Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Microsoft is major player in both the IT infrastructure and application development arenas. Based on the December 2015 Web Server Survey at, more than 27% of the 900 million+ public-facing Web sites use Microsoft’s IIS Web servers, associated Microsoft application development technologies, and associated infrastructure.

In this practical, information packed webinar, you will learn a structured approach to auditing the security of a typical Microsoft-based Web application. You will cover all key application building blocks of a typical web application built with Microsoft technologies, as well as common security risks, safeguards, and audit procedures. Sample configuration files and screens will be used to demonstrate audit data collection targets. In addition, you will receive a modularized audit checklist for each major application building block/control point, based on guidance from Microsoft and major industry standards groups.

This is a companion course to Cybersecurity Audits of Modern Web Applications. It is recommended that this course should be scheduled to follow the Modern Web Apps course.

Course Outline

  • Microsoft web application architectures: Identifying the control points
  • Auditing the Microsoft web storefronts – past and present: Internet Information Server (IIS) web server security
  • .NET Framework and the ASP.NET application server
  • Protecting the “vault”: Database network connection controls for MS-SQL Server DBMS
  • Summary of tools and techniques for testing ASP.NET application security: during and after development

Additional Information

Who Should Attend
  • Information Security Managers, Analysts, and Architects
  • IT Management
  • IT Architects
  • System Administrators/Software Engineers
  • Consultants
Learning Level






Advanced Preparation


Recommended Prerequisites

CyberSecurity Audits for Modern Web Applications (CY02) or equivalent web application knowledge. A basic understanding of IT application audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8