Podevcast

Christian Wenz: ASP .NET Core Security - Episode 233

Azure DevOps Podcast

Episode | Podcast

Date: Mon, 20 Feb 2023 09:00:00 +0000

Christian Wenz works as a consultant, trainer, and author with a focus on web technologies and is the author or co-author of over 100 computer books. He regularly contributes to various IT magazines and speaks at conferences around the globe. Christian holds a "Diplom" (the German equivalent of a master’s degree) in Computer Sciences, and one in Business Informatics. In his day job, he is one of the founders of the web agency Arrabiata Solutions (<a href="http://www.arrabiata.com/">http://www.arrabiata.com/</a>) with offices in Munich, Germany, and in London, UK. He also frequently works with development teams to make their applications better performing, more secure, and more reliable. Topics of Discussion: [2:51] Has Christian really written over 100 computer books? Christian talks about the books and the high points of technology that he has worked in. [7:16] What is the OWASP (Open Web Application Security Project) Top 10 list? [10:33] You always have to be aware that something may go wrong, and have a security mindset. [12:05] Again and again, make sure that you understand the fundamentals of web app security, because eventually, you will make a mistake in your code. [12:30] What is insecure design? [13:43] Christian talks about the enumeration scheme CWE: common weakness enumeration, which basically assigns a number to each risk or attack. [17:00] How should people be logging into their web sessions now with .NET7? [18:31] The major mistake you can make these days is to write your own authentication mechanism. [23:57] What is Christian’s favorite mechanism today for securing HTTP web services? [31:05] What are some of the tools Christian always reaches for, and how do we differentiate between static auditing and dynamically auditing an application? Mentioned in this Episode: <a href="https://clearmeasure.com/clear-measure-way/">Clear Measure Way</a> <a href="https://clearmeasure.com/architect-forum/">Architect Forum</a> <a href="https://clearmeasure.com/software-engineer-forum/">Software Engineer Forum</a> <a href="https://palermo.network/programming-with-palermo">Programming with Palermo</a> — New Video Podcast! Email us <a href="mailto:programming@palermo.net">programming@palermo.net</a>work <a href="http://clearmeasure.com/">Clear Measure, Inc.</a> (Sponsor) <a href="https://www.amazon.com/NET-DevOps-Azure-Developers-Architecture/dp/1484253426"> .NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way, by Jeffrey Palermo</a> — Available on Amazon! <a href="https://twitter.com/jeffreypalermo?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor"> Jeffrey Palermo’s Twitter</a> — Follow to stay informed about future events! <a href="http://architecttips.clearmeasure.com/">Architect Tips</a> — Video podcast! <a href="https://azure.microsoft.com/en-ca/services/devops/?&OCID=AID736756_SEM_7eul5uID"> Azure DevOps</a> <a href="https://mvp.microsoft.com/en-us/PublicProfile/10224">Christian Microsoft Profile</a> <a href="https://www.amazon.com/ASP-NET-Core-Security-Christian-Wenz-ebook/dp/B0B4KLD6FQ"> ASP.NET Core Security</a> <a href="https://www.amazon.com/stores/Christian-Wenz/author/B001IR1F3A">Christian’s Books on Amazon</a> <a href="https://owasp.org/">OWASP</a> <a href="https://www.identityserver.com/">Identity Server</a> <a href="https://github.com/dependabot">Dependabot</a> <a href="https://security-code-scan.github.io/">Security Code Scan</a> <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#setting-up-code-scanning-using-actions"> Configuring Code Scanning for a Repository</a> Want to Learn More? Visit <a href="http://azuredevopspodcast.clear-measure.com/">AzureDevOps.Show</a> for show notes and additional episodes.