Christian Wenz: ASP .NET Core Security - Episode 233

Azure DevOps Podcast

Episode | Podcast

Date: Mon, 20 Feb 2023 09:00:00 +0000

<p dir="ltr">Christian Wenz works as a consultant, trainer, and author with a focus on web technologies and is the author or co-author of over 100 computer books. He regularly contributes to various IT magazines and speaks at conferences around the globe. Christian holds a "Diplom" (the German equivalent of a master’s degree) in Computer Sciences, and one in Business Informatics. In his day job, he is one of the founders of the web agency Arrabiata Solutions (<a href="http://www.arrabiata.com/">http://www.arrabiata.com/</a>) with offices in Munich, Germany, and in London, UK. He also frequently works with development teams to make their applications better performing, more secure, and more reliable.</p> <p dir="ltr"> </p> <p dir="ltr">Topics of Discussion:</p> <p dir="ltr">[2:51] Has Christian really written over 100 computer books? Christian talks about the books and the high points of technology that he has worked in.</p> <p dir="ltr">[7:16] What is the OWASP (Open Web Application Security Project) Top 10 list?</p> <p dir="ltr">[10:33] You always have to be aware that something may go wrong, and have a security mindset.</p> <p dir="ltr">[12:05] Again and again, make sure that you understand the fundamentals of web app security, because eventually, you will make a mistake in your code.</p> <p dir="ltr">[12:30] What is insecure design?</p> <p dir="ltr">[13:43] Christian talks about the enumeration scheme CWE: common weakness enumeration, which basically assigns a number to each risk or attack.</p> <p dir="ltr">[17:00] How should people be logging into their web sessions now with .NET7?</p> <p dir="ltr">[18:31] The major mistake you can make these days is to write your own authentication mechanism.</p> <p dir="ltr">[23:57] What is Christian’s favorite mechanism today for securing HTTP web services?</p> <p dir="ltr">[31:05] What are some of the tools Christian always reaches for, and how do we differentiate between static auditing and dynamically auditing an application?</p> <p dir="ltr"> </p> <p dir="ltr">Mentioned in this Episode:</p> <p dir="ltr"><a href="https://clearmeasure.com/clear-measure-way/">Clear Measure Way</a></p> <p dir="ltr"><a href="https://clearmeasure.com/architect-forum/">Architect Forum</a></p> <p dir="ltr"><a href="https://clearmeasure.com/software-engineer-forum/">Software Engineer Forum</a></p> <p dir="ltr"><a href="https://palermo.network/programming-with-palermo">Programming with Palermo</a> — New Video Podcast! Email us <a href="mailto:programming@palermo.net">programming@palermo.net</a>work</p> <p dir="ltr"><a href="http://clearmeasure.com/">Clear Measure, Inc.</a> (Sponsor)</p> <p dir="ltr"><a href="https://www.amazon.com/NET-DevOps-Azure-Developers-Architecture/dp/1484253426"> .NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way, by Jeffrey Palermo</a> — Available on Amazon!</p> <p dir="ltr"><a href="https://twitter.com/jeffreypalermo?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor"> Jeffrey Palermo’s Twitter</a> — Follow to stay informed about future events!</p> <p dir="ltr"><a href="http://architecttips.clearmeasure.com/">Architect Tips</a> — Video podcast!</p> <p dir="ltr"><a href="https://azure.microsoft.com/en-ca/services/devops/?&amp;OCID=AID736756_SEM_7eul5uID"> Azure DevOps</a></p> <p dir="ltr"><a href="https://mvp.microsoft.com/en-us/PublicProfile/10224">Christian Microsoft Profile</a></p> <p dir="ltr"><a href="https://www.amazon.com/ASP-NET-Core-Security-Christian-Wenz-ebook/dp/B0B4KLD6FQ"> ASP.NET Core Security</a></p> <p dir="ltr"><a href="https://www.amazon.com/stores/Christian-Wenz/author/B001IR1F3A">Christian’s Books on Amazon</a></p> <p dir="ltr"><a href="https://owasp.org/">OWASP</a></p> <p dir="ltr"><a href="https://www.identityserver.com/">Identity Server</a></p> <p dir="ltr"><a href="https://github.com/dependabot">Dependabot</a></p> <p dir="ltr"><a href="https://security-code-scan.github.io/">Security Code Scan</a></p> <p dir="ltr"><a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#setting-up-code-scanning-using-actions"> Configuring Code Scanning for a Repository</a></p> <p><strong> </strong></p> <p dir="ltr">Want to Learn More?</p> <p dir="ltr">Visit <a href="http://azuredevopspodcast.clear-measure.com/">AzureDevOps.Show</a> for show notes and additional episodes.</p>