Troy Hunt on Changing Password Behaviors Have I Been Pwned's Troy Hunt discusses how to handle breached authentication data and credentials, credential stuffing, and biometrics.
ASP.NET Core In Process Hosting on IIS with ASP.NET Core In version 2.2 ASP.NET Core adds support for direct in-process hosting which improves throughput considerably using an easy mechanism that allows switching between in-process and out-of-process hosting. In this post I describe how to use in process hostin...
nccgroup/dotnetpefuzzing Tiny .NET PE Fuzzing Harness - Proof of Concept. Contribute to nccgroup/dotnetpefuzzing development by creating an account on GitHub.
Non Obvious PE Parsers – the .NET runtime – Part 1 The Windows program loader isn’t the only PE parser in Windows. The .NET runtime has its own used for loading modules as well. We can find yester years code for on the Internet for the implementation which shows some interesting defensive properties. Exam...
Add support for X509 client certificate "authentication" · Issue #4663 · dotnet/aspnetcore It's important for a number of enterprise and financial API / OAuth scenarios. @blowdart already has 85% of it done - please include that in ASP.NET itself.
Languages & Runtime: .NET Community Standup - April 11, 2019 Join members from the .NET teams for our community standup covering great community contributions for Framework, .NET Core, Languages, CLI, MSBuild, and more.
French officials call Project Gutenberg archive, 15 million ebooks, Grateful Dead recordings and Prelinger Archive "terrorism," demands removal from Internet Archive In the past week, the French government’s L’Office Central de Lutte contre la Criminalité liée aux Technologies de l’Information et de la Communication (OCLCTIC) have sent 500 “terroris…
Using strongly-typed entity IDs to avoid primitive obsession (Part 2) In this post I continue looking at using strongly-typed IDs to solve common bugs, and provide converters to make them easier to use with ASP.NET Core.
[WIP] Fast codegen-free field access by GrabYourPitchforks · Pull Request #23783 · dotnet/coreclr Contributes to https://github.com/dotnet/corefx/issues/24390. This is only a proof of concept to solicit discussion. This is an experimental FieldAccessor type which provides read+write access to a...
Algebraic laws for new typeclasses by gvolpe · Pull Request #2 · gvolpe/classy-optics ... that justify the derivation of ApplicativeAsk for Task given TaskR[R, A] and a way to obtain R. /cc @jdegoes
Upgrading to MySQL 8.0 : Default Authentication Plugin Considerations If you are upgrading your server to MySQL 8.0 and observe that your application is experiencing error related caching_sha2_password plugin, it is likely because your clients/connectors does not (ye…
Using strongly-typed entity IDs to avoid primitive obsession (Part 1) In this post I show a common case where primitive GUIDs are used for entity IDs, the issues it can cause, and a possible solution using strongly-typed IDs.
Tickets - NDC Security Australia 2019 NDC Security Australia 2019 is a 3 day event with workshops 29-30 April followed by a 1 day conference on 1 May.