Course code: GOC3314« Back

Security in ASP.NET Applications

The course looks into security of web applications from the different points of view and it is designed for programmers and administrators of web servers on Microsoft IIS platform, where ASP.NET application is running. The "programmer" and the "administrator" part are particularly close in security. That is the reason why the course is designed as a "tasting" of the other site. We will teach you to look at the problems of security of web applications in their all complexity: how to secure the server itself, how to write an application so as not to contain security bugs, how to secure data during the transmission and while saving on the server. The theoretical basis will be flavoured with stories from practice.

GOPAS Official Curriculum
 DateDurationCourse priceHandbook priceCourse languageLocation 
1/22/2020 3 12 300 CZK included in course price Český jazyk GOPAS Praha
3/25/2020 3 12 000 CZK included in course price Český jazyk GOPAS Brno
5/13/2020 3 405,00 EUR included in course price Slovenský jazyk GOPAS Bratislava

AffiliateDurationCatalogue priceHandbook priceITB
Praha3 12 300 CZK included in course price 30
Brno3 12 000 CZK included in course price 30
Bratislava3 405,00 EUR included in course price 30

Who is the course for

The course is designed for developers, administrators and architectss of web applications on ASP.NET platform

Required skills

Experience with .NET Framework platform
Basic experience with object orientated programming in C# or VB.NET language
Basic experience with development of web application on ASP.NET platform

Teaching methods

 Instructor-led classroom training with a lot of hands-on labs.

Teaching materials

Hands-on lab hand out, printed materials

Course outline


Four basic principles of security

Four basic principles of security

A bit of theory on the beginning

Consideration of types of security threats
Revealing of connected problems
Consideration of serioussness of security threats

Ensuring of server platform

Minimization of attack surface
Security Configuration Wizard
Fight against inner enemy
Defence into the depth
Encoding the configuration sections

Ensuring the channel of net communication

How does HTTP protocol work and why is not secure
How does SSL/TLS/HTTPS work
How to apply for web server certificate and how to install it
Quick creation of certificate using the utilities from SDK Platform
Operation of certification authority using Windows Certificate Services
Operation of certification authority using OpenSSL (on the Windows platform and not just there)

Ensuring the application

Identification, authentication, authorization
Security archtectures of web application
Accessible mechanism in IIS
How to write your own authentication modul and why not to do it

Forms Authentication in ASPNET

Authentication tickets and their validity
The time of ticket validity versus the lenght of session
Cookie and Cookieless authentication
Login Controls
Static credentials in web.config
Single sign-on within one domain

Saving of passwords

Encoding, hashing, HMAC
E-mail address verification
Solving of forgotten password
ASPNET Membership

Membership providers in ASP.NET
Initial setting
ASP.NET Universal Providers
Use of provider of the third party
Creation of your own membership provider


Roles of providers in ASP.NET
Creation of your own role of provider

Ensuring the data by encoding

Secrets, ciphers and paranois in the course of time
Symetric and asymetric encoding, combinations
Handling with keys
Practical implementation of encrypted saving of data in .NET using RSA and AES algorithm and corresponding architectures




Tištěné prezentace probírané látky

included in course price
The prices are without VAT.