Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites
Microsoft Learning

Preparation Guide for Exam 70-330

Implementing Security for Applications with Microsoft Visual Basic .NET

Updated: September 2, 2008

Save 40 percent on retiring exams

This exam is now 40 percent off the retail price. To take advantage of the price reduction, simply register for the exam—no promotion code is required.

Related Links

On This Page
Exam newsExam news
Audience profileAudience profile
Credit toward certificationCredit toward certification
Preparation tools and resourcesPreparation tools and resources
Skills measuredSkills measured

Exam news

Exam 70-330 became available in June 2004.


Top of pageTop of page

Audience profile

Candidates for this exam work on an application development team in a software development environment that uses Microsoft Visual Studio .NET 2003. Candidates have at least three years of experience developing n-tier applications and at least one year of experience using Visual Studio .NET 2003, including ASP.NET and ADO.NET. Candidates have experience developing both Web-based and Microsoft Windows-based applications from start to finish.

Top of pageTop of page

Credit toward certification

When you pass Exam 70-330: Implementing Security for Applications with Microsoft Visual Basic .NET, you achieve Microsoft Certified Professional (MCP) status.


You also earn credit toward the following certifications:

Elective credit toward Microsoft Certified Application Developer (MCAD) for Microsoft .NET certification

Elective credit toward Microsoft Certified Solution Developer (MCSD) for Microsoft .NET certification

Top of pageTop of page

Preparation tools and resources

To help you prepare for this exam, Microsoft Learning recommends that you have hands-on experience with the product and that you use the following training resources. These training resources do not necessarily cover all of the topics listed in the "Skills measured" section.

Classroom training

Course 2350: Developing and Deploying Secure Microsoft .NET Framework Applications

Course 2840: Developing Secure Applications

Microsoft Press and other self-paced training products

MCAD/MCSD Self-Paced Training Kit: Implementing Security for Applications with Microsoft Visual Basic .NET and Microsoft Visual C# .NET (ISBN: 9780735621213)

Writing Secure Code, Second Edition (ISBN: 9780735617223)

Improving Web Application Security: Threats and Countermeasures

Microsoft certified practice tests

MeasureUp: Visit the MeasureUp Web site to take a practice test.

Self Test Software: Visit the Self Test Software Web site to take a practice test.

Microsoft online resources

Microsoft Learning Community: Join newsgroups and visit community forums to connect with peers for suggestions on training resources and advice on your certification path and studies.

TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical resources, newsgroups, and chats.

MSDN: Designed for developers, the Microsoft Developer Network (MSDN) features code samples, technical articles, downloads, newsgroups, and chats.

Top of pageTop of page

Skills measured

This certification exam measures your ability to implement code by using methods to minimize security risks and take advantage of the security functionality built into the .NET Framework. Before taking the exam, you should be proficient in the job skills listed in the following table. The table shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.

KEY:The course provides a general introductory overview of this task. You will need to supplement the course with additional work = The course provides a general introductory overview of this task. You will need to supplement the course with additional work    The course includes some material to prepare you for this task. You will need to supplement the course with additional work = The course includes some material to prepare you for this task. You will need to supplement the course with additional work    The course includes material to prepare you for this task = The course includes material to prepare you for this task
Skills measured by Exam 70-330Course 2350Course 2840
Developing Applications by Using Security Best Practices   

Develop code under a least privilege account within the development environment.

Configure the Microsoft .NET development environment and operating system.

Select the appropriate privileges.


The course includes material to prepare you for this task

Develop code that runs under a least privilege account at run time.

Develop code to run under a least privilege account that does not have administrator privileges.

Use least privilege for access to resources such as the file system, registry entries, and databases.


The course includes material to prepare you for this task

Analyze security implications of calling unknown code. Third-party components include .NET components, legacy COM components, ActiveX controls, Win32 DLLs, and Web services.

Write code to verify that the identity of a COM component matches the identity expected.

Validate that data to and from third-party components conforms to the expected size, format, and type.

