Security in ASP.NET Core with Barry Dorrans
How does security work in ASP.NET Core? Barry Dorrans knows, he's writing it! While at NDC Oslo, Carl and Richard sat down with Barry to talk about all his work in the security space at Microsoft. As Barry says, .NET Core represented a unique opportunity to reboot how security works on the web for the Microsoft stack, and he tried to do right by us all. Nothing is ever simple as you want it to be, especially when it comes to security, but there are good things available today if you spend some time to understand them. And a little scotch doesn't hurt either!
Guests:
Barry Dorrans
Barry Dorrans has been "playing" with computers since the days of the "dead flesh" keyboard on the ZX Spectrum. Graduating to .NET via RPG, QuickBasic, C, C++ and VB his time has been spent in various markets from banking through telecoms and even parts of the record industry. He specialises in .NET and Microsoft Technologies looking at "whatever takes his fancy" and running with it to see where it goes, with a passion for sharing the knowledge gathered during each of his code expeditions. He is now the .NET Security PM at Microsoft.
Links:
- WebPack https://webpack.js.org
- OpenID Connect http://openid.net/connect/
- Have I Been Pwned? https://haveibeenpwned.com/
- IdentityServer http://identityserver.io/
- Windows Identity Foundation https://docs.microsoft.com/en-us/dotnet/framework/security/index
- ASP.NET Core Security https://docs.microsoft.com/en-us/aspnet/core/security/
- Barry's GitHub https://github.com/blowdart
- OWASP Top Ten https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- CanSecWest Vancouver https://cansecwest.com/
- Google Project Zero https://googleprojectzero.blogspot.com
- Microsoft Bounty Programs https://technet.microsoft.com/en-us/library/dn425036.aspx
- netsec on reddit https://www.reddit.com/r/netsec/