Skip to content

Blog

  • in Security
  • 1 min read

Azure DevOps and Linux Pipelines: How to Keep Your Password Secure

A few months ago, my co-worker Lukas run into a problem when he wanted to deploy code with pipelines in Azure DevOps. As a final step, he needed to restart the web server. That is no problem in an interactive session on the machine itself, you just add sudo in front of the command and enter your password. Doing this as part of a pipeline is not a great idea – you would need to write down your password and put it into Azure DevOps.

Legacy Code Rocks!

It is the time of the year where most new year's resolutions are already forgotten. Should you still want to learn new things I have a great podcast for your. It is not about the shiny new frameworks, instead it will help you to improve your existing applications.

The podcast Legacy Code Rocks! hosted by Andrea Goulet and M. Scott Ford is my favourite one. They know what they are talking about and find guests that have interesting insights to share. I am constantly surprised how much I can learn from every episode and how much of those things can be applied 1:1 to my applications – and that by just spending between 30 and 45 minutes per episode.

  • in Meta
  • 3 min read

Goodbye 2019, Welcome 2020

2019 was a year full of challenges and I am happy that it is over. I use the time between the holidays to recharge my batteries so that I will be ready to tackle the changes that 2020 will bring.

  • in Security
  • 2 min read

How to Remove the OPTIONS Method in IIS 8.5

Most security scanners detect the activated OPTIONS method of HTTP/S and report them as a potential problem. This method can help an attacker to find out about your server configuration and offer a shortcut to other vulnerabilities. However, there are valid use cases to use the OPTIONS method, like for REST APIs or CORS. If you need the OPTIONS method for those use cases, you need to keep it active and should document their usage in your architecture documentation.

How to Test Your Internal Classes in C

One of the most important concepts of object-oriented design is encapsulation. You try to hide all the internal things of a class from the other developers and only offer them a subset of functionality to use. You can achieve this by setting an appropriate access modifier for your methods and classes:

  • public: The type or member can be accessed by any other code in the same assembly or another assembly that references it.
  • private: The type or member can be accessed only by code in the same class or struct.
  • protected: The type or member can be accessed only by code in the same class, or in a class that is derived from that class.
  • internal: The type or member can be accessed by any code in the same assembly, but not from another assembly.
  • protected internal: The type or member can be accessed by any code in the assembly in which it is declared, or from within a derived class in another assembly. (as in protected OR internal)
  • private protected: The type or member can be accessed only within its declaring assembly, by code in the same class or in a type that is derived from that class. (as in private OR protected)

How Far Behind Are Your Dependencies?

The world keeps turning and when you do not actively spend time to update the dependencies of your projects, you will fall behind. First one minor version, then another and before you know, there are a few new major versions released and your project is full of security risks.

We all know that his happens and even when we try to keep everything up to date, sooner or later we fall behind. We cannot give up, then that makes it even worse. There is only one way forward: Update your projects. But where should we start? And how bad is it now?