Preview Mode Links will not work in preview mode

Azure DevOps Podcast

Message from Jeffrey Palermo: Howdy.  Welcome to my podcast.  I hope it helps you ship software more quickly and more reliably. Through the topics and guests, I hope your life is made easier. Let me know what topics would be helpful for you.

Podcast sponsor: Clear Measure We are a software architecture company that empowers our client's development teams to be self-sufficient: moving fast, delivering quality, and running their systems with confidence.

Feb 20, 2023

Christian Wenz works as a consultant, trainer, and author with a focus on web technologies and is the author or co-author of over 100 computer books. He regularly contributes to various IT magazines and speaks at conferences around the globe. Christian holds a "Diplom" (the German equivalent of a master’s degree) in Computer Sciences, and one in Business Informatics. In his day job, he is one of the founders of the web agency Arrabiata Solutions ( with offices in Munich, Germany, and in London, UK. He also frequently works with development teams to make their applications better performing, more secure, and more reliable.


Topics of Discussion:

[2:51] Has Christian really written over 100 computer books? Christian talks about the books and the high points of technology that he has worked in.

[7:16] What is the OWASP (Open Web Application Security Project) Top 10 list?

[10:33] You always have to be aware that something may go wrong, and have a security mindset.

[12:05] Again and again, make sure that you understand the fundamentals of web app security, because eventually, you will make a mistake in your code.

[12:30] What is insecure design?

[13:43] Christian talks about the enumeration scheme CWE: common weakness enumeration, which basically assigns a number to each risk or attack.

[17:00] How should people be logging into their web sessions now with .NET7?

[18:31] The major mistake you can make these days is to write your own authentication mechanism.

[23:57] What is Christian’s favorite mechanism today for securing HTTP web services?

[31:05] What are some of the tools Christian always reaches for, and how do we differentiate between static auditing and dynamically auditing an application?


Mentioned in this Episode:

Clear Measure Way

Architect Forum

Software Engineer Forum

Programming with Palermo — New Video Podcast! Email us

Clear Measure, Inc. (Sponsor)

.NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon!

Jeffrey Palermo’s Twitter — Follow to stay informed about future events!

Architect Tips — Video podcast!

Azure DevOps

Christian Microsoft Profile

ASP.NET Core Security

Christian’s Books on Amazon


Identity Server


Security Code Scan

Configuring Code Scanning for a Repository


Want to Learn More?

Visit AzureDevOps.Show for show notes and additional episodes.