Security Folks .Net certs

Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
in Microsoft Developers Certifications
Would it be normal for someone who is supporting a web server to be certified on .net? (specifically 4.0)
· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    If you will be a programmer writing Web services and Web pages in ASP.NET then yes, you should look into .NET certification. If you are just an admin of Microsoft Web servers then you would look into the MCSE certs for Windows 2003 and the MCITP for Windows 2008 and later.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »
    If you will be a programmer writing Web services and Web pages in ASP.NET then yes, you should look into .NET certification. If you are just an admin of Microsoft Web servers then you would look into the MCSE certs for Windows 2003 and the MCITP for Windows 2008 and later.

    I will be the admin but I will also help out with development, mainly making sure we are doing things according to best practices.
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Bl8ckr0uter wrote: »
    I will be the admin but I will also help out with development, mainly making sure we are doing things according to best practices.
    You need to get with the people/organization that's defining the best practices that you will be following and ask what they recommend. If you are not an actual programmer then the ASP.NET developer certs are not for you.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »
    You need to get with the people/organization that's defining the best practices that you will be following and ask what they recommend. If you are not an actual programmer then the ASP.NET developer certs are not for you.

    That's my point, the developers aren't developing with security in mind and my boss has said, figure out what they need to do (not do it per se) so our new sites can be as secure as possible. Layer 7 on down. I was just wondering how much those certs cover security. I have the ASP.Net 4 book from wrox and it has a few chapters dedicated to security.
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Bl8ckr0uter wrote: »
    That's my point, the developers aren't developing with security in mind and my boss has said, figure out what they need to do (not do it per se) so our new sites can be as secure as possible. Layer 7 on down. I was just wondering how much those certs cover security. I have the ASP.Net 4 book from wrox and it has a few chapters dedicated to security.
    There are no .NET certs specifically for security. You'd be lucky to find that just one of the exams covered only security. Software security starts in the design of the program, not in the coding (implementation). Entire software engineering degrees are based on the concept of software systems security, so I don't think one or two .NET certs will help much.

    If you have a code base that's critical to the operations of your business, you might look into a professional assessment from a company like Citigal.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »
    There are no .NET certs specifically for security. You'd be lucky to find that just one of the exams covered only security. Software security starts in the design of the program, not in the coding (implementation). Entire software engineering degrees are based on the concept of software systems security, so I don't think one or two .NET certs will help much.

    If you have a code base that's critical to the operations of your business, you might look into a professional assessment from a company like Citigal.

    Ok maybe I am posing my question incorrectly. For a network admin of a small shop who happens to work for some web developers (also at this small shop) what would be some of security concerns when rolling some brand new asp.net applications from the development side. We wouldn't have money for a place like citigal to work on our code so all of this would need to be in house.
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I think I answered my own question. I just got web applications hackers handbook and Web security testing and these seem to be the answer I needed. Thanks!
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Note that Web sites must be tested both independently of the site's technology, and tested to find vulnerabilities specific to the technology used to implement the site. For example, a poor design of a site's authentication mechanism can exist in any implementation, while an exploit specific to a version of PHP can only used on sites that use PHP.

    An excellent organization to follow for information on Web site and application security is the Open Web Application Security Project (OWASP).
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »
    Note that Web sites must be tested both independently of the site's technology, and tested to find vulnerabilities specific to the technology used to implement the site. For example, a poor design of a site's authentication mechanism can exist in any implementation, while an exploit specific to a version of PHP can only used on sites that use PHP.

    An excellent organization to follow for information on Web site and application security is the Open Web Application Security Project (OWASP).


    I am actually considering joining the local branch of OWASP. I plan on following this organization very closely.

    This Web Application hackers book seems like it is going to be promising. I will have to have to pick up the database hackers book later.
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Just to revisit this thread, I found these sites/books:
    Security Tutorials: The Official Microsoft ASP.NET Site
    ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS
    Amazon.com: Beginning ASP.NET Security (Wrox Programmer to Programmer) (9780470743652): Barry Dorrans: Books
    Amazon.com: Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer) (9780735623316): Dominick Baier: Books
    · Share on FacebookShare on Twitter
Sign In or Register to comment.