Welcome to the second part on Dependency-Check. Please make sure that you have read part one and got a working suppression file. Otherwise, you will get a lot of vulnerabilities reported in SonarQube. In this post, I use Visual Studio Team Services (VSTS) for my build pipeline. You can use different services to reach the …
The Open Web Application Security Project (OWASP) may be best known for its top 10 list of the most critical web application security risks. However, the project not only talks about problems; they offer a wide range of documentation to fix those problems (like the .NET Security Cheat Sheet) and publish tools like the OWASP …
This year I did not just attend NDC Oslo, I got the chance to contribute as a speaker to this great conference. That shift of perspective made me much more appreciative of the hard work that goes into a talk and how much it takes to stand in front of such a great and welcoming …
No week passes by without a big announcement of stolen account data. Usernames with their corresponding passwords and email addresses are “lost” on a regular basis. This is not only a problem of small sites: LinkedIn, Adobe and MySpace alone add up to more than 600 Million leaked accounts. Given the fact that passwords are …
The constant demand to create an account with every web site or app is annoying. As if this is not bad enough, it also puts your data at risk. You use your email everywhere, even when you only need this free WiFi for an hour or two. The data remains on the site and as …
The 10th edition of the NDC (Norwegian Developers Conference) in Oslo was the best I ever attended. Kjersti and her team made everyone welcome and created a friendly and familiarly atmosphere. This is no easy task, especially not with 2000 attendees. But even at this size you always felt a personal touch and if you …
There are so many podcasts for developers that it is hard to keep up. In the last few months I spent a lot of time listening to podcasts and found 3 that I must share with you. Legacy Code Rocks My favourite podcast so far is Legacy Code Rocks hosted by Andrea Goulet and Scott …
Google Chrome lets you save your passwords in its password store. While this is a convenient function, it may not be the most trustworthy one. If you trust Google and only use one computer, this may be fine. However, should you try to move your passwords into a service like 1Password, Last Pass or the …
The network attached storage appliances from Synology, called DiskStation, are great backup devices. They come in various sizes and don’t need much maintenance. The only thing that is a bit annoying is the password prompt whenever I use rsync to backup my files. With public key authentication over SSH that problem can be solved without …
HTTPS for web applications is soon no longer an option, but a must-have. When you develop your application on your local machine, you may want to use a self-signet certificate. They cost you nothing and tools like Visual Studio create them on the first run in IIS Express. Everything would be great if current web …