(Online) Reducing Third-Party Security Risk in .NET Core Apps (Niels Tanis)

Title:
Reducing Third-Party Security Risk in .NET Core Applications

Abstract:
When developing a .NET Core application a large portion of the application itself consists of external 3rd party dependencies which can be fetched from a package repository like Microsoft's NuGet.
How do those opensource projects/dependencies deal with security problems? We do need to keep an eye on security updates done in order to not introduce any unnecessary security risks into our application but will that be sufficient?
Finding and resolving security issues can take a lot of time and what about a compromised package in which a contributor has added functionality which has got malicious intent?
There is definitely a away we can improve the above and do a better job! In this session we'll take a look at e.g. compartmentalization and API review/reduction of those dependencies in order to reduce the risk profile of our developed .NET Core Applications.

Bio:
Niels Tanis - Security Researcher at Veracode
Niels Tanis has got a background in .NET development, pentesting and security consultancy. He also holds the CSSLP certification and has been involved in breaking, defending and building secure applications. He joined Veracode in 2015 and right now he works as a security researcher on a variant of languages and technologies related to Veracode’s Binary Static Analysis service. He is married, father of two and lives in a small village just outside Amersfoort, The Netherlands.

This will be an online meeting only. The meeting link will be available after RSVP.