0.5-2 Day(s)


This course will provide delegates with a sound understanding of current Payment Card Industry Secure Data Security Standards for building secure applications in the .NET Framework, using C# and/or VB.NET.

This course will provide delegates with a solid understanding of the issues facing web application developers using ASP.NET. Some aspects covered are generic to all web developers - while others are ASP.NET specific. The vast majority of flaws within ASP.NET applications are due to design or implementation details - or programmer error


Web Developers who need to learn about and implement the guidelines on Payment Card Industry (PCI) Compliance

Skills Gained

  • 1. Security Principles
  • 2. An understanding of OWASP and PCI DSS
  • 3. Writing compliant .NET code in C# and / or VB.NET
  • 4. How to test security
  • 5. How to build privacy into you application
  • 6. How to secure installations
  • 7. How to write secure documentation and error messages.


Experience of developing data-driven ASP.NET web applications in either C# or VB.NET

Course Specifics

Course Outline

PCI Compliance for ASP.NET - Application Security Training Course

Secure Development Overview

  • Case Studies
  • The Need for Secure Systems
  • Trustworthy Computing
  • Proactive Security Development
  • Security Principles
  • Threat Modelling

PCI DSS v1.2

  • What's new?
  • Common misconceptions


  • What is OWASP?
  • Current OWASP Top Ten

ASP.NET with PCI DSS 6.5

6.5.1 Cross-site scripting (XSS)

  • Understanding XSS
  • Validate Requests in
  • Validating all parameters before use

6.5.2 Injection flaws

  • Understanding SQL injection.
  • Understanding LDAP and Xpath injection flaws as well as other injection flaws.
  • Ado.Net and Sql Injection
  • Validating input to verify user data cannot modify meaning of commands and queries

6.5.3 Malicious file execution

  • Validating input to verify application does not accept filenames or files from users.
  • Using the File upload control
  • Flash, Java, ActiveX and Silverlight

6.5.4 Insecure direct object references

  • Avoiding exposing internal object references to users.
  • Using Code Access Security in
  • Understanding Trust levels

6.5.5 Cross-site request forgery

  • Understanding Cross-site request forgery (CSRF)
  • Dealing with authorization credentials and tokens automatically submitted by browsers
  • Cross site service security policies for Silverlight and Flash

6.5.6 Information leakage and improper error handling

  • Avoiding leaking information via error messages or other means.
  • Asp.Net exception handling
  • Exception handling patterns

6.5.7 Broken authentication and session management

  • Authenticating users and protect account credentials and session tokens.
  • Asp.Net membership system
  • Understanding and configuring asp.Net Session state

6.5.8 Insecure cryptographic storage

  • Preventing cryptographic flaws.
  • Using cryptography in .net
  • Using cryptography in .net Enterprise library v4.1

6.5.9 Insecure communications

  • Properly encrypting all authenticated and sensitive communications.
  • Understanding secure communications in and wcf

6.5.10 Failure to restrict URL access

  • Consistently enforcing access control in presentation layer and business logic for all URLs.
  • Using the Asp.Net membership system.

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

Upcoming Dates

Course Location Days Cost Date
2 1500 £1500 2018-07-17
2 1000 £1000 2017-10-25
2 1000 £1000 2017-10-23
2 1000 £1000 2017-10-19
2 1000 £1000 2017-09-22
1 1500 £1500 2017-09-07
2 1000 £1000 2017-09-06
1 1500 £1500 2017-08-31
2 1000 £1000 2017-08-28
2 1000 £1000 2017-08-28
2 1000 £1000 2017-08-07
1 1500 £1500 2017-07-27
1 1500 £1500 2017-07-20