Security concepts: authentication, protection, encryption
Reminders of the .NET platform structure
Security levels: application, runtime environment (CLR), framework

Code signing and verification
CLR configuration and protection models
CLR security strategy
Application deployment and execution rules

Practical workshop: assembly loading and securing (Code Access Security) – Code loading and unloading of an appdomain

Cryptography concepts: models (symmetric / asymmetric) and
.NET API engine for encryption and certificate management (signature, use)
Secure dialogue (SSL and HTTPS)

Practical workshop: data encryption with Cryptography.Pkcs – use of several tools security (Certificate Creation / Manage Tool, File Signing Tool, …)

Authentication mechanism offered by .NET
Role based and Configuration of .Net Policies on a workstation (codegroups)
Implementation of a protection model
Execution restrictions and use of isolated storage environments

Practical workshop: Identity and Principal objects – Use of ACL and DACL – Management of security policies using Mscorcfg.msc

Classic attack modes
Key and password management
Security of Web applications (IIS, ASP.NET, SharePoint)
Security of web services: .NET implementation of the WSS-I standard

Practical workshop: securing ASP.NET applications – Security in IIS – WS-Security implementation