The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "If your app has a backend, it's Aspire-able. And so it's tools, templates, and packages for really any type of app… So just being able to walk up to a repo, clone it, and hit F5. When was the last time we were able to do that? Like, ten years ago, maybe?"— Maddy Montaquila Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, we talk with Maddy Montaquila about .NET Aspire, what it is, how it's not just for .NET developers, and how it can help you to run a repo by simply hitting F5, regardless of what's in there. "To me, it really is just a dev tool in a bunch of different ways. It makes you just hit F5 again, no matter how many containers, or local, or deployed services you have to deal with, or projects, or languages, or if you're in VS, or VS Code, or on a Mac, or on a command line, or on a Linux machine. Like Aspire just makes all that magical without replatforming"— Maddy Montaquila Along the way, we also talk about the importance of reducing the complexity of going from, "I have an idea," to, "my app is running in the cloud." And Maddy drops a wonderful metaphor for .NET Aspire using a Logo-based metaphor. And we address the community invented elephant in the room: that .NET Aspire, somehow, locks you into using one vendor. Spoiler alert: it can deploy to any cloud vendor, and even to on-prem servers. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/net-aspire-how-maddy-montaquila-and-the-net-team-are-revolutionizing-development/ Maddy's Links: Maddy on Bluesky Other Links: CNCF OpenTelemetry Helm Codespaces Podman Devcontainers Vim GDB FreeBSD Jail .NET Aspire Community Toolkit CORS MCP Phi-4 Four stages of competence dot.net Cloud features of .NET Customer Stories: customers.microsoft.com dot.net/customers Ollama Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

DotConnect and Entity Developer dotConnect and Entity Developer boost .NET development with high-performance ADO .NET providers and visual ORM builder. Try a 30-day free trial now! Show Notes "I remember I had the entire life cycle of the web forms printed on a wall. It was like six sheets of paper and it was very complex, and it was very useful to have it on the wall because, like, you could always look at it and say, "okay, this is going on before this one." So you have to like switch the order of things. But that's exactly what I call interesting"— Tomáš Herceg Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, we talk with Tomáš Herceg about strategies for modernizing .NET Framework web applications such that they leverage the very latest in the .NET stack. Tomáš shares his insights from the journey of upgrading his own applications and those of his clients, both of which provided the background for his new book: "Modernizing .NET Web Applications". "The biggest problem of the YARP migrations: that they will force you to do a lot of infrastructure things at the beginning before you even start migrating some real functionality."— Tomáš Herceg Along the way, we discuss how using his DotVVM project can help with the migration. Not only is the upgrade path for DotVVM projects a process of swapping a NuGet package, but is also keeps the upgrade as a single in-memory process—something that YARP-based migrations aren't able to do. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/dotnet-web-app-modernization-made-easy-with-tomas-hercegs-new-book-and-dotvvm/ Links: DotVVM DotVVM.Owin DotVVM.AspNetCore Yarp Strangler Fig Pattern Modernizing .NET Web Applications Gauss Curve (aka Normal distribution) Tomáš on LinkedIn Model-view-ViewModel Supporting the show: dotConnect 30 day trial Entity Developer 30 day trial Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "When you program for the NES you deeply need to understand the hardware, right. And that's not a thing; like as a .NET developer you don't really know what a register is, or like or a bus, or like NES has a thing called a PPU"— Jonathan Peppers Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Jonathan Peppers joins us to talk about something which is a little out of the ordinary for us here: programming the Nintendo Entertainment System but in C#. We talk about the process behind his (some would say absurd) idea for an AOT transpiler which can convert a subset of C# over to the Assembler required to write and publish a NES game. "So you think about that example, what I described there on the NES side is actually very similar to what's on the IL side, is that in IL, you have a string, right? It goes and looks up in a string table, the contents of the string, and puts it on a stack, and then it calls vram_write, and then it's the runtimes job to actually like make that happen at runtime; or in the case of an AOT compiler it would emit, you know, native machine code that does the same thing."