RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "This should be a mantra for anyone working on web applications or web APIs: you should validate any input of the application as much as possible. When you conceptualize it, all the malicious input into your application comes across in an HTTP request at some point. It's either in the URL or in the body. That's generally speaking, unless you have a supply chain attack, that's generally the vector by which your application will be attacked. Before you even start to kind of think about specific vulnerabilities, if you narrow down what is permissible input right out of the gate, then you kind of close the door on so many different vulnerabilities without even thinking about it."— Malcolm McDonald Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Malcolm McDonald joined us to talk about the importance of Application Security, knowing the basics of secure coding, and backing that all up with both "secure by default" designs, and subscribing to CVE notifications. "So what you find in your career is that if you set down kind of sensible default behaviour in your codebase earlier on, then everyone will follow that. You establish, kind of, best practices. It might take a little bit longer, but if you say, "this is the way we do this over here," then even yourself when you, kind of, come back to, will kind of, reproduce that path. So the initial, kind of, like first few check-ins to your source control are key to, like, establishing best practice"— Malcolm McDonald One note before we begin: some of Malcolm's audio is a little rough. Mark, our superstar editor, has done what he can, but there are parts that might be a little unclear. If you have trouble with the audio, please remember that there is a full transcription linked in the accompanying show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/grokking-application-security-malcolm-mcdonald-on-securing-your-apps/ Useful Links Malcolm on LinkedIn Grokking Application Security Hacksplaining Hash function Don't Accept The Defaults Bcrypt Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro. In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers. "There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/ Tanya's Previous Appearances: Episode 77 - Application Security with Tanya Janca Episode 105 - More Application Securuty with Tanya Janca Useful Links Tanya's books Tanya's newsletter Hello, World Don't Accept The Defaults Semgrep Okta Pushing Left, Like a Boss: Part 1 Owasp DAST (Dynamic Application Security Testing) SAST (Static Application Security Testing) Semgrep Academy (previously known as WeHackPurple Academy) Application Security Foundations Level 1 Owasp Juice Shop OwaspHeaders.Core Owasp Top Ten Content-Security-Policy Trusted Types Jason Haddix Retrieval-Augmented Generation (aka RAG) Posting Malicious Code as an Answer Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So we're dealing with code bases that are getting bigger and bigger every day. You know, those million line code bases, two million line code bases is not unusual. We are being pushed to do more. I remember when I was working at Microsoft a couple of years ago, Satya Nadella, CEO, his favourite phrase was, "you have to do more with less." But yeah, so Satya was big on this idea of do more with less. And this has kind of resonated across the industry as a whole."— Jim Bennett Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Jim Bennett returns to the show after a six-year absence. In his previous appearance, Jim introduced us to Xamarin, but in the time since that appearance, Xamarin has been sunsetted. So it felt natural to start our conversation about the wonderful outpouring of support over on X with the hashtag #XamarinGaveMe. The main topic of conversation is about Generative AI, Large Language Models, and how the new startup, Pieces, can help developers to keep the context of what they are working on at the front of their mind at all times; both when they are online and off. "If I said to you, "which character from the Pixar movie Up are you?" The answer is going to be, "Doug," we're all Doug. We're all like, "squirrel!" So if we have to go from our IDE to a browser to ask a question, we're reading email on the way. We are looking at chat tools on the way. Oh, we're in a browser. "Oh, I've got a notification on Blue Sky. I'm going to have a look at that." We are context switching. We are distracted. We are drinking coffee. We are losing our productivity"— Jim Bennett Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/unlocking-the-power-of-ai-jim-bennett-on-pieces-for-developers Jim's Links: Jim's linked on Link Tree Pieces Pieces Discord #XamarinGaveMe Xamarin in Action (AKA Jim's book on Xamarin) Jamie's Public NuGet Packages: OwaspHeaders.Core ClackMiddleware OnionArch.Mvc Useful Links Generative AI for .NET Developers with Amit Bahree Ollama OpenVino LLMs Mentioned: Llama Microsoft Phi Mistral Qwen-2.5 which Jamie mis-names as Quon. Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

Scott Harden, a neuroscientist and dentist turned tech expert, dives into the world of NuGet packaging. He explains the fundamentals of creating packages and introduces tools like NuGet Package Explorer. Scott shares his unique career transition, emphasizing the value of NuGet packages in .NET development. The conversation also highlights debugging best practices with SNUPKG files and the design impact of adding icons to packages. Lastly, he advocates for open-source contributions, urging listeners to engage with the tech community.

