Sergey Vasiliev articles - 23 total
Examining suspicious code fragments in AWS SDK for .NET
Today we are dissecting AWS SDK for .NET. We will look at suspicious code fragments, figure out...
XSS vulnerability in the ASP.NET application: CVE-2023-24322 in mojoPortal CMS
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Let's...
Do developers dream of secure apps?
Do developers care about code security? This question, I believe, is still open to debate. I wrote...
Converting string to enum at the cost of 50 GB: CVE-2020-36620
In this article, we're going to discuss the CVE-2020-36620 vulnerability and see how a NuGet package...
SAST: how code analysis tools look for security flaws
Here we'll discuss how SAST solutions find security flaws. I'll tell you about different and...
C++ — programming language of the year 2022. What about other languages?
Overtaking Python, C++ became the TIOBE's language of 2022. It outscored Rust, C#, Go and others by...
.NET 7: suspicious places and errors in the source code
.NET 7 has been released! It's time for us to dig into its source code and start looking for errors...
Sorting in C#: OrderBy.OrderBy or OrderBy.ThenBy? What's more effective and why?
Suppose we need to sort the collection by multiple keys. In C#, we can do this with the help of...
Why use static analysis? Exploring an error from Akka.NET
Use static analysis regularly, not just before releases... The earlier you find errors, the...
SAST in Secure SDLC: 3 reasons to integrate it in a DevSecOps pipeline
Vulnerabilities produce enormous reputational and financial risks. That's why many companies are...
Suspicious sortings in Unity, ASP.NET Core, and more
Some believe that experienced developers do not make silly errors. Comparison errors? Dereferencing...
Why does my app send network requests when I open an SVG file?
You decided to make an app that works with SVG. Encouraged by the enthusiasm, you collected libraries...
Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice
How can simple XML files processing turn into a security weakness? How can a blog deployed on your...
The most interesting C# / .NET blogs and websites
Let's take a look at the list of information sources that can be useful for the C# / .NET developers....
What's new in PVS-Studio in 2021?
2021 is coming to an end, which means it's time to sum up the year! Today we'll tell you about the...
Errors and suspicious code fragments in .NET 6 sources
The .NET 6 turned out to be much-awaited and major release. If you write for .NET, you could hardly...
A variety of errors in C# code by the example of CMS DotNetNuke: 40 questions about the quality
Today, we discuss C# code quality and a variety of errors by the example of CMS DotNetNuke. We're...
All hail bug reports: how we reduced the analysis time of the user’s project from 80 to 4 hours
People often see work in support as something negative. Today we'll look at it from a different...
How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it
In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also...
Optimization of .NET applications: a big result of small edits
Today we're going to discuss how small optimizations in the right places of the application can...
Enums in C#: Hidden Pitfalls
C# has low barriers to entry and forgives a lot. Seriously, you may not understand how things work...
The ?. Operator in foreach Will Not Protect From NullReferenceException
Do you like the ?. operator? Well, who doesn't? Many people like these concise null checks. However...
OWASP, Vulnerabilities, and Taint Analysis in PVS-Studio for C#. Stir, but Don't Shake
We continue to develop PVS-Studio as a SAST solution. Thus, one of our major goals is expanding OWASP...