffer overflows
• identify what form injection attacks typically take in C# applications
• describe how to mitigate injection attacks in C# applications
• identify how to prevent shatter attacks in .NET applications
• recognize how to prevent DLL highjacking in .NET applications
• use exceptions in C# applications
• specify how to deal with bad data in your C# applications
• how to use input validation in a C# application
• how to use regular expressions to help in input validation
• recognize how to constrain user input to prevent bad data input
• describe what SQL injection attacks are
• recognize how to use Stored Procedures to aid in the defense of SQL injection attacks
• describe some of the pitfalls of using dynamic SQL
• illustrate how authentication works in WCF
• recognize how to verify service identities
• identify how to prevent NTLM attacks
• recognize how to work with the WindowsIdentity class
• describe potential XML risks in ASP.NET applications
• identify how to prevent against XML Entity expansion attacks
• list the potential problems that path traversal may cause
• recognize how to prevent path traversal attacks
• use defensive coding techniques to create secure C# application