[ADCES] Mock the Wire & How your .NET software supply chain is open to attack

Details

Presentation 1 : Mock the Wire, with WireMock.NET: Simplifying API Testing in .NET
Presenter : Cosmin Vladutu, https://www.linkedin.com/in/cosmin-vladutu/
Description : WireMock.NET offers an easy and flexible way to mock external dependencies, making API testing in .NET more reliable and efficient. It bridges the gap between integration and contract testing, allowing developers to validate service interactions without relying on real external services.

This presentation is based on a real-world experience—how our project evolved before and after introducing WireMock.NET, and the challenges that led us to explore this solution.

We’ll also take a brief look at alternative tools and collaborate on building a pros-and-cons list based on our collective experiences.

Whether working with microservices, serverless architectures, or legacy web APIs, WireMock.NET helps simplify and improve testing strategies.

Presentation 2: How your .NET software supply chain is open to attack : and how to fix it
Presenter : Andrei Epure, https://andreiepure.ro/
Description : Software supply chain attacks can be catastrophic. For instance, the 2020 SolarWinds hack was considered an attack against the entire government and private sector of the United States of America.

Security researchers have shown that all significant package managers are vulnerable to supply chain attacks like typosquatting and dependency confusion. NuGet is vulnerable by design in its default configuration.

First, you will see how typosquatting and dependency confusion attacks can compromise .NET supply chains that rely on the default NuGet configuration. Second, I will show how you can secure your NuGet configuration to thwart evil hackers.

This talk will assume attendees have some basic knowledge of NuGet and MSBuild.