.NET, ASP.NET, ASP.NET Core, Security, XSRF

Secure .NET Programming

In order to avoid attacks your systems are now be continuously updated to the latest versions, firewalls and Anti-virus applications make the systems secure.

However, are your self-developed applications secured?

In this workshop, you will learn typical attacks, what you need to consider in your applications, and how to prevent SQL injection, cross-site scripting (CSS), HTTP response site splitting, and cross-site request forgery (XSRF, CSRF).

This workshop gives you information how to make your ASP.NET Core, ASP.NET MVC, and ASP.NET Web Forms applications secure.


This workshop is for all .NET programmers and software architects who think about the security of their applications.


Knowledge of C# and .net is assumed.


Intro to security and security attacks

  • Buffer overruns
  • String formatting
  • Integer overflows
  • Command injection
  • Race conditions
  • Information leakage
  • Too much privileges

SQL Server and Entity Framework

  • Security with SQL Server
  • How to avoid SQL Injection
  • Connection Strings
  • Privileges with SQL Server

Crypto APIs

  • Using of .NET Crypto APIs
  • Random Numbers
  • Data Protection
  • Protecting Stored Data
  • User Secrets

Security of Web Applications and Services

  • Correct implementation of exception handling
  • Monitoring and logging
  • Protecting network traffic
  • HTML, URL and JavaScript encoding
  • Password management
  • Cross-Site Scripting (CSS)
  • HTTP Response Splitting
  • Cross-Site Request Forgery (CSRF, XSRF)
  • Magic URLS
  • Predictable Cookies and Hidden Form Fields
  • Authentication and Authorization

Topics will be adapted to the needs of the attendees.

Flexible Content

This workshop is offered as company-based workshop and occasionaly with open course dates. I'm flexible in adapting this workshop to your specific needs. Get in contact to discuss the knowledge you already have and the goals of your project.

Interested in this workshop?