Class Summary: This hands on, two (2) day class will help students learn how to write hardened ASP.NET based web services. Day one (1) will start off with the very basics of C# and Visual studio and slowly progress through a variety of topics as they pertain to web service hardening. On day two (2), students will dive into standard web service security, and end with trainees writing their own secure service for a fictional project. Individuals who meet the requirements and write a working hardened web service, are entered into a prize drawing.
Syllabus:
1. Day One (1) –Fundamentals
a. Visual Studio – Quick Rundown
i. IDE Basics
ii. C# Hello World
b. Basics of Object Oriented Programming
c. Useful 3rd Party Libraries
i. JSON.NET (Newtonsoft.Json)
ii. PushSharp
iii. BouncyCastle
d. Basic Web Service writing
i. Bindings
ii. Database design (quick tutorial)
iii. SOAP Services
iv. RESTful Services
e. Basic Service Security
i. Response Encapsulation
ii. Input validation and Sanitizing
iii. XXE, SQLi, and ‘XSS’ mitigation
f. Transport Security
i. SSL
ii. Binding Parameters
g. Message Security
i. Credential Types
ii. Encryption
iii. Certificates
2. Day Two (2) – Intermediate Service Security
a. Replay Attacks
b. Cross Site Request Forgery
c. WS-Security (SOAP Services)
d. Signature Based Security (RESTful Services)
e. Performance and usability vs Security
f. Afternoon Hardened Web Service Development
Experience: This would be the first class I’ve taught on a national scale. I’ve taught people individually on both coding, and penetration testing. I served as an adjunct teacher while in High School and in College.
