Clinic 2807A:

Microsoft Security Guidance Training for Developers II

Length:1 Days
Published:May 25, 2005
Language(s):English, French, German, Japanese, Portuguese(Brazil), Spanish
Audience(s):Developers
Level:200
Technology:Microsoft Windows Server 2003
Type:Clinic
Delivery Method:Instructor-led (classroom)
About This Clinic
This one-day instructor-led clinic discusses a wide variety of security concerns that software developers face when building applications. Each session of this clinic presents a different set of security concerns, and provides best practices and techniques to help reduce vulnerabilities associated with security concerns. The sessions in this clinic specifically examine security concerns in the application development life cycle, intranet solution development, improving security for external-facing applications, and building software solutions for Microsoft Windows Mobile environments.
Audience Profile
This clinic is intended for developers with experience using current .NET development languages and Microsoft Visual Studio .NET as their development environment. Most developers in this audience will have at least one to two years of experience.
At Clinic Completion
After completing this clinic, students will be able to:
  • Apply best practices to build security into the design, development, testing, and deployment and maintenance phases of the software development life cycle. This includes:
    • Describing a common development life cycle.
    • Describing ways to build security into the design phase and describing best practices for applying security in the design phase.
    • Describing ways to build security into the development phase and describing coding guidelines for applying security into the development phase.
    • Describing ways to build security into the testing phase.
    • Describing ways to build security into the deployment and maintenance phase.
  • Apply security best practices and enhancements throughout intranet solutions development. This includes:
    • Describing security threats that apply to intranet applications.
    • Applying the Microsoft .NET Framework application programming interfaces (APIs) for data encryption.
    • Describing the process for designing an application access-management strategy.
    • Describing the authentication options for intranet applications.
    • Describing the authorization options for intranet applications.
  • Apply security best practices and enhancements to Internet and extranet solutions. This includes:
    • Describing common security threats to Internet applications.
    • Describing the two common mechanisms for securing communication: virtual private networking (VPN) and Secure Sockets Layer (SSL).
    • Choosing an appropriate authentication mechanism for your application.
    • Describing the process of forms-based authentication.
    • Describing the security specifications for Web services.
  • Apply mobile device security best practices when building software solutions for Windows Mobile environments. This includes:
    • Describing security threats to mobile applications.
    • Describing device security best practices.
    • Describing the mobile security architecture for connected applications.
    • Describing strategies for security communication in mobile devices.
    • Encrypting data on a mobile device.
Clinic OutlineModule 1: Implementing Security in the Development Lifecycle
This session discusses best practices to add security to the design, development, testing, and deployment phases of your software development life cycle. The implementation of these practices can reduce the number and severity of security vulnerabilities in applications that are shipped to customers.
Lessons
  • Building Security into the Development Life Cycle
  • Building Security into the Design Phase
  • Building Security into the Development Phase
  • Building Security into the Testing Phase
  • Building Security into the Deployment and Maintenance Phase
Module 2: Developing More Secure Intranet Solutions
This session will cover strategies for incorporating security best practices for intranet solution development. Key concerns in intranet solutions are data security and identity management. This session describes security solutions for data security and identity management, including authentication and authorization, and provides practical guidance for how to implement security enhancements throughout intranet solutions.
Lessons
  • Introduction to Security for Intranet Applications
  • Data Security Fundamentals
  • Managing Identities
  • Authenticating Identities in Intranet Applications
  • Authorizing Identities in Intranet Applications
Module 3: Developing More Secure Internet Solutions
This session describes the security considerations specifically related to building software solutions for Windows Mobile environments. This session covers how to use the security features of the .NET Compact Framework in conjunction with Pocket PC and Smartphone capabilities to provide more secure file storage and data access, and to protect Windows Mobile device communications with application servers.
Lessons
  • Introduction to Security for Internet Applications
  • Securing Communication
  • Managing Identity
  • Authenticating with Forms
  • Securing Web Services
  • Microsoft Official Clinic learning products provide students with technical information on Microsoft products or technologies while discussing real-world considerations for their implementation. Clinics highlight features and functionality through product demonstrations.
Before attending this clinic, students must have:
  • Experience designing, developing, or testing in a Microsoft Windows environment.
  • Development experience with Microsoft Visual Basic, Visual C++, or Visual C#.
Have Questions? For advice about training and certification, connect with peers: For questions about a specific certification, chat with a Microsoft Certified Professional (MCP): To find out about recommended blogs, Web sites, and upcoming Live Meetings on popular topics, visit our community site:
Course index

Find Training Near You

Tip

Our Microsoft Certified Partners for Learning Solutions have not yet provided us with their schedules. This training may still be scheduled in your area.

Search for Certified Learning Solutions Partners in your area.

Related Services