In this article we’re going to go through some security best practices around the technologies that I’ve used over the years I’ve been working as a software developer. I’m going delve into multiple security topics related to different technology, but I’ll try to keep it in checklist format and short for it to be easier …
Security
Duende Identity Server: Risks of Sharing Clients and Tokens
In the past, I leveraged the open-source Identity Server version 4 (Read about my experience with it here). But recently, Identity Server has become proprietary, offering price plans that are not always seen as favorable. Especially if a company wants to support on premise instances of the app as opposed to SAAS. That means a …
How to use ConfigBuilders for User Secrets Management in Asp.Net MVC 5
When it comes to storing our app secrets, Asp.Net Core has a built-in mechanism to do that out of the box. But this is not the case for Asp.Net MVC 5. For MVC 5, we need to install custom configBuilders packages in order to be able to have the same functionality. There are many other …
Application Secret Management: How to Implement a Good Secret Management Strategy
Sometimes bad things just happen, or perhaps they happen because of our neglect. Bad things like committing an application secret into our repository. The problem with doing that is that if that happens, deleting the secret and committing will not suffice. We need to purge that commit completely from our repository and its history. But …