Clinic 2807: Microsoft Security Guidance Training for Developers II

Clinic 2807: One–day; Instructor-Led

Take This Training
On This Page
IntroductionIntroduction
AudienceAudience
At Course CompletionAt Course Completion
PrerequisitesPrerequisites
Microsoft Certification examsMicrosoft Certification exams
Course MaterialsCourse Materials
Course OutlineCourse Outline
Take This TrainingTake This Training


Top of pageTop of page

Introduction

This one-day instructor-led clinic discusses a wide variety of security concerns that software developers face when building applications. Each session of this clinic presents a different set of security concerns, and provides best practices and techniques to help reduce vulnerabilities associated with security concerns. The sessions in this clinic specifically examine security concerns in the application development life cycle, intranet solution development, improving security for external-facing applications, and building software solutions for Microsoft Windows Mobile environments.


Top of pageTop of page

Audience

This clinic is intended for developers with experience using current .NET development languages and Microsoft Visual Studio .NET as their development environment. Most developers in this audience will have at least one to two years of experience.


Top of pageTop of page

At Course Completion

After completing this clinic, students will be able to:

Apply best practices to build security into the design, development, testing, and deployment and maintenance phases of the software development life cycle. This includes:

Describing a common development life cycle.

Describing ways to build security into the design phase and describing best practices for applying security in the design phase.

Describing ways to build security into the development phase and describing coding guidelines for applying security into the development phase.

Describing ways to build security into the testing phase.

Describing ways to build security into the deployment and maintenance phase.

Apply security best practices and enhancements throughout intranet solutions development. This includes:

Describing security threats that apply to intranet applications.

Applying the Microsoft .NET Framework application programming interfaces (APIs) for data encryption.

Describing the process for designing an application access-management strategy.

Describing the authentication options for intranet applications.

Describing the authorization options for intranet applications.

Apply security best practices and enhancements to Internet and extranet solutions. This includes:

Describing common security threats to Internet applications.

Describing the two common mechanisms for securing communication: virtual private networking (VPN) and Secure Sockets Layer (SSL).

Choosing an appropriate authentication mechanism for your application.

Describing the process of forms-based authentication.

Describing the security specifications for Web services.

Apply mobile device security best practices when building software solutions for Windows Mobile environments. This includes:

Describing security threats to mobile applications.

Describing device security best practices.

Describing the mobile security architecture for connected applications.

Describing strategies for security communication in mobile devices.

Encrypting data on a mobile device.


Top of pageTop of page

Prerequisites

Before attending this clinic, students must have:

Experience designing, developing, or testing in a Microsoft Windows environment.

Development experience with Microsoft Visual Basic, Visual C++, or Visual C#.


Top of pageTop of page

Microsoft Certification exams

No Microsoft Certification exams are associated with this course currently.


Top of pageTop of page

Course Materials

The student kit includes comprehensive notes supporting the topics discussed.


Top of pageTop of page

Course Outline

Session 1: Implementing Security in the Development Lifecycle

This session discusses best practices to add security to the design, development, testing, and deployment phases of your software development life cycle. The implementation of these practices can reduce the number and severity of security vulnerabilities in applications that are shipped to customers.

Topics

Building Security into the Development Life Cycle

Building Security into the Design Phase

Building Security into the Development Phase

Building Security into the Testing Phase

Building Security into the Deployment and Maintenance Phase

Session 2: Developing More Secure Intranet Solutions

This session will cover strategies for incorporating security best practices for intranet solution development. Key concerns in intranet solutions are data security and identity management. This session describes security solutions for data security and identity management, including authentication and authorization, and provides practical guidance for how to implement security enhancements throughout intranet solutions.

Topics

Introduction to Security for Intranet Applications

Data Security Fundamentals

Managing Identities

Authenticating Identities in Intranet Applications

Authorizing Identities in Intranet Applications

Session 3: Developing More Secure Internet Solutions

This session describes the security considerations specifically related to building software solutions for Windows Mobile environments. This session covers how to use the security features of the .NET Compact Framework in conjunction with Pocket PC and Smartphone capabilities to provide more secure file storage and data access, and to protect Windows Mobile device communications with application servers.

Topics

Introduction to Security for Internet Applications

Securing Communication

Managing Identity

Authenticating with Forms

Securing Web Services

About Microsoft Clinics

Microsoft Official Clinic learning products provide students with technical information on Microsoft products or technologies while discussing real-world considerations for their implementation. Clinics highlight features and functionality through product demonstrations.




Top of pageTop of page

Take This Training

Type your city and state or province to find classes currently
scheduled for this course at a training center near you.

Location:        



Top of pageTop of page