Loading…
AppSec USA 2017 has ended
Back To Schedule
Wednesday, September 20 • 9:00am - 5:00pm
Hands On Hardened Web Service Development using ASP.NET (1 of 2 days)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Class Summary: This hands on, two (2) day class will help students learn how to write hardened ASP.NET based web services. Day one (1) will start off with the very basics of C# and Visual studio and slowly progress through a variety of topics as they pertain to web service hardening. On day two (2), students will dive into standard web service security, and end with trainees writing their own secure service for a fictional project. Individuals who meet the requirements and write a working hardened web service, are entered into a prize drawing.

 

Syllabus:

1. Day One (1) –Fundamentals

a. Visual Studio – Quick Rundown

i. IDE Basics

ii. C# Hello World

b. Basics of Object Oriented Programming

c. Useful 3rd Party Libraries

i. JSON.NET (Newtonsoft.Json)

ii. PushSharp

iii. BouncyCastle

d. Basic Web Service writing

i. Bindings

ii. Database design (quick tutorial)

iii. SOAP Services

iv. RESTful Services

e. Basic Service Security

i. Response Encapsulation

ii. Input validation and Sanitizing

iii. XXE, SQLi, and ‘XSS’ mitigation

f. Transport Security

i. SSL

ii. Binding Parameters

g. Message Security

i. Credential Types

ii. Encryption

iii. Certificates

2. Day Two (2) – Intermediate Service Security

a. Replay Attacks

b. Cross Site Request Forgery

c. WS-Security (SOAP Services)

d. Signature Based Security (RESTful Services)

e. Performance and usability vs Security

f. Afternoon Hardened Web Service Development

 

Experience: This would be the first class I’ve taught on a national scale. I’ve taught people individually on both coding, and penetration testing. I served as an adjunct teacher while in High School and in College.



Speakers
avatar for Kelly Correll

Kelly Correll

Security Consultant, NTT Security
I work as a security consultant in NTT Security's Threat Services group. As part of my duties, I perform penetration assessments and social engineering assessments. I also own my own business developing business applications using ASP.NET based technologies. When I'm not working... Read More →


Wednesday September 20, 2017 9:00am - 5:00pm EDT
Fiesta 10

Attendees (6)