— Jonathan Peppers Along the way, we talk about that Ahead-of-Time compilation is, have a brief intro to what IL is (that's what your C# code is compiled to before running it), and how all of that fits in with .NES—the wonderful name for Jon's AOT NES compiler. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/jonathan-peppers-unleashes-code-chaos-how-dotnet-meets-the-nes/ Links: Native AOT Development System.Reflection.Metadata 8bitworkshop.com neslib BinaryWriter Retron5 Flight68k .NES on GitHub .NES Discord Server Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So on my side it was actually, the interesting experience was that I kind of used it one way, because it was mainly about reading the Python code, the JavaScript code, and, let’s say like, the Go implementations, trying to understand what are the concepts, what are the ways about how it has been implemented by the different teams. And then, you know, switching mentally into the other direction of writing than the code in C#."— Jochen Kirstaetter Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, Jochen Kirstaetter joined us to talk about his .NET SDK for interacting with Google’s Gemini suite of LLMs. Jochen tells us that he started his journey by looking at the existing .NET SDK, which didn’t seem right to him, and wrote his own using the HttpClient and HttpClientFactory classes and REST. "I provide a test project with a lot of tests. And when you look at the simplest one, is that you get your instance of the Generative AI type, which you pass in either your API key, if you want to use it against Google AI, or you pass in your project ID and location if you want to use it against Vertex AI. Then you specify which model that you like to use, and you specify the prompt, and the method that you call is then GenerateContent and you get the response back. So effectively with four lines of code you have a full integration of Gemini into your .NET application."— Jochen Kirstaetter Along the way, we discuss the fact that Jochen had to look into the Python, JavaScript, and even Go SDKs to get a better understanding of how his .NET SDK should work. We discuss the “Pythonistic .NET” and “.NETy Python” code that developers can accidentally end up writing, if they’re not careful when moving from .NET to Python and back. And we also talk about Jochen’s use of tests as documentation for his SDK. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/google-gemini-in-net-the-ultimate-guide-with-jochen-kirstaetter/ Jason's Links: JoKi's MVP Profile JoKi's Google Developer Expert Profile JoKi's website Other Links: Generative AI for .NET Developers with Amit Bahree curl Noda Time with Jon Skeet Google Cloud samples repo on GitHub Google's Gemini SDK for Python Google's Gemini SDK for JavaScript Google's Gemini SDK for Go Vertex AI JoKi's base NuGet package: Mscc.GenerativeAI JoKi's NuGet package: Mscc.GenerativeAI.Google System.Text.Json gcloud CLI .NET Preprocessor directives .NET Target Framework Monikers QUIC protocol IAsyncEnumerable Microsoft.Extensions.AI Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So I've been focused on the code to cloud journey, I like to call it, for the template. And two years ago, my goal was to provide a solution that could take you from code to cloud in 45 minutes or less. So I wanted it to be "file new project" to deploy a solution on Azure—because that's where my main focus is—within 45 minutes."— Jason Taylor Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Jason Taylor (no relation) joined us to talk about his journey from Classic ASP to .NET and Azure. He also discusses clean architecture’s maintainability, and his open-source Clean Architecture Solution template for ASP .NET Core, along with strategies for learning new frameworks and dealing with complexity. "Right now the template supports PostgreSQL, SQLite, and SQL Server. If you want to support MySQL, it's relatively easy to do because there's already a Bicep module or a Terraform module that you can go in and use it. So I went from 45 minutes to now I can get things up and running in like, I don't know, two minutes of effort and 15 minutes of waiting around while I make my coffee"— Jason Taylor Along the way, we talk about some of the complexities involved with creating a template which supports multiple different frontend technologies and .NET Aspire (which was news to me when we recorded), all the while maintaining the goal of being the simplest approach for enterprise development with Clean Architecture. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/from-code-to-cloud-in-15-minutes-jason-taylors-expert-insights-and-the-clean-architecture-template/ Jason's Links: Jason's Clean Architecture repo on GitHub Jason's Northwind Traders with Clean Architecture repo on Github Connect with Jason Jason's RapidBlazor repo on GitHub Other Links: C# DevKit for Visual Studio Code Code, Coffee, and Clever Debugging: Leslie Richardson's Microsoft Journey and the C# Dev Kit in Visual Studio Code with Leslie Richardson dotnet scaffold devcontainers .NET Aspire Azure Developer CLI GitHub CLI Obsidian Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

