Sebastian Leuer

Programming secure C#/.NET Applications: Dos & Don'ts

A user resets their password with an email containing a Kelvin symbol instead of a 'K'. This simple trick bypasses your security. Here's how to stop it.

Programming secure C#/.NET Applications: Dos & Don'ts
#1about 5 minutes

AI-generated code can introduce security risks

AI tools can generate insecure code by using deprecated APIs, introducing biases like modulo bias, or having incomplete logic, requiring a manual security review.

#2about 11 minutes

Handling character encoding to prevent spoofing attacks

Visually similar Unicode characters can be used to spoof identities in attacks, which can be mitigated by using ordinal string comparison instead of culture-invariant comparison.

#3about 12 minutes

Mitigating SQL, command, and path traversal injections

Untrusted user input can lead to various injection attacks, which are prevented by using parameterized SQL queries, the ArgumentList property for processes, and robust path validation.

#4about 4 minutes

Avoiding deserialization vulnerabilities in JSON and XML

Insecure default settings in parsers, like TypeNameHandling in Newtonsoft.Json or DTD processing in XML readers, can lead to remote code execution vulnerabilities.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Automating formal processes risks losing informal human value
03:48 MIN

Automating formal processes risks losing informal human value

What 2025 Taught Us: A Year-End Special with Hung Lee

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Proactively managing the risks of employee personal branding
03:14 MIN

Proactively managing the risks of employee personal branding

Leveraging Leaders’ Voices: The Business Power of Personal Branding

Understanding global differences in work culture and motivation
06:10 MIN

Understanding global differences in work culture and motivation

The Future of HR Lies in AND – Not in OR

Featured Partners

Related Videos

See all videos
Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

How your .NET software supply chain is open to attack : and how to fix it28:45

How your .NET software supply chain is open to attack : and how to fix it

Andrei Epure

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes28:01

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Tino Sokic

Software Security 101: Secure Coding Basics1:58:48

Software Security 101: Secure Coding Basics

Thomas Konrad

Hacking C# from the inside - how to do anything in NET41:54

Hacking C# from the inside - how to do anything in NET

Adam Furmanek

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

From learning to earning

Jobs that call for the skills explored in this talk.