Posts tagged with

Security

Discuss advanced topics like claims transformation, custom authorization policies with requirements and handlers, and federated identity using OpenID Connect.

Explain how Cross-Origin Resource Sharing (CORS) works. Discuss how to configure named policies, middleware, and attributes for both permissive and restrictive scenarios.

Explain the concept of DevSecOps ('Shift Left'). Discuss how to integrate security scanning tools into a CI/CD pipeline, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency scanning.

Explain when it's appropriate to drop down to raw SQL or stored procedures with EF Core. Discuss the security implications (SQL injection) and how to prevent them.

Discuss how to prevent common vulnerabilities (e.g., SQL Injection, XSS, CSRF) within the ASP.NET Core framework.

Explain common schemes like JWT, OAuth 2.0, OpenID Connect, and Cookie-based authentication.

Discuss the Shared Responsibility Model. Explain how to secure a cloud environment using concepts like Identity and Access Management (IAM), network security groups, and secret management (e.g., Azure Key Vault, AWS Secrets Manager).