Programming secure C#/.NET Applications: Dos & Don'ts
A user resets their password with an email containing a Kelvin symbol instead of a 'K'. This simple trick bypasses your security. Here's how to stop it.
#1about 5 minutes
AI-generated code can introduce security risks
AI tools can generate insecure code by using deprecated APIs, introducing biases like modulo bias, or having incomplete logic, requiring a manual security review.
#2about 11 minutes
Handling character encoding to prevent spoofing attacks
Visually similar Unicode characters can be used to spoof identities in attacks, which can be mitigated by using ordinal string comparison instead of culture-invariant comparison.
#3about 12 minutes
Mitigating SQL, command, and path traversal injections
Untrusted user input can lead to various injection attacks, which are prevented by using parameterized SQL queries, the ArgumentList property for processes, and robust path validation.
#4about 4 minutes
Avoiding deserialization vulnerabilities in JSON and XML
Insecure default settings in parsers, like TypeNameHandling in Newtonsoft.Json or DTD processing in XML readers, can lead to remote code execution vulnerabilities.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
02:26 MIN
Why developers make basic cybersecurity mistakes
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
06:10 MIN
Mitigating the security risks of AI-generated code
Developer Productivity Using AI Tools and Services - Ryan J Salva
07:10 MIN
Managing security risks of AI-assisted code generation
WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI
01:31 MIN
Key takeaways for building secure applications
Typed Security: Preventing Vulnerabilities By Design
03:27 MIN
Common security failures beyond individual coding errors
Maturity assessment for technicians or how I learned to love OWASP SAMM
05:37 MIN
Five common cybersecurity mistakes developers make
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
04:18 MIN
The security risks of AI-generated code
A hundred ways to wreck your AI - the (in)security of machine learning systems
01:51 MIN
Final advice on security and responsible AI usage
WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking
Dev Digest 138 - Are you secure about this?Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Chris Heilmann
Dev Digest 129 - Now that's what I call private data!News and ArticlesAfter declaring Google a monopoly there are now considerations to force it to break up - isn't that what the whole Alphabet thing was about? In the last act of Crowdstrike coverage here, they released a deep analysis of the outage th...
Chris Heilmann
Dev Digest 112 - The True Crime of AI DevelopmentIn last Friday's Dev Digest, we had some great AI news, some worrying security threats and a swipe-aware game in CSS with explanations! News and ArticlesLet's kick off with some AI news. Netflix caused a stir with AI-generated images in a true crime ...
Chris Heilmann
Dev Digest 116 - WWWAI?This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
From learning to earning
Jobs that call for the skills explored in this talk.
58:19
28:41
28:45
28:01
41:54
29:50
1:58:48
30:36
