Join our in person Smart Contract Hacking training at BlackHat Asia 2025

Secure Development Trainings

SCNET – DevSec .NET Masterclass

Learn how to attack and defend .NET applications and become a .NET security champion

Online

Trainers

Picture of Davide Cioccia

Davide Cioccia

Founder and Principal Security Architect @DCODX

Hi there! I’m Davide Cioccia, founder of DCODX, an ethical hacking, and DevSecOps consulting and coaching firm. Besides helping companies implement their Sec in DevOps, I’m also a developer of security tools (check our GitHub), OWASP Mobile Security Testing Guide contributor and DevSecCon Chapter Lead for the Netherlands. You can find my talks at security conferences like BlackHat, OWASP AppSec, DevSecCon, DevDays Europe and more online, together with some CVE disclosed to Microsoft and other big vendors. Enjoy my course :)  

Course overview

Unlock the full potential of secure software development with this in-depth training on secure coding and OWASP best practices in .NET Core. Designed for developers and security professionals, this course covers the critical principles and techniques needed to build robust, secure web applications in .NET Core.   Learn how to effectively mitigate OWASP Top 10 2021 vulnerabilities such as
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Broken Authentication
  • Cross-Site Request Forgery (CSRF), and Insecure Deserialization.
Dive deep into authentication and authorization in .NET Core, mastering the implementation of OAuth 2.0, Role-based Access Control (RBAC), and Claims-based authorization.   Learn how to integrate these security practices seamlessly into your CI/CD pipeline for continuous protection. By the end of this course, you’ll be equipped with the practical skills to implement secure coding techniques in your .NET Core projects, making you proficient in applying OWASP’s Application Security Verification Standard (ASVS) and best practices to safeguard your applications against current and emerging vulnerabilities. This course is hands-on.  Each LAB is an application to attack and defend. All our labs are powered by secdim.io

Syllabus

Secure coding introduction
Secure coding principles
From SDLC to SSDLC
OWASP Top 10 2021
OWASP ASVS and security requirements
CVSS: how to rate vulnerabilities
Exploiting the client side
LAB: XSS (Cross Side Scripting): DOM, Stored and Reflected
LAB: CORS misconfigurations
LAB: Security Headers (Attacking CSP)
LAB: Client side open redirect
Authentication and Authorization in .NET
Authentication in .NET Core: from the basics to implementing OAuth 2.0)
Authorization in .NET
Role-based access model
Policy-based access model
Claim-based access model
Resource-based access
Authorization and Access Control
LAB: Broken Access Control
LAB: Type Juggling attacks on hashing functions
LAB: Mass Assignment
LAB: Insecure Direct Object Reference
LAB: Path Traversal
CSRF (Cross Site Request Forgery)
Server Side Injections
LAB: SQL injections
LAB: Command injection
LAB: Code Injection
LAB: XML External Entities
LAB: Server-Side Request Forgery
LAB: Server Side Template Injections in RazorLight
Vulnerable and Outdated Components
The importance of SCA (Static Component Analysis)
LAB: Detecting known vulnerabilities using Snyk
Integrate SCA in the CI/CD pipeline
Detecting vulnerabilities in Laravel using SCA
Scanning your code using Semgrep
Semgrep basics
LAB: Semgrep for .NET : How to write rules
Semgrep automation in CI/CD

Contact us

Send
Us a
Message

⚡ We will reply in no time

Linkedin Instagram Github

Copyright © 2023 DC0DX. All rights reserved

More questions?

Book a free consultation with one of our experts

Book Now