Wesley Cabus

Wesley Cabus

Coding Architect, Coffee Enthusiast

Antwerpen, Belgium

Wesley is a Coding Architect at Xpirit in Belgium, where he helps organizations to build better applications, helps teams to improve their skills and organizes workshops to share his knowledge.

He's also a Microsoft Azure MVP, crew member at Techorama, board member of the VISUG meetup in Belgium and speaker at conferences and meetups.


Area of Expertise

  • Information & Communications Technology


  • .NET
  • .NET Backend
  • .net core
  • .NET Patterns & Practices
  • ASP .NET Core
  • Angular
  • Application Security
  • OAuth2
  • OpenID Connect

Preparing web applications for security assessments

At some point, you will have your web applications being submitted to a pen-test or security assessment, where a team of security engineers will poke your API and Web Apps to see if they can get different results than expected.

In this workshop, we're going to harden our API and Web application by addressing a lot of common risks:
- fingerprinting
- proper use of cookies
- adding several security-related HTTP headers
- checking our dependencies for vulnerabilities

We'll be using .NET mostly but the concepts will apply to Java, React, Angular and other frameworks as well.

Emulating a Game Boy in .NET 6

In 1989, Nintendo released their first handheld console with cartridges, the Game Boy, which sold over 100 million of units. This device has been the inspiration for game developers around the world to start creating games, and even today, games are still being created for the Game Boy, although not officially on cartridges.

Enter the world of emulation, where the Game Boy is now available as a .NET 6 project. Want to know more about how to emulate a CPU, graphical unit, hardware interrupts and more? Let's dive into C# code and dusty hardware manuals on this journey back to our favorite Italian plumber.

Don't Panic! Security's here to assess your project.

You and your team have been working on some web apps and APIs for a few sprints now, and you may or may not already have a version running in production, when out of the blue, the client announces that a security company will do an assessment of your project. If your initial reaction to this news is either being scared or concerned, you're probably right. And you should probably attend this session.

During this session, I'll explain what is typically going happen during a security assessment, and show you how to prepare before the assessment happens: with code to apply security headers or tighten down attack vectors, and with a threat model to quickly identify how fast a project gains vulnerabilities. Not to scare you even more, but help you get the overview and identify where you can easily perform some quick yet safe wins.

Beyond the basics: Building a feature-rich OpenID Connect Identity and Access Management Platform

In today's world, identity and access management (IAM in short) is critical to protecting confidential data and applications. With the increasing adoption of cloud-based applications, building a scalable and secure identity and access management platform is a must for organizations of all sizes.

In this session, you'll learn about the journey of building an advanced IAM platform based on Duende IdentityServer. We'll discuss the standard capabilities of IdentityServer and explore how we extended it with features such as multi-factor authentication, home realm discovery, and user impersonation. You'll also learn about the best practices for building a resilient and secure platform, including strategies for handling scale and redundancy.

Whether you're just starting out with OpenID Connect or you're looking to take your identity and access management platform to the next level, this session is for you.

This session is not a sales pitch for Duende IdentityServer, I will also briefly mention what other options we considered and why the decision was made to go for Duende's solution. I might include live coding in this session, but that will depend on my timing.

Safety first! Low-level C# without the unsafe keyword

For a side project, I converted DooM from C to C#. Having to deal with strange file types, alternative ways of (re)allocating memory, data structures being passed around as void* pointers and the likes, it's tempting to use unsafe code in C#. Turns out, that's not needed!

In this session, let's look at how C translates to modern C#, and how C# adds safeguards to avoid shooting yourself in the foot.

CloudBrew 2023 - A two-day Microsoft Azure event Upcoming

December 2023 Mechelen, Belgium

.NET Developer Conference '23 Upcoming

November 2023 Köln, Germany

Update Conference Prague 2023 Upcoming

November 2023 Prague, Czechia

Swetugg Gothenburg 2023 Upcoming

October 2023 Göteborg, Sweden

WeAreDevelopers World Congress 2023

July 2023 Berlin, Germany

Developer Week '23

June 2023 Nürnberg, Germany

NDC London 2023

January 2023 London, United Kingdom

VisugXL 2022

October 2022 Hasselt, Belgium

.NET DeveloperDays 2022

October 2022 Warsaw, Poland

Techorama Netherlands 2022

October 2022 Utrecht, Netherlands

Techorama 2022 BE

May 2022 Antwerpen, Belgium

DevSum 2022

May 2022 Stockholm, Sweden

VisugXL 2021

November 2021 Brussels, Belgium


December 2020

NDC Sydney 2019

October 2019 Sydney, Australia

Microsoft Techdays 2019

February 2019 Helsinki, Finland

Wesley Cabus

Coding Architect, Coffee Enthusiast

Antwerpen, Belgium