Dinis Cruz - Advanced ASP.NET Exploits and Countermeasures

Time: 8h

Program:

  • Module 1: Security Principles and .NET Framework Architecture.
    In this module you will lean the principles and architecture of the .NET Framework relating to Security.
  • Module 2: Threat Modelling and Exploiting ASP.NET Applications.
    In this module, you will use quick-and-dirty threat models to discover vulnerabilities in the target application and how to exploit vulnerabilities in ASP.NET Applications, including exploiting Buffer Overflows and Windows vulnerabilities via ASP.NET Applications.
  • Module 3: Exploiting Full Trust and Partial Trust Asp.Net Environments.
    Day 2 will start with a practical demonstration of the power of Full Trust ASP.NET Applications, how attackers could patch the .Net Framework and CLR and launching internal attacks to compromise servers and the data centres. You will also look how to exploiting insecure Partial Trust ASP.NET Environments.
  • Module 4: Advanced ASP.NET Countermeasures
    Now you know what the threats are and what could be done to jeopardise your ASP.NET applications, you will now learn how to defend against these attacks. You will learn how to create secure Data Validation and Authorization architectures, how to create secure ASP.NET hosting environments and how to build an ASP.NET Security Protection.
    At the end of this course you will walk away with a much better understanding of some of the weaknesses of .NET applications, particularly the internals of the .NET framework. You will also get the chance to put your skills to the test against a target application over the course of the class.