Browse Security Blogs (17)

In this workshop summary, DevClass.com reviews Martin Fowler’s event marking 25 years since the Agile Manifesto, highlighting the growing impact of AI on coding, the renewed importance of TDD, and security risks in software development.

John Edward details modern SharePoint architecture for scalable intranets in 2026, focusing on technical practices, security, integration, and governance for Microsoft 365 professionals.

Tim D'haeyer draws on both personal experience and technical depth to guide developers through safely handling special characters in user input, emphasizing SQL injection prevention and robust DevOps practices.

Tim Anderson outlines the Kubernetes committees' warnings and technical reasons for the urgent migration from Ingress NGINX, detailing project deprecation, security issues, and community response.

DevClass.com explores how attackers exploit VS Code's tasks.json files to deploy malicious code, emphasizing security risks, protections, and best practices for developers.

Tim Anderson highlights how attackers weaponize VS Code's tasks.json configuration to execute malicious code, detailing the risks for developers and the security implications.

John Edward presents a clear and practical walkthrough for IT administrators and technical leads on managing external sharing in Microsoft 365, with a strong emphasis on balancing collaboration and security.

Tim Anderson reports on Tenzai's research led by Ori David, highlighting how applications built with 'vibe coding' using AI agents like Claude and Codex tend to be insecure due to common flaws and overlooked best practices.

DevClass.com analyzes security flaws in applications generated by AI coding agents, as reported by researcher Ori David. The article highlights common vulnerabilities in 'vibe-coded' apps—where AI handles most programming—and discusses why manual code review remains critical.

Tim Anderson delivers a detailed analysis of Azure Artifact Signing, Microsoft's new service to streamline and secure code signing for Windows applications, addressing modern security requirements and developer workflows.

DevClass.com provides a technical overview of Microsoft's Azure Artifact Signing, detailing how it improves code signing for Windows apps. The article highlights new workflows, security enhancements, and developer-centric deployment options.

Steve Gordon explains how to use System.Text.Json's TypeInfoResolver modifier for property-level encryption in C#, outlining a practical approach to securing sensitive data that paves the way for future integration with Azure Key Vault.

Jesse Houwing addresses a visibility gap in GitHub Actions security when actions are pinned by SHA. The post details a workflow extension ensuring vulnerabilities are properly surfaced in the Dependency Graph and by Dependabot.

John Edward offers a straightforward walkthrough of using Sensitivity Labels in Microsoft Teams to secure conversations and files, detailing practical steps for administrators and team owners.

Jeff Burt reports on the discovery of two malicious VS Code extensions targeting developers, detailing how these plugins exploited developer environments and posed significant software supply chain security risks.

John Edward outlines a practical guide to setting up and securing Remote Desktop on Windows 11, showing users how to enable connections, troubleshoot issues, add users, and protect access.

Thomas Maurer breaks down the agentic approach to cloud migration using Azure Migrate and platform landing zones, providing practical insights for secure, consistent, and scalable Azure deployments.