In this engaging discussion, Scott Harden, a neuroscientist and dentist turned software developer, shares his journey from healthcare to the open-source world. He dives into the complexities of licensing, monetization challenges, and the importance of digital legacies. Scott highlights personal experiences with NuGet packages and the necessity of clear agreements in open-source projects. He also reflects on the supportive community backing that sustains ad-free projects and the emotional impact of small gestures of support from users.

Scott Harden, a neuroscientist and dentist, dives into the spirit of open source, sharing insights from his journey in tech. He discusses his popular library, ScottPlot, which surprisingly gained a million and a half installs. Scott highlights how open source fosters skill development and emphasizes the importance of community engagement. He reflects on the challenges of maintaining open source projects, including mental health concerns, and illustrates the power of collaboration in addressing personal and communal coding challenges.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So part of what Resilient Programming is about and what the framework does is that it kind of like tries to provide a nice abstraction, a developer-friendly abstraction for implementing distributed systems."— Thomas Sylvest Welcome friends to The Modern .NET Show; the premier .NET podcast, focussing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Thomas Sylvest joined us to talk about both Resilient Programming and Cleipnir .NET - a framework that Thomas worked on to implement the concepts of Resilient Programming in .NET applications. Cleipnir, and Resilient Programming, are fantastic for supporting message-driven architectures; whether you've built a monolith, series of microservices, or anything in between. "But the idea is the same, kind of like that you try and remember the result of actions that you've done in a way that if you then start again, you won't... you kind of like you'll check in your little notebook if you already performed this action. If you did then you'll just return the result of the previous execution. If you look in your in your notebook and you can see, 'okay actually I haven't done this before' you will then perform the action"— Thomas Sylvest Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/cleipnir-and-beyond-on-resilient-development-practices-with-thomas-sylvest/ Useful Links Paxos Raft Polly .NET Hangfire Quartz Inbox and outbox pattern Idempotence Azure Durable Functions Mass Transit Rebus NServiceBus Thomas on LinkedIn Microsoft Open: Introduction to Cleipnir.Flows a tool to get resilient code Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

Metalama This episode of The Modern .NET Show is supported, in part, by Metalama, reduce your boilerplate code by up to 15% with Metalama's C#-to-C# template engine and reduce your code complexity today! Show Notes "Like the whole point is to learn a system of thinking, like to learn how to analyze; how to, like, pick out what's happening and identify your problem, and then to implement a solution that fits your needs."— Harrison Ferrone Welcome friends to The Modern .NET Show; the premier .NET podcast, focussing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Harrison Ferrone joined us to talk about his journey from being an English major to a self-taught programmer and instructional author focused on accessible tech education. Harrison also talks about his book, "Learning Design Patterns with Unity," which is designed as a practical guide for game development using well-known patterns while emphasizing the importance of quick wins in learning. "Like we do so much work in the later parts of each chapter with like pattern variations and customisations, because I want readers and students and learners to like, look at it, look at the first, you know, 70% and be like, "oh, but what, oh, oh, we're going to talk about what ifs. Fantastic. Cause I have a lot of what ifs.""— Harrison Ferrone Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-art-of-teaching-programming-using-unity-an-interview-with-harrison-ferrone/ Useful Links Learning Design Patterns with Unity Design Patterns (AKA "The Gang of Four") Game Programming Patterns by Robert Nystrom KonMari method Thinking in Systems by Donella Meadows Chaos Monkey Atomic Habits by James Clear Rosetta Stone Unity Learn Explore the Unity Editor - Unity Learn GitHub repo for the book Harrison on LinkedIn Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

In this discussion, Erik Jensen, a Microsoft MVP and maintainer of EF Core Power Tools, shares insights on streamlining database development. He highlights how EF Core Power Tools simplifies reverse engineering existing databases and empowers developers to manage database schemas with ease. Jensen emphasizes the importance of user-friendly interfaces and effective error reporting. He also touches on collaboration in open-source projects and the integration of static analysis tools that help enhance code quality and maintain schema integrity.

Adrian Mouat, a technical community advocate at Chainguard and author specializing in secure container images, dives into the evolving landscape of container security. He discusses the Docker init command, which simplifies project setup with best-practice Dockerfiles. Adrian emphasizes the importance of multilayered security strategies and the role of Software Bills of Materials (SBOM) for compliance. He also highlights how attestation can verify software integrity, shedding light on securing development pipelines and managing vulnerabilities effectively.