Test for integrity of data after transmission.

Evaluate unmanaged code.


The course includes material to prepare you for this task

Write code that addresses failures in a manner that does not compromise security.

Write code that defaults to a permission set that is more secure than the permission set that existed before the errors or issues occurred.

Create error messages that do not compromise security.


The course includes material to prepare you for this task

Develop code that includes security measures in each tier of the solution, also known as defense in-depth.


The course includes material to prepare you for this task

Implement application functionality to apply defaults that minimize security threats.


The course includes material to prepare you for this task

Write code to prevent canonical problems.

Create canonical references for resources.

Validate that a reference is canonical.


The course includes material to prepare you for this task

Validate external input at every boundary level to help prevent security problems.

Write code to test strings by using regular expressions.

Write code to test the size of data.

Write code to prevent SQL injection and cross-site scripting.


The course includes material to prepare you for this task

Developing .NET Applications That Include Security Enhancements   

Implement security by using application domains.


The course includes material to prepare you for this task

Implement authentication.

Implement a custom authentication mechanism in a Windows Forms application.

Implement an appropriate Web application or Web service authentication mechanism to accommodate specific application security requirements.

Implement functionality by consuming authenticated user information, such as the IPrincipal, Membership, and Identity components of the .NET base class library.


The course includes material to prepare you for this task

Write authorization code.

Programmatically control access to functionality and data by using user information such as user identity, group membership, and other custom user information.

Control access to Web applications by using URL authorization.

Programmatically control access to functionality and data by using identities or criteria that are independent of user identity.


The course includes material to prepare you for this task

Sign data by using certificates.


The course includes material to prepare you for this task

Implement data protection.

Use .NET cryptographic techniques.

Encrypt and decrypt data by using symmetric and asymmetric cryptographic functions.

Compute hashes by using cryptographic functions.

Write code to create cryptographically random numbers for cryptographic functions.

Protect data in files and folders by creating, modifying, and deleting discretionary access control list (DACL) or security access control list (SACL) entries.

Encrypt and decrypt data by using the Data Protection API (DPAPI).

The course includes some material to prepare you for this task. You will need to supplement the course with additional work

The course includes material to prepare you for this task

Implement security for an application or shared library by using .NET code access security.

Demand a code access permission, such as FileIOPermission.

Group code access permissions into a permission set.

Override code access security checks.

Protect a resource in a library.

Specify the permission requests of an application.

Customize code access security.

The course includes some material to prepare you for this task. You will need to supplement the course with additional work

The course includes material to prepare you for this task

Access remote functionality in a manner that minimizes security risks.

Use Web Services Enhancements for Microsoft .NET (WSE), such as WS-Security and WS-Interoperability.

Configure .NET Remote for security.


The course includes material to prepare you for this task

Configuring Application Security by Using the Microsoft .NET Framework and Operating System Tools   

Work with .NET security policies. Tools include the .NET Framework Configuration tool and the Code Access Security Policy tool.


The course includes material to prepare you for this task

Analyze the code access permissions of an assembly by using the Permissions View tool.


The course includes material to prepare you for this task

Configure security by using IIS and ASP.NET.

Understand the security implications of impersonation.

Configure ASP.NET impersonation.

Configure Web folder permissions.

Set appropriate permissions on Web application files.

Configure a Web page or Web service to use SSL/TLS.


The course includes material to prepare you for this task

Stabilizing and Releasing Applications in a Manner That Minimizes Security Risks   

Perform unit testing on applications and components to identify security vulnerabilities.


The course includes material to prepare you for this task

Release applications in a manner that minimizes security risks.

Evaluate when to sign an assembly.

Implement delayed signing.

Create a strong named assembly.

Configure security settings by using the .NET Framework Configuration tool and the Code Access Security Policy tool at deployment.

The course includes some material to prepare you for this task. You will need to supplement the course with additional work

The course includes material to prepare you for this task

Note This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.


Top of pageTop of page

© 2015 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies
Microsoft