Application Security Workshop

Application Security Workshop

Application security workshop targeting .NET developers and architects. This is a 2 day workshop, the first day is focused on application security, the second day is focused on application security architecture

mercoledì, 5. marzo 2025 - giovedì, 6. marzo 2025
2025-03-05 08:30:00 2025-03-06 17:30:00 Europe/Zurich Application Security Workshop Application security workshop targeting .NET developers and architects. This is a 2 day workshop, the first day is focused on application security, the second day is focused on application security architecture Isolutions Bern
 
Apertura porte 08:00
Inizio 08:30
Fine gio 06.03.2025, 17:30
 
Isolutions Bern
Schanzenstrasse 4c
3008 Bern
Svizzera
 
Visualizza mappa
Sito internet dell'organizzatore

Acquista biglietti

Twint MasterCard Visa ApplePay GooglePay American Express PostFinance PayPal

Description Day 1 (Wednesday, 5th March 2025)

Day one of the workshop shows how authentication, authorization and security requirements can be implemented using ASP.NET Core and DevOps with different identity providers. Some of the different approaches when implementing these in SPAs, or ASP.NET Core Razor/MVC will be explained, as well as the different OpenID Connect/OAuth flows which should be used or can be used for these types of solutions.

Application Security Overview

The module gives an overview of application security architecture and explains some of the topics from a top-level perspective. The different areas of applications security will be explained as well as best practice for multi factor authentication.

OpenID Connect, OAuth2 flows

This module explains the best practices for implementing OAuth and OpenID Connect in a software. The recommended flows and how they work will be highlighted and the attendees show gain a clear knowledge of when to use which flow for which application type.

DevOps Security

In the DevOps Security part, the focus is on possible attack vectors in the development process and how these can be mitigated in general and detected in relation to the source code using static security testing.

Protecting the session, client

Learn how your session can be attacked even if your authentication flow is perfect. Team up with your browser and learn about important security headers. In the exercises, you will demonstrate multiple attacks on an application and learn how to mitigate them.

API Authorization

This module looks at implementing authorization for APIs, exploring the different ways to secure the APIs, for example cookies, self-contained access tokens or reference tokens and introspection.

Securing SPA applications

Securing single page applications is hard. This is no common recommended best practice for securing SPA applications. This module shows the current recommendations for implementing security in SPAs and things like the backend for frontend architecture (BFF) will be explained.

Description Day 2 (Wednesday, 6th March 2025)

The second day of the workshop looks at how security architecture requirements can be planned and designed using ASP.NET Core and Azure DevOps/github with different identity providers. Some of the different approaches when designing these in cloud solutions, high security architectures will be explained as well as the different OpenID Connect/OAuth flows which should be used or can be used for these types of solutions.

App Architecture security Overview

The module gives an overview of application security architecture and explains some of the topics from a top-level perspective. Things like development security, infrastructure security, governance will be explained and well as how to plan and define requirements for security.

OpenID Connect, OAuth2 flows (Recap)

This module is a recap of the application security module and explains the best practices for OAuth and OpenID Connect. The recommended flows and how they work will be highlighted and the attendees should gain a clear knowledge of when to use which flow for which application type.

App Security architecture

This module explores architecture requirements for application security. The module makes use of application architecture best practices like for example quality attributes and explains what makes a good security context diagram, what type of requirements should be visible in a good diagram.

Choose the correct identity provider, authentication platform

Choosing the right identity provider for your software solution is not easy. This module explains some of the advantages and disadvantages of the different identity provider products and should give you the knowledge to choose the right identity provider for your solution authentication and authorization.

DevOps security Advanced

This module provides an overview of GitHub features with a focus on security features and goes into detail in the context of DevOps security. In particular, in the area of GitHub actions.

Authorization architecture

This module starts by explaining the technical implementation of current best practices when implementing authorization in ASP.NET Core applications. The module then looks at designing and planning application authorization architecture in software solutions.

https://www.isolutions.ch/en/lp/application-security-workshop

Artisti

www.isolutions.ch

Attendere Prego...