When does class start/end?
Class hours may vary, please reach out to contact@ascendientlearning.com if you have any questions.
Comprehensive C# and Web Application Security
Functional code is only the beginning; truly professional C# development requires a mindset prepared for the unexpected. This C# and Web Application Security course transforms your approach to...
Read MoreOverview
Functional code is only the beginning; truly professional C# development requires a mindset prepared for the unexpected. This C# and Web Application Security course transforms your approach to software by moving beyond standard "happy path" programming to address how attackers exploit edge cases - from null references and malformed strings to massive data injections and integer overflows.
Through a series of hands-on labs and real-world case studies, learners develop the "healthy paranoia" necessary to maintain elite code hygiene and defend against modern cyber threats. While rooted in the OWASP Top Ten, this course explores deep-seated security pitfalls unique to the .NET ecosystem and ASP.NET Core, ensuring your applications remain resilient under pressure.
Skills Gained
- Understand fundamental cybersecurity concepts and the threat landscape.
- Identify and analyze common web application security vulnerabilities.
- Evaluate each element of the OWASP Top Ten 2025 in detail.
- Apply web security principles specifically within the C# and ASP.NET framework.
- Address advanced security threats that go beyond basic vulnerabilities.
- Manage and mitigate risks associated with third-party components and libraries.
- Understand the role of cryptography in maintaining software security.
- Implement cryptographic APIs correctly using C# best practices.
- Master the principles and various approaches to robust input validation.
Prerequisites
Students should have solid C# and web application development skills.
Course Details
Cyber Security Basics
- Understanding threat types and the CIA triad (Confidentiality, Integrity, Availability).
- Analyzing the consequences of insecure software and market constraints.
The OWASP Top Ten 2025
- <b>A01: Broken Access Control </b>– Managing authorization, IDOR, path traversal, and CSRF protection.
- <b>A02: Security Misconfiguration</b> – Configuring Content Security Policy (CSP), cookie security, and XML External Entity (XXE) prevention.
- <b>A03: Software Supply Chain Failures</b> – Managing third-party vulnerabilities, SBOMs, and using Software Composition Analysis in CI/CD.
- <b>A04: Cryptographic Failures</b> – Implementing hashing, symmetric/asymmetric encryption, and secure key exchange in C#.
- <b>A05: Injection</b> – Defending against SQL injection, OS command injection, and Cross-site Scripting (XSS).
- <b>A06: Insecure Design</b> – Applying the STRIDE model and secure design principles like least privilege and fail-safe defaults.
- <b>A07: Authentication Failures</b> – Managing multi-factor authentication, secure session handling, and adaptive password hashing.
- <b>A08: Software and Data Integrity Failures </b>– Using digital signatures (RSA/ECDSA), PKI, and preventing insecure deserialization.
- <b>A09: Logging and Alerting Failures</b> – Establishing robust monitoring, logging best practices, and using Web Application Firewalls (WAF).
- <b>A10: Mishandling of Exceptional Conditions</b> – Secure error handling and preventing information leakage through error reporting.
Web Application Security Beyond the Top Ten
- <b>X01: Lack of Application Resilience</b> – Mitigating Denial of Service (DoS) and Regular Expression Denial of Service (ReDoS) in C#.
- <b>X02: Memory Management Failures</b> – Handling integer overflows, signed/unsigned confusion, and truncation issues.
Course Wrap-up
- Reviewing the principles of robust programming and secure coding.
- Exploring .NET and C# resources for further reading.
Schedule
FAQ
Does the course schedule include a Lunchbreak?
Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.
What languages are used to deliver training?
Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.
What does GTR stand for?
GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.
How do I find an Ascendient Learning training location?
We have training locations across the United States and Canada - View a complete list of classroom training locations.
Which delivery formats are available?
At Ascendient Learning, we offer training that is Instructor-Led, Online, Virtual, and Self-Paced.
Does Ascendient Learning deliver group training?
Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.
What does vendor-authorized training mean?
As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.
Is the training too basic, or will you go deep into technology?
It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.
How up-to-date are your courses and support materials?
We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.
Are your instructors seasoned trainers who have deep knowledge of the training topic?
Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.
Do you provide hands-on training and exercises in an actual lab environment?
Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.
Will you customize the training for our company’s specific needs and goals?
We will work with you to identify training needs and areas of growth. We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.
How do I get started with certification?
Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.
Will I get access to content after I complete a course?
You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.
How do I request a W9 for Ascendient Learning?
View our filing status and how to request a W9.
Reviews
Sean is the very good instructor. I would like to take his class again in the future.
Good training. A lot to take in for the short amount of time we have though
Good Course. We covered a lot of material in a short amount of time. This course had useful labs that built upon each other.
This course is important because we work at CSOC and it's applicable to our daily work.
Provided good amount of material and a great instructor to teach the material.
