Tag: Security

Create pfx certificate file for Azure Web Apps from Cloudflare origin cert using openssl

Every time I create a new project using Azure Web Apps or even IIS and I need to add a pfx file for end to end https, Cloudflare gives you a private key and certificate but you can't use those directly with Azure Web Apps and I keep forgetting how to do this exactly so as I do sometimes I'm going to post the steps so that it's helpful to others as well as future me.

 
The importance of regression testing and real world security consequences

Organizations often put a lot of effort around testing their products, they'll put tons of effort in unit testing, integration testing across their UI and API layers but sometimes have a strategy of covering everything. This doesn't always add value to their pipelines because the metric that is being chased is not value which agreeably is a hard thing to measure but rather it's a coverage metric.

To start with I don't know if testing strategy is what was happening for TicTocTrack but is something that is definitely highlighted as something that would have been valuable for them. A security vulnerability discovered around a year ago from a fellow MVP and security expert Troy Hunt was patched and then earlier this year I re-discovered it

 
Setting up 2 factor authentication and email verification with .net core 2.0

Today I played with a new .net core template just to see what the authentication options were out the box and was surprised to see just how easy it is to go from nothing to having a base project that has authentication fully baked in with 2 factor authentication and email verification.

 
Connecting agents to TFS using integrated security on http from external domain

If you have TFS on the domain but you are trying to connect agents to it from outside the domain and TFS is not running on https then this post is for you.