TypeClassroom Training


Audience & Prerequisites

Course Outline

Schedule & Fees


EC-Council Certified Secure Programmer – ECSP.net Training

The ECSP.Net course will be invaluable to software developers and programmers alike to code and develop highly secure applications and web applications. This is done throughout the software life cycle that involves designing, implementing, and deployment of applications..Net is widely used by organizations as a leading framework to build web applications. ECSP.Net teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications.EC-Council Certified Secure Programmer lays the foundation required by all application developers and development organizations to produce with greater stability and fewer security risks to the consumer. The Certified Secure Programmer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.


  • Familiarize you with .Net Application Security, ASP.Net Security Architecture and help you understand the need for application security and common security threats to .Net framework
  • Discuss security attacks on .Net framework and explain the secure software development life cycle
  • Help you to understand common threats to .Net assemblies and familiarize you with stack walking processes
  • Discuss the need for input validation, various input validation approaches, common input validation attacks, validation control vulnerabilities, and best practices for input validation
  • Familiarize you with authorization and authentication processes and common threats to authorization and authentication
  • Discuss various security principles for session management tokens, common threats to session management, ASP.Net session management techniques, and various session attacks
  • Cover the importance of cryptography in .Net, different types of cryptographic attacks in .Net, and various .Net cryptography namespaces
  • Explain symmetric and asymmetric encryption, hashing concepts, digital certificates, digital and XML signatures
  • Describe the principles of secure error handling, different levels of exception handling, and various .Net logging tools
  • Examine file handling concepts, file handling security concerns, path traversal attacks on file handling, and defensive techniques against path traversal attack

Intended Audience

The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET Framework. It is designed for developers who have .NET development skills.


You must be well-versed with .NET programming language.

Course Outline                                       Duration: 3 Days

1 – Introduction to .NET Application Security

  • Microsoft .NET Application Security
  • Common Security Threats on .NET
  • Secure Development Lifecycle (SDL)
  • Secure Coding Principles
  • Guidelines for Developing Secure Codes

2 – .NET Framework Security

  • Introduction to .NET Framework
  • .Net Runtime Security
  • .NET Class Libraries Security
  • .NET Assembly Security
  • .NET Security Tools
  • Best Practices for .NET Framework Security

3 – Input Validation and Output Encoding

  • Input Validation
  • Input Validation Attacks
  • Defensive Techniques against XSS Attacks
  • Defensive Techniques against SQL Injection Attacks
  • Output Encoding
  • Sandboxing
  • Best Practices

4 – .NET Authorization and Authentication

  • Introduction to Authentication and Authorization
  • Authentication
  • Authorization
  • Authentication and Authorization Vulnerabilities
  • Authentication and Authorization Best Practices
  • Secure Communication

5 – Secure Session and State Management

  • Session Management
  • Session Management Techniques in ASP.NET
  • Session Attacks and Its Defensive Techniques
  • Securing Cookie Based Session Management
  • ViewState Security
  • Guidelines for Secure Session Management

6 – .NET Cryptography

  • Introduction to Cryptography
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hashing
  • Digital Signatures
  • Digital Certificates
  • XML Signatures

7 – .NET Error Handling, Auditing, and Logging

  • Error Handling
  • Exception Handling in ASP.NET
  • Exception Handling Best Practices
  • Auditing and Logging
  • Auditing and Logging Best Practices
  • .NET Logging Tools

8 – .NET Secure File Handling

  • File Handling
  • Attacks on File and Its Defensive Techniques
  • Securing Files
  • File Extension Handling
  • Isolated Storage
  • File Access Control Lists (ACLs)
  • Checklist for Securely Accessing Files

9 – .NET Configuration Management and Secure Code Review

  • Configuration Management
  • Machine Configuration File
  • Application Configuration Files
  • Code Access Security Configuration Files
  • Configuration Management Best Practices
  • Secure Code Review
  • Static Code Analysis Tools

Please write to us at info@itstechschool.com & contact us at +91-9870480053 for the course price & certification cost, schedule & location

Drop Us a Query

Exam Details:

  • Number of Questions: 50
  • Passing Score: 70%
  • Test Duration: 2 Hours
  • Test Format: Multiple Choice
  • Test Delivery: Innovative Technology Solutions Exam Center
  • Exam Prefix: 312-93

For more info kindly contact us.