When does class start/end?
Class hours may vary, please reach out to contact@ascendientlearning.com if you have any questions.
Attacking and Securing C# / ASP.Net Web Applications
Discover the cutting-edge of cybersecurity and elevate your skills as a .NET developer with our comprehensive Bug Hunting and Application Security course. Designed specifically for experienced .NET...
Read MoreOverview
Discover the cutting-edge of cybersecurity and elevate your skills as a .NET developer with our comprehensive Bug Hunting and Application Security course. Designed specifically for experienced .NET developers, our .Net Secure Coding Camp | Attacking and Securing C# / ASP .Net Web (Core) Applications is an immersive, hands-on training program that delves deep into the world of bug hunting, ethical hacking, and web application security. Through real-world case studies, engaging labs, and expert instruction, you'll gain the knowledge and skills needed to fortify your applications, stay ahead of emerging threats, and protect your organization from costly security breaches.
Upon completing this course, you will not only acquire a profound understanding of application security concepts and best practices but also enhance your problem-solving, debugging, and overall software development prowess. Empowered with these new skills, you'll be well-prepared to identify, address, and prevent security threats in your .NET applications, ensuring a robust and secure digital environment for your organization.
NOTE: PCI Compliant Developer Training: This secure coding training addresses common coding vulnerabilities in software development processes. This training is used by one of the principal participants in the PCI DSS. Having passed multiple PCI audits, this course has been shown to meet the PCI requirements. The specifications of those training requirements are detailed in 6.5.1 through 6.5.7 on pages 60 through 65 of the PCI DSS Requirements 3.2.1 document.
Skills Gained
- Understanding Cybersecurity Concepts: Gain a solid foundation in cybersecurity principles, the evolving threat landscape, and the language of the industry to better identify and address security issues in .NET applications.
- Ethical Bug Hunting Techniques: Learn safe and appropriate methods for hunting bugs, ensuring responsible and ethical practices while working to uncover and address vulnerabilities in your applications.
- Web Application Security: Master the skills required to analyze, identify, and mitigate vulnerabilities in web applications, following best practices and guidelines from organizations such as OWASP, WASC, CWE, and CERT Secure Coding Standard.
- Utilizing Industry-Standard Tools and Frameworks: Acquire hands-on experience with widely used tools and frameworks, such as Visual Studio and .NET Cryptography, to effectively and efficiently secure your applications.
- Improved Problem Solving and Debugging: Enhance your ability to identify, analyze, and resolve security issues in your applications through real-world case studies, labs, and expert instruction.
- Defensive Programming Techniques: Learn and apply defensive programming techniques like securing trust boundaries, input validation, and proper exception handling to create more robust and secure .NET applications.
- Cryptography in .NET: Develop a deep understanding of .NET cryptographic services, hash algorithms, symmetric and asymmetric encryption, and gain hands-on experience with a cryptography wrapper for .NET.
- Secure Software Development Processes: Gain insight into secure software development processes, including the concept of "shifting left" and the implementation of secure design principles, enabling you to create safer and more reliable .NET applications.
Who Can Benefit
This is an intermediate level .Net programming course, designed for experienced .NET developers, software engineers, and architects who are seeking to enhance their knowledge and skills in application security, bug hunting, and secure software development. The course would also be well-suited for IT professionals, such as security analysts, security engineers, and DevOps team members, who are responsible for ensuring the security and integrity of web applications in their organizations.
Prerequisites
Incoming students should have skills equivalent to the topics in, or should have recently attended, this course as a pre-reqisuite:
- TTCN20483 Introduction to Programming in C# | Creating Apps in C# and .Net Core (20483)
Course Details
Session: Bug Hunting Foundation
- Why Hunt Bugs?
- Safe and Appropriate Bug Hunting/Hacking
Session: Scanning Web Applications
- Scanning Applications Overview
Session: Moving Forward from Hunting Bugs
- Removing Bugs
Session: Bug Stomping 101
- Recent, Relevant Incidents
- Finding Security Defects In Web Applications
- Unvalidated Data
- A01: Broken Access Control
- A02: Cryptographic Failures
- A03: Injection
- A04: Insecure Design
- A05: Security Misconfiguration
Session: Bug Stomping 102
- A06: Vulnerable and Outdated Components
- A07: Identification and Authentication Failures
- A08: Software and Data Integrity Failures
- A09: Security Logging and Monitoring Failures
- A10: Server Side Request Forgeries (SSRF)
Session: Moving Forward with Application Security
- Applications: What Next?
- .NET Issues and Best Practices
Session: Exploring .Net Cryptography
- .Net Cryptographic Services
Schedule
4 options available
-
Jun 23, 2025 - Jun 26, 2025 (4 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Aug 25, 2025 - Aug 28, 2025 (4 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Oct 27, 2025 - Oct 30, 2025 (4 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Dec 8, 2025 - Dec 11, 2025 (4 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
FAQ
Does the course schedule include a Lunchbreak?
Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.
What languages are used to deliver training?
Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.
What does GTR stand for?
GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.
How do I find an Ascendient Learning training location?
We have training locations across the United States and Canada - View a complete list of classroom training locations.
Which delivery formats are available?
At Ascendient Learning, we offer training that is Instructor-Led, Online, Virtual, and Self-Paced.
Does Ascendient Learning deliver group training?
Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.
What does vendor-authorized training mean?
As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.
Is the training too basic, or will you go deep into technology?
It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.
How up-to-date are your courses and support materials?
We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.
Are your instructors seasoned trainers who have deep knowledge of the training topic?
Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.
Do you provide hands-on training and exercises in an actual lab environment?
Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.
Will you customize the training for our company’s specific needs and goals?
We will work with you to identify training needs and areas of growth. We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.
How do I get started with certification?
Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.
Will I get access to content after I complete a course?
You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.
How do I request a W9 for Ascendient Learning?
View our filing status and how to request a W9.
Reviews
Sean is the very good instructor. I would like to take his class again in the future.
The tool provided to practice the course teachings is very functional and easy to use.
It was very informative and covered all the required materials along with handson labs for practice.
the course is good, covers many aspects, wish the lab is a little bit more in depth
This was effective way to provide a ton of information in a short time period.