Show Notes "If you talk to people that have been doing Terraform for many years, they're going to tell you that, "Terraform is the law and Terraform is the way to go." But like you said, there's different tools, I would say, or languages that you can use for infrastructure as code. And it really depends what you want to do, what your developers are used to or are comfortable with and what works with your organization as it should be with any tool in software development. You got to grab the one or use the one that is more appropriate for your use case, your scenario, your organization"— Sam Gomez Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Sam Gomez joined us to talk about Infrastructure as Code, why you might want to think about using something like Terraform and Bicep, and how they can help you to automate your deployments to the public cloud. Sam also talks about best practises for CI/CD and ways to test your Infrastructure as Code ahead of running it--something that we've all felt the pain of in the past, I'm sure. "Terraform has what's called validation for your parameters. So like I said, you can set up a validation that says, "the only values for the SKU for a SQL server are basic," for example. And if somebody tries to give a different value to that particular parameter, it'll stop automatically and say, "okay, this validation has failed. You know, the value allowed is this one." You can do the same thing with Bicep. So that's another added layer of protection against making these kind of mistakes and adding or configuring the wrong values in your deployments"— Sam Gomez Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Podcasthon 2025! One last thing before we start the episode: we're super happy to participate in the 3rd edition of Podcasthon For one week, more than a thousand podcasts will highlight a charity of their choice. And today, I have the pleasure of welcoming Andy's Man Club to the show. Throughout this episode, I'll interrupt the conversation a few times to talk about the importance of mental fitness. The reason that I've picked Andy's Man Club is because mental health support is very important to me. I've used their groups for almost two years and have had the honour of being asked to step up and help run one of those groups. If you'll forgive the name for now, Andy's Man Club is a UK-based charity which organises weekly, informal, peer-to-peer talking groups for anyone over the age of 18 who identifies as male. I'll talk more about Andy's Man Club later in the episode. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/deploying-with-confidence-sam-gomez-on-terraform-bicep-and-infrastructure-as-code/ Music Used In This Episode This contains some copyright free music during the interstitials. Each of the pieces of music (linked below) were created by YouTube user HoobeZa, and we thank them for making their work free to use. If you liked the music we used, check out links to the pieces below: "Lounge" "Mellow" "Golden" "Release" Podcasthon 2025 This episode of the podcast contains support for both Podcasthon, Andy's Man Club, and Capes on the Couch. Please feel free to check out both projects at the links below. Podcasthon! Andy's Man Club Capes on the Couch And please remember to check in on your own mental fitness from time to time. Useful Links Sam on LinkedIn Dad's in Tech The bus factor Terraform Registry Azure Verified Modules Bicep for VS Code Terraform extension for VS Code Terraform CNCF Hashicorp Developer Website Sam's MVP profile Sam on X Sam on BlueSky Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "And I think this is really the key factor in software development. I think it's really to keep complexity low, because in most projects, unless you are writing an operating system, a framework or rocket navigation you are not coding against hardware; like the hardware is not your bottleneck. You are coding against human brains, cognitive abilities of your team; like how many smart people your company is able to put on your team, this is your limiting factor so we need to keep complexity low and I think it's really the most important benefit."