Class Details

5-Day Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Exam Voucher
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

For group training options, contact us at (240) 667-7757 or promo@phoenixts.com. 

Course Outline

.NET 

  • .NET Application Security
  • .NET Framework Security
  • Input Validation and Output Encoding
  • .NET Authorization and Authentication
  • Secure Session and State Management
  • .NET Cryptography
  • .NET Error Handling, Logging and Auditing
  • Secure File Handling in .NET
  • Configuration Management and Secure Code Review

Java

  • Java Security Intro
  • Software Development and Security
  • File Input and Output
  • Serialization
  • Input Validation
  • Error Handling and Logging
  • Authorization and Authentication
  • JAAS - Java Authentication and Authorization Service
  • Java Concurrency and Managing Sessions
  • Cryptography and Java
  • Vulnerabilities in Java Applications

Objectives

ECSP - .NET Objectives

  • Come to understand .NET Appliation Security, ASP .NET Security Architecture including an understanding of application security needs .NET framework frequent threats
  • Understand .NET framework attacks and the secure practices in the software development life cycle
  • Develop a strong grasp on .NET assemblies threats and stack walking processes
  • Learn about the importance and utilization of input validation, validation approaches, input validation attacls, control vulnerabilities and ideal practices for validation
  • Develop an understanding of authorization and authentication processes and typical security threats
  • Understand security principles for session management tokens, typical threats and attacks, ASP .NET session management methods
  • Understand the importance of .NET cryptography, cryptographic attacks and cryptogaphy namespaces
  • Symmetric and assymetric encryption, digital certificates, digital and XML signatures, and hashing
  • Secure error handling, various levels of exception handling and .NET logging tools
  • File handling concepts, security issues and concerns, path traversal attacks and defensive attacks

ECSP - Java Objectives

  • Understand Java security principles and best secure coding practices
  • Understanding and using Java Security Platform, JVM, Class loading, Security Manager, Bytecode verifier, Sandbox, Java Security Framwork and security policies
  • Using the secure software development lifecycle, threat modelling, secure software frameworks and architectures
  • Practices, standards and guidelines for file input/output security and serialization
  • Input validation methods in Java, vaidation erros and ideal practices
  • Exceptions, practices and erroneous behaviors
  • Authentication and authorization processes
  • Understanding the Java Authentication and Authorization Service (JAAS), the JAAS architecture, Pluggable Authentication Module (PAM) Framework and using the Java Security Model for accessing permissions
  • Java concurrency security and session management which entails the Java Memory Model, Thread implementation techniques, programming practices, and managing threats, race conditions and deadlocks
  • Java Cryptography secure coding for encryption, KeyGenerator, Cipher Class, Secret Keys, and Digital Signatures implementation
  • Understanding key management
  • Learning about vulnerabilities in Java applications, including Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Directory Traversa, HTTP REsponse Splitting, Paramenter Manipulation, Injection attacks, and counter measures in handling attacks

Class Exam

ECSP .NET Exam (312-94)

Details:

  • Format: Multiple Choice
  • Length: 2 Hours
  • Number of Questions: 50
  • Passing Score: 70% or Higher

Objectives:

  1. Intro to .NET Application Security
  2. .NET Framework Security
  3. Output Encoding and Input Validation
  4. .NET Authorization and Authentication
  5. Managing State and Secure Sessions
  6. .NET Cryptography
  7. .NET Error Handling, Logging and Auditing
  8. Secure File Handling with .NET
  9. Secure Code Review and Configuration Management for .NET

ECSP-Java Exam (312-93)

Details:

  • Passing Score: 70% or Higher
  • Format: Multiple Choice
  • Length: 2 Hours
  • Number of Questions: 50

Objectives:

  1. Java Security Intro
  2. Secure Software Development
  3. Serialization and File Input/Output
  4. Input Validation
  5. Error Handling and Logging
  6. Authorization and Authentication
  7. JAAS
  8. Session Management and Java Concurrency
  9. Cryptography and Java
  10. Vulnerabilities in Java Applications