defdeveu courses

.net/C# specific

The language specific module

Secure coding in .net/C#

Developed by Riccardo ten Cate
  • Security features of .NET and what kind of protection they serve
  • C# language security (is C# a secure language?)
  • .NET-specific issues
    • Numeric overflow, automatic conversions
    • Serialization
    • Authentication, membership, provider model
    • Login controls, session management
    • Role based authorization
    • ViewState
    • Identity server
    • OAuth
  • Cryptography in .NET
    • How to use a key vault
    • How to test entropy of secure random solutions


We assume that the developers attending the C# secdev course:
  • are familiar with the C# language and with the .NET framework
  • understand the HTTP protocol, HTML and Javascript
  • are familiar with basic security features of an enterprise application (authentication, authorization, the concept of a session)
  • have .net core 2.0 SDK and a suitable IDE installed on their laptop (labs desktop)