— Gael Fraiteur Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Gael Fraiteur joined us to talk about Metaprogramming with Metalama. Gael is the original author of the wildly successful PostSharp and has been working with the aspect-oriented programming pattern for over 20 years. In this conversation we talk about how metaprogramming (regardless of whether you use Metalama to achieve that or not) can save on both the complexity and the number lines of code in your projects. "Well, there are studies that try to correlate the cost of software projects to the number of lines of code. And the conclusion is: it is more or less a linear dependency. A bit super linear. That means that if you have 15% fewer lines of code, you are going to get 15% lower development cost. So that's the easiest part"— Gael Fraiteur Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/metaprogramming-with-gael-fraiteur/ Gael's Links: Gael on LinkedIn PostSharp on LinkedIn Metalama: Metalama homepage Documentation Marketplace GitHub Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "I always believe, and this is taking my kind of Microsoft hat off, and I'm sharing my personal view here. I definitely believe regardless of the public cloud provider in question, they're all part of a bigger ecosystem. And I emphasize the word ecosystem. I believe security as, you know, a problem statement of our time, it's just so complex that it really can't be solved by a single company or by a single organization or a single individual. You really need to see like collaboration and cooperation taking place across different sectors, across different public cloud providers."— Bojan Magušić Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Bojan Magušić joined us to talk about both his new book "Azure Security" but also his work as part of the security team at Azure and his top tips for protecting your digital landscape (aka your apps and services) on the public cloud. Not only did Bojan and I talk about the security aspects of protecting your public cloud digital landscape, but we also talked about how all the public cloud providers actually work together to ensure that everyone is protected from CVEs and exploits when they are discovered. An application of the Infinite Game, if you will—if you're not sure what that is, we cover that in the episode, too. "So instead of at times you know thinking of it as a zero-sum game, I definitely believe there is opportunity to kind of expand the ecosystem and partner in meaningful ways where we can share information and share insights and guidance and even skill sets that are going to make us all as an industry and, you know, as clients more secure."— Bojan Magušić Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-infinite-game-meets-azure-security-with-bojan-magusic/ Useful Links Bojan on LinkedIn Azure Security OWASP ZAP—now owned by Checkmarx Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "This should be a mantra for anyone working on web applications or web APIs: you should validate any input of the application as much as possible. When you conceptualize it, all the malicious input into your application comes across in an HTTP request at some point. It's either in the URL or in the body. That's generally speaking, unless you have a supply chain attack, that's generally the vector by which your application will be attacked. Before you even start to kind of think about specific vulnerabilities, if you narrow down what is permissible input right out of the gate, then you kind of close the door on so many different vulnerabilities without even thinking about it."— Malcolm McDonald Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Malcolm McDonald joined us to talk about the importance of Application Security, knowing the basics of secure coding, and backing that all up with both "secure by default" designs, and subscribing to CVE notifications. "So what you find in your career is that if you set down kind of sensible default behaviour in your codebase earlier on, then everyone will follow that. You establish, kind of, best practices. It might take a little bit longer, but if you say, "this is the way we do this over here," then even yourself when you, kind of, come back to, will kind of, reproduce that path. So the initial, kind of, like first few check-ins to your source control are key to, like, establishing best practice"— Malcolm McDonald One note before we begin: some of Malcolm's audio is a little rough. Mark, our superstar editor, has done what he can, but there are parts that might be a little unclear. If you have trouble with the audio, please remember that there is a full transcription linked in the accompanying show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/grokking-application-security-malcolm-mcdonald-on-securing-your-apps/ Useful Links Malcolm on LinkedIn Grokking Application Security Hacksplaining Hash function Don't Accept The Defaults Bcrypt Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

Tanya Janca, an application security expert and author of 'Alice and Bob Learn Application Security,' discusses the alarming trend of teaching insecure coding practices right from the 'Hello, World' program. She emphasizes the importance of secure coding throughout the development lifecycle and shares insights on tool selection and fostering a culture of security awareness. Tanya also highlights key strategies to prevent vulnerabilities and the necessity of aligning security needs with development teams, ensuring safer coding practices in today's tech landscape.