Workshop: Secure Programming for the Enterprise in .NET Framework / .NET Core
Not encrypting your data is a risky move and just relying on hope that you won't get hacked and compromised is not a winning strategy. As a software developer you have a duty to your employer to secure and protect their data. In this workshop, you will learn how to use the .NET Framework / .NET Standard 2 (.Net Core 2) to protect your data to satisfy confidentiality, integrity, non-repudiation, and authentication.
In this 2 day workshop we will take a practical approach to adding cryptographic security to your applications. Cryptography is generally regarded as being very hard to implement, but in this workshop we will show you that it is in fact very easy to do when you are given the right direction.
We will cover the following subjects:
- Generating cryptographically secure random numbers
- Hashing of data
- Authenticated hashing of data
- The best way to store passwords
- Practical examples of breaking hashed passwords from data breaches including rainbow table attacks and tools like Hashcat
- Storing passwords with Password Based Key Derivation Functions
- Symmetric Encryption with AES
- Asymmetric Encryption with RSA
- Key storage using files, the cryptographic service provider, Hardware security modules and certificates
- Azure Key Vault
- Digital Signatures
- Hybrid Encryption
- Using RSA and AES together to create a powerful and flexible encryption scheme
- Hybrid Encryption with Authenticated Hashing for Integrity
- Digitally signing Hybrid Encryption Data
- A look at emerging technologies using Cryptography like Blockchain
This is a practical workshop where you will be playing around with all the techniques discussed. We aim to demystify the complexity around using robust encryption and you will leave this workshop with all the knowledge and skills to robustly secure your organisations data.
You will need to be a competent C# developer. You don't need to be an expert, but you need to be familiar with the basic C# constructs.
You will need to supply your own laptop that has:
- Visual studio 2013, 2015 or 2017 installed. Community edition is fine.
- Or Visual Studio Mac, JetBrains Rider
- The latest version of .NET Core
- Ideally have local admin access to the laptop which will make some of the certificate exercises easier for you