Banner-2.png

.NETConf 2019

Treasure Hunt Challenge

Treasure Hunt: Which of the following two code sets contains a vulnerability? Whisper your answer to the Twitch Chat Bot for a chance to win Apple AirPods from Contrast Security!

Don’t forget to scroll below to enter another chance to win Apple AirPods from Contrast Security!

Code A

[HttpGet]
public IActionResult
UploadAccountData (string xml)
{
var settings=new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Parse,
XmlResolver = new XmlUrlResolver()
};
using (var stringReader = new StringReader(xml))
using (XmlReader reader = XmlReader.Create(stringReader, settings))
{
var doc = XDocument.Load(reader);
var accountsWithBalances = doc.XPathSelectElements("organization/accounts/").Where(n => n.Attribute("balance")?.Value != "0");
AddToProcessingQueue(accountsWithBalances);
}
return Ok();
}

Code B

public IActionResult
UploadAccountData (string xml)
{
var settings = new XmlReaderSettings();
using (var stringReader = new StringReader(xml))
using (XmlReader reader = XmlReader.Create(stringReader, settings))
{
var doc = XDocument.Load(reader);
var accountsWithBalances = doc.XPathSelectElements("organization/accounts/").Where(n => n.Attribute("balance")?.Value != "0");
AddToProcessingQueue(accountsWithBalances);
}
return Ok();
}
06 01

Development Teams

Are you tired of spending time on vulnerabilities like the one above? Welcome to the era of self-protecting software with Contrast Security. We are the only company that has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

Our goal is to break the cycle of ‘vulnerable software’, and for application security to be accessible to all. That’s why we’ve released Contrast Security Community Edition in Java and .NET Core, as a completely free, full-strength, DevSecOps solution that allows development, security and operations team to deliver secure software on time to meet growing business requirements. Learn more about our new .NET Core Community Edition by filing out the form below.

  • Shows you how to fix security flaws right in your IDE
  • Can fail a build when security doesn’t measure up
  • Stops hackers from breaching applications.
  • Delivers software security for the Agile & DevOps world
  • Integrates into SDLC processes from development through CI/CD
  • Does not require developers to have security expertise or change the way they work today.

Development Teams

  • Shows you how to fix security flaws right in your IDE
  • Can fail a build when security doesn’t measure up
  • Stops hackers from breaching applications.
  • Delivers software security for the Agile & DevOps world
  • Integrates into SDLC processes from development through CI/CD
  • Does not require developers to have security expertise or change the way they work today.
icon

Secure software against the most common
security flaws.

Are you tired of spending time on vulnerabilities like the one above? Welcome to the era of self-protecting software with Contrast Security. We are the only company that has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

Our goal is to break the cycle of ‘vulnerable software’, and for application security to be accessible to all. That’s why we’ve released Contrast Security Community Edition in Java and .NET Core, as a completely free, full-strength, DevSecOps solution that allows development, security and operations team to deliver secure software on time to meet growing business requirements. Learn more about our new .NET Core Community Edition by filing out the form below.

Get Started with Contrast Community Edition...

1. Sign up for a Free account

2. Add the Contrast agent to your app

3. Secure your software!

Fill out the form to enter our raffle and register now to get Zero-day attack protection and OWASP Top 10 Coverage in a platform that integrates with IDEs, CI/CD tools and more!

Looking for more information? Explore our Contrast Community Edition page to learn more.
© 2020 Contrast Security. All Rights Reserved. Privacy Matters
240 3rd Street, Los Altos, CA 94022 888.371.1333