End to end security of a web application

Using SonarCloud with ASP.NET Core, Angular and github actions

Webinar:

https://www.youtube.com/watch?v=6cdV-oN_Yao

Setup and docs

https://github.com/damienbod/bff-aspnetcore-angular

Webinar Agenda

• Application setup development/production
  • ASP.NET Core/Angular
  • Secrets
• Authentication
  • OpenID Connect Code flow confidential client
  • PKCE
• Microsoft Entra ID
  • Microsoft.Identity.Web
  • Microsoft Graph 5 for profile data
  • Profile data in UI (UserController)
• Session protection
• CI/CD
  • build
  • deployment
• CI/CD Quality (SonarCloud)
  • quality (SonarCloud and github actions)
  • Analysis for different technical stacks (.csproj)
  • sonar badges, build badges

Other topics

• What's missing for a productive setup?
  • infrastructure automation (terraform/biceps)
  • authorization
  • data requirements

Angular nx Updates

nx migrate latest

nx migrate --run-migrations=migrations.json

History

• 2024-10-06 Updated Angular 18.2.7, Updated security headers

Links

https://docs.sonarsource.com/sonarcloud/getting-started/github/

https://github.com/rufer7/github-sonarcloud-integration

https://blog.rufer.be/2023/10/06/howto-integrate-sonarcloud-analysis-in-an-azure-devops-yaml-pipeline/

https://community.sonarsource.com/t/code-coverage-report-for-net-not-working-on-linux-agent/62087

https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-for-net/#analyzing-languages-other-than-c-and-vb

https://andreiepure.ro/2023/08/20/analyze-web-files-with-s4net.html

https://github.com/damienbod/bff-aspnetcore-angular

https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405