Christian Wenz works as a consultant, trainer, and author with a focus on web technologies and is the author or co-author of over 100 computer books. He regularly contributes to various IT magazines and speaks at conferences around the globe. Christian holds a "Diplom" (the German equivalent of a master’s degree) in Computer Sciences, and one in Business Informatics. In his day job, he is one of the founders of the web agency Arrabiata Solutions (http://www.arrabiata.com/) with offices in Munich, Germany, and in London, UK. He also frequently works with development teams to make their applications better performing, more secure, and more reliable.
Topics of Discussion:
[2:51] Has Christian really written over 100 computer books? Christian talks about the books and the high points of technology that he has worked in.
[7:16] What is the OWASP (Open Web Application Security Project) Top 10 list?
[10:33] You always have to be aware that something may go wrong, and have a security mindset.
[12:05] Again and again, make sure that you understand the fundamentals of web app security, because eventually, you will make a mistake in your code.
[12:30] What is insecure design?
[13:43] Christian talks about the enumeration scheme CWE: common weakness enumeration, which basically assigns a number to each risk or attack.
[17:00] How should people be logging into their web sessions now with .NET7?
[18:31] The major mistake you can make these days is to write your own authentication mechanism.
[23:57] What is Christian’s favorite mechanism today for securing HTTP web services?
[31:05] What are some of the tools Christian always reaches for, and how do we differentiate between static auditing and dynamically auditing an application?
Mentioned in this Episode:
Programming with Palermo — New Video Podcast! Email us [email protected]work
Clear Measure, Inc. (Sponsor)
.NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon!
Jeffrey Palermo’s Twitter — Follow to stay informed about future events!
Architect Tips — Video podcast!
Configuring Code Scanning for a Repository
Want to Learn More?
Visit AzureDevOps.Show for show notes and additional episodes.