.net/C# specific

The language specific module

Secure coding in .net/C#

Developed by Riccardo ten Cate

  • Security features of .NET and what kind of protection they serve

  • C# language security (is C# a secure language?)

  • .NET-specific issues

    • Numeric overflow, automatic conversions

    • Serialization

    • Authentication, membership, provider model

    • Login controls, session management

    • Role based authorization

    • ViewState

    • Identity server

    • OAuth

  • Cryptography in .NET

    • How to use a key vault

    • How to test entropy of secure random solutions

Prerequisites

We assume that the developers attending the C# secdev course:

  • are familiar with the C# language and with the .NET framework

  • understand the HTTP protocol, HTML and Javascript

  • are familiar with basic security features of an enterprise application (authentication, authorization, the concept of a session)

  • have .net core 2.0 SDK and a suitable IDE installed on their laptop (labs desktop)