Unraveling the Battle of the Cloud Titans – App Services vs. AKS vs. Container Apps

The cloud evolves faster than you can imagine, and choosing the right platform for deploying and managing applications can be a daunting task.

Let's shed light on the strengths and weaknesses of three popular Azure solutions: Azure App Services, Azure Kubernetes Service (AKS), and Azure Container Apps.
By delving into their unique features, performance characteristics, and scalability options, you will gain a comprehensive understanding of which solution best aligns with your application needs.

Preparing web applications for security assessments

At some point, you will have your web applications being submitted to a pen-test or security assessment, where a team of security engineers will poke your API and Web Apps to see if they can get different results than expected.

In this workshop, we're going to harden our API and Web application by addressing a lot of common risks:
- fingerprinting
- proper use of cookies
- adding several security-related HTTP headers
- checking our dependencies for vulnerabilities

We'll be using .NET mostly but the concepts will apply to Java, React, Angular and other frameworks as well.

Emulating a Game Boy in .NET 6

In 1989, Nintendo released their first handheld console with cartridges, the Game Boy, which sold over 100 million of units. This device has been the inspiration for game developers around the world to start creating games, and even today, games are still being created for the Game Boy, although not officially on cartridges.

Enter the world of emulation, where the Game Boy is now available as a .NET 6 project. Want to know more about how to emulate a CPU, graphical unit, hardware interrupts and more? Let's dive into C# code and dusty hardware manuals on this journey back to our favorite Italian plumber.

Don't Panic! Security's here to assess your project.

You and your team have been working on some web apps and APIs for a few sprints now, and you may or may not already have a version running in production, when out of the blue, the client announces that a security company will do an assessment of your project. If your initial reaction to this news is either being scared or concerned, you're probably right. And you should probably attend this session.

During this session, I'll explain what is typically going happen during a security assessment, and show you how to prepare before the assessment happens: with code to apply security headers or tighten down attack vectors, and with a threat model to quickly identify how fast a project gains vulnerabilities. Not to scare you even more, but help you get the overview and identify where you can easily perform some quick yet safe wins.

Building a feature-rich OpenID Connect Identity and Access Management Platform

Identity and access management (IAM in short) is critical to protecting confidential data and applications. With the increasing adoption of cloud-based applications, building a scalable and secure identity and access management platform is a must for organizations of all sizes.

In this session, you'll learn about the journey of building an advanced IAM platform based on Duende IdentityServer. We'll discuss the standard capabilities of IdentityServer and explore how we extended it with features such as multi-factor authentication, home realm discovery, and user impersonation. You'll also learn about the best practices for building a resilient and secure platform, including strategies for handling scale and redundancy.

Whether you're just starting out with OpenID Connect or you're looking to take your identity and access management platform to the next level, this session is for you.

This session is not a sales pitch for Duende IdentityServer, I will also briefly mention what other options we considered and why the decision was made to go for Duende's solution.

Safety first! Low-level C# without the unsafe keyword

For a side project, I converted DooM from C to C#. Having to deal with strange file types, alternative ways of (re)allocating memory, data structures being passed around as void* pointers and the likes, it's tempting to use unsafe code in C#. Turns out, that's not needed!

In this session, let's look at how C translates to modern C#, and how C# adds safeguards to avoid shooting yourself in the foot.