Sebastian Leuer

Programming secure C#/.NET Applications: Dos & Don'ts

A user resets their password with an email containing a Kelvin symbol instead of a 'K'. This simple trick bypasses your security. Here's how to stop it.

Programming secure C#/.NET Applications: Dos & Don'ts
#1about 5 minutes

AI-generated code can introduce security risks

AI tools can generate insecure code by using deprecated APIs, introducing biases like modulo bias, or having incomplete logic, requiring a manual security review.

#2about 11 minutes

Handling character encoding to prevent spoofing attacks

Visually similar Unicode characters can be used to spoof identities in attacks, which can be mitigated by using ordinal string comparison instead of culture-invariant comparison.

#3about 12 minutes

Mitigating SQL, command, and path traversal injections

Untrusted user input can lead to various injection attacks, which are prevented by using parameterized SQL queries, the ArgumentList property for processes, and robust path validation.

#4about 4 minutes

Avoiding deserialization vulnerabilities in JSON and XML

Insecure default settings in parsers, like TypeNameHandling in Newtonsoft.Json or DTD processing in XML readers, can lead to remote code execution vulnerabilities.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Mitigating the security risks of AI-generated code
06:10 MIN

Mitigating the security risks of AI-generated code

Developer Productivity Using AI Tools and Services - Ryan J Salva

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Managing security risks of AI-assisted code generation
07:10 MIN

Managing security risks of AI-assisted code generation

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Key takeaways for building secure applications
01:31 MIN

Key takeaways for building secure applications

Typed Security: Preventing Vulnerabilities By Design

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Common security failures beyond individual coding errors
03:27 MIN

Common security failures beyond individual coding errors

Maturity assessment for technicians or how I learned to love OWASP SAMM

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Five common cybersecurity mistakes developers make
05:37 MIN

Five common cybersecurity mistakes developers make

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The security risks of AI-generated code
04:18 MIN

The security risks of AI-generated code

A hundred ways to wreck your AI - the (in)security of machine learning systems

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Final advice on security and responsible AI usage
01:51 MIN

Final advice on security and responsible AI usage

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

How your .NET software supply chain is open to attack : and how to fix it28:45

How your .NET software supply chain is open to attack : and how to fix it

Andrei Epure

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes28:01

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Tino Sokic

Hacking C# from the inside - how to do anything in NET41:54

Hacking C# from the inside - how to do anything in NET

Adam Furmanek

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Software Security 101: Secure Coding Basics1:58:48

Software Security 101: Secure Coding Basics

Thomas Konrad

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers30:36

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 129 - Now that's what I call private data!
News and ArticlesAfter declaring Google a monopoly there are now considerations to force it to break up - isn't that what the whole Alphabet thing was about? In the last act of Crowdstrike coverage here, they released a deep analysis of the outage th...
Dev Digest 129 - Now that's what I call private data!
CH
Chris Heilmann
Dev Digest 112 - The True Crime of AI Development
In last Friday's Dev Digest, we had some great AI news, some worrying security threats and a swipe-aware game in CSS with explanations! News and ArticlesLet's kick off with some AI news. Netflix caused a stir with AI-generated images in a true crime ...
Dev Digest 112 - The True Crime of AI Development
CH
Chris Heilmann
Dev Digest 116 - WWWAI?
This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
Dev Digest 116 - WWWAI?

From learning to earning

Jobs that call for the skills explored in this talk.