Understanding the worst .NET vulnerability ever

#581 – November 02, 2025

Microsoft found a serious security flaw in ASP.NET Core

Understanding the worst .NET vulnerability ever
25 minutes by Andrew Lock

Microsoft found a serious security flaw in ASP.NET Core with a 9.9 out of 10 severity score. Andrew explains how request smuggling vulnerabilities work in general, how it works in this case, what attackers could use it for, how the vulnerability was fixed and what you can do to protect yourself.

Build your next app on HubSpot with the flexibility of an all-new Developer Platform
sponsored by HubSpot

The HubSpot Developer Platform gives you the tools to build, extend, and scale with confidence. Create AI-ready apps, integrations, and workflows faster with a unified platform designed to grow alongside your business.

Exploring dynamic LINQ and C# eval expression
10 minutes by Aram Tchekrekjian

Aram teaches about two great and powerful libraries for dynamic processing of LINQ queries as well as executing, compiling, and running C# code at runtime: Dynamic LINQ and C# Eval Expression Libraries. He dives deep into each of these libraries, with an introduction, use cases, how to use, and some practical examples that help in better exploring their capabilities.

Strategic pagination patterns for .NET APIs
12 minutes by Roxeem

Roxeem walks you through six common pagination strategies: offset-based, cursor-based, keyset-based, page-based, time-based, and hybrid approaches. For each, he explains how it works, shows you C# examples, and highlights the advantages and disadvantages. Along the way, he uses diagrams and analogies to make the concepts stick.

Integration testing with Testcontainers
20 minutes by Jimmy Kurian

Testcontainers can simplify integration testing by spinning up real services in Docker containers on-demand. Jimmy starts with a quick intro to what Testcontainers is and why it’s useful, then shows an example focused on Azure Cosmos DB.

The evolution of .NET dependency resolution
6 minutes by Ricardo Peres

Ricardo traces the evolution of dependency resolution mechanisms in Microsoft’s .NET ecosystem, from the early days of the IServiceProvider interface to the unified and extensible dependency injection (DI) model in modern .NET. He highlights how different frameworks—ASP.NET MVC, Web API, SignalR, and Entity Framework—each introduced their own variations of dependency resolution APIs, often with overlapping but incompatible approaches.

And the most popular article from the last issue was:

newsletters