OWASP Top 10 Series: Broken Access Control - Part 2

This is the second in a series of blog posts about the OWASP Top 10. You can find the OWASP Top 10 List here . This is part 2 on the topic of Broken Access Control . Today we’re taking a look at access control vulnerabilities at the data model layer. In this post, I’m using “data model” to describe the part of the system in the application layer that talks to the database—what you might think of as the “M” in MVC.

Read full post

Viewing Environment Variables in VS Code: Pay attention to the Terminal Type

Here’s a quick tip based on a recent mistake I made while trying to view an environment variable in the VS Code Terminal.

Read full post

Top 10 Software Development Skills for 2025

This is my list of the top 10 software development skills for 2025. The list is based mostly on my own experience. Both skills that I see and work with on a daily basis, as well as trends I see emerging in the industry. Being a software developer requires a lifelong learning mindset. (side note: I’m planning a follow up post on what I think are the best qualities of a software developer.

Read full post

OWASP Top 10 Series: Broken Access Control - Part 1

This is the first in a series of blog posts about the OWASP Top 10. I’m writing this both as a learning tool for myself and to help others who are exploring secure coding practices in .NET. It’s always a good idea to keep security top of mind when developing software. So, I decided to write a series on the OWASP Top 10 security vulnerabilities. You can find the OWASP Top 10 List here .

Read full post

Performance: Eliminating Nested Loops for Data Lookups

Data lookups can often cause a common performance problem to be introduced into code. In this post, we’ll look at an example of that problem and one possible solution. For this example, we’ll be using a C# console application that reads from the country table of the MySql sakila sample database. However, the refactoring solution presented is language and database agnostic. This solution is only meant to demonstrate a common problem with nested loops.

Read full post

Querying Large RDBMS Tables With Only a Primary Key

Including the primary key in the SQL query when no other index exists on the target table can drastically reduce the amount of database resources it takes to find the data you are looking for. This can prevent performance degradation for other users by keeping the queries running quickly and efficiently. It can also help you find the data you are looking for much more quickly. You may just need to do a little bit of work to figure out how to find the correct key values that equate to the data you are searching for.

Read full post

There is always a trade off

One thing that I have learned in 25 years of experience working in software development is that there is always a trade-off for any decision. Do you need to make an algorithm highly performant? Then you may need to make some sacrifices in maintainability and readability. Do you need to make the architecture of a software system extremely flexible and resilient to change? Then you may need to make the architecture more complex.

Read full post