Christian Wenz: ASP.NET Core Security - Episode 233

Christian Wenz works as a consultant, trainer, and author with a focus on web technologies and is the author or co-author of over 100 computer books. He regularly contributes to various IT magazines and speaks at conferences around the globe. Christian holds a "Diplom" (the German equivalent of a master’s degree) in Computer Sciences, and one in Business Informatics. In his day job, he is one of the founders of the web agency Arrabiata Solutions (http://www.arrabiata.com/) with offices in Munich, Germany, and in London, UK. He also frequently works with development teams to make their applications better performing, more secure, and more reliable.   Topics of Discussion: [2:51] Has Christian really written over 100 computer books? Christian talks about the books and the high points of technology that he has worked in. [7:16] What is the OWASP (Open Web Application Security Project) Top 10 list? [10:33] You always have to be aware that something may go wrong, and have a security mindset. [12:05] Again and again, make sure that you understand the fundamentals of web app security, because eventually, you will make a mistake in your code. [12:30] What is insecure design? [13:43] Christian talks about the enumeration scheme CWE: common weakness enumeration, which basically assigns a number to each risk or attack. [17:00] How should people be logging into their web sessions now with .NET7? [18:31] The major mistake you can make these days is to write your own authentication mechanism. [23:57] What is Christian’s favorite mechanism today for securing HTTP web services? [31:05] What are some of the tools Christian always reaches for, and how do we differentiate between static auditing and dynamically auditing an application?   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Programming with Palermo — New Video Podcast! Email us [email protected] Clear Measure, Inc. (Sponsor) .NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon! Jeffrey Palermo’s Twitter — Follow to stay informed about future events! Architect Tips — Video podcast! Azure DevOps Christian Microsoft Profile ASP.NET Core Security Christian’s Books on Amazon OWASP Identity Server Dependabot Security Code Scan Configuring Code Scanning for a Repository   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.