Page 233 - aREA ix eXHIBITS

P. 233

17. Authorization This may include the following:
 Configuring Authorization and Roles Provider
 Authorizing Access to Resources
 Create roles
 Authorize roles by using configuration
 Authorize roles programmatically
 Create custom role providers; implement WCF service
authorization
18. Secure MVC Web This may include the following:
Application  Secure communication by applying SSL certificates
 Salt and hash passwords for storage
 Use HTML encoding to prevent cross-site scripting
attacks (ANTI-XSS Library)
 Implement deferred validation and handle unvalidated
requests, for example, form, querystring, and URL
 Prevent SQL injection attacks by parameterizing queries
 Prevent cross-site request forgeries (XSRF)

19. Malicious Attacks This may include the following:
 Cross-site scripting
 SQL injection
20. HTTP Modules and This may include the following:
HTTP Handlers  Implement synchronous and asynchronous modules
and handlers
 Choose between modules and handlers in IIS
21. Windows Azure This may include the following:
Web Service  Creating and Coding a service on Windows Azure
Cloud Services
 Consuming Data from a Windows Azure Service
22. Staging or Staging or production server may include:
Production  On-premise web server
 Windows Azure Cloud Service, Websites, or Virtual
Machine with Internet information Services (IIS)
installed

Page 39
Training Regulations – Programming (.NET Technology) NC III Promulgated – December 2013

228 229 230 231 232 233 234 235 236 237 238