Rico Suter
@ricosuter.com
Microsoft MVP, independent Software Engineer / Architect focusing on .NET and Microsoft technologies, creator of NSwag, NJsonSchema & other OSS, http://apimundo.com
Reposted by Rico Suter
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Reposted by Rico Suter
itnext.io/how-i-almost...
One of the biggest threats to many companies today is supply chain attacks with software. We all depend on so many open source third-party tools as foundations to our products. Bad actors have figured out this is a soft target. An interesting read on this below. (1️⃣/3️⃣)
🧵
One of the biggest threats to many companies today is supply chain attacks with software. We all depend on so many open source third-party tools as foundations to our products. Bad actors have figured out this is a soft target. An interesting read on this below. (1️⃣/3️⃣)
🧵
How I Almost Got Pwned — A Tale of Supply Chain Attacks and GitHub Actions Gone Wrong
Or: “That time someone tried to turn my innocent Node.js repo into a credential-harvesting machine”
itnext.io
September 13, 2025 at 2:49 PM
itnext.io/how-i-almost...
One of the biggest threats to many companies today is supply chain attacks with software. We all depend on so many open source third-party tools as foundations to our products. Bad actors have figured out this is a soft target. An interesting read on this below. (1️⃣/3️⃣)
🧵
One of the biggest threats to many companies today is supply chain attacks with software. We all depend on so many open source third-party tools as foundations to our products. Bad actors have figured out this is a soft target. An interesting read on this below. (1️⃣/3️⃣)
🧵
Reposted by Rico Suter
I have been playing around with the new C# MCP SDK allowing you to easily create servers and clients in minutes.
It is fantastic!
github.com/modelcontext...
#mcp #mcpserver #csharp #dotnet
It is fantastic!
github.com/modelcontext...
#mcp #mcpserver #csharp #dotnet
GitHub - modelcontextprotocol/csharp-sdk: The official C# SDK for Model Context Protocol servers and clients, maintained by Microsoft
The official C# SDK for Model Context Protocol servers and clients, maintained by Microsoft - modelcontextprotocol/csharp-sdk
github.com
March 31, 2025 at 1:36 AM
I have been playing around with the new C# MCP SDK allowing you to easily create servers and clients in minutes.
It is fantastic!
github.com/modelcontext...
#mcp #mcpserver #csharp #dotnet
It is fantastic!
github.com/modelcontext...
#mcp #mcpserver #csharp #dotnet
NSwag v14.3.0, an OpenAPI toolchain for .NET, and NJsonSchema v11.2.0 have been released. The updates contain many improvements and fixes. Please update and report any problems.
- github.com/RicoSuter/NS...
- github.com/RicoSuter/NJ...
- github.com/RicoSuter/NS...
- github.com/RicoSuter/NJ...
March 30, 2025 at 2:58 PM
NSwag v14.3.0, an OpenAPI toolchain for .NET, and NJsonSchema v11.2.0 have been released. The updates contain many improvements and fixes. Please update and report any problems.
- github.com/RicoSuter/NS...
- github.com/RicoSuter/NJ...
- github.com/RicoSuter/NS...
- github.com/RicoSuter/NJ...
Reposted by Rico Suter
Well I think I've fully come around to the idea that LLMs are computers. So I wrote about that. I guess this is my most bombastic blog post www.phillipcarter.dev/posts/llms-c...
LLMs Are Weird Computers
A perspective on AI models as an inverted computing paradigm
www.phillipcarter.dev
March 3, 2025 at 4:58 PM
Well I think I've fully come around to the idea that LLMs are computers. So I wrote about that. I guess this is my most bombastic blog post www.phillipcarter.dev/posts/llms-c...
Reposted by Rico Suter
This is still one of my go-to ways to describe what programmers do. And yes, it is accurate.
January 31, 2025 at 6:57 AM
This is still one of my go-to ways to describe what programmers do. And yes, it is accurate.
Reposted by Rico Suter
Blogged: Understanding cross-origin security headers - Part 1 - Cross-Origin-Opener-Policy: preventing attacks from popups
andrewlock.net/understandin...
In this post I describe how to protect yourself from vulnerabilities in JS APIs with the Cross-Origin-Opener-Policy header
#aspnetcore #appsec
andrewlock.net/understandin...
In this post I describe how to protect yourself from vulnerabilities in JS APIs with the Cross-Origin-Opener-Policy header
#aspnetcore #appsec
Cross-Origin-Opener-Policy: preventing attacks from popups: Understanding cross-origin security headers - Part 1
In this post I describe the vulnerabilities in window.opener and window.open() and how to protect yourself with Cross-Origin-Opener-Policy
andrewlock.net
November 19, 2024 at 5:34 PM
Blogged: Understanding cross-origin security headers - Part 1 - Cross-Origin-Opener-Policy: preventing attacks from popups
andrewlock.net/understandin...
In this post I describe how to protect yourself from vulnerabilities in JS APIs with the Cross-Origin-Opener-Policy header
#aspnetcore #appsec
andrewlock.net/understandin...
In this post I describe how to protect yourself from vulnerabilities in JS APIs with the Cross-Origin-Opener-Policy header
#aspnetcore #appsec
NSwag v14.2.0 with .NET 9 support has been released!
#dotnet #nswag #dotnet9
github.com/RicoSuter/NS...
#dotnet #nswag #dotnet9
github.com/RicoSuter/NS...
GitHub - RicoSuter/NSwag: The Swagger/OpenAPI toolchain for .NET, ASP.NET Core and TypeScript.
The Swagger/OpenAPI toolchain for .NET, ASP.NET Core and TypeScript. - GitHub - RicoSuter/NSwag: The Swagger/OpenAPI toolchain for .NET, ASP.NET Core and TypeScript.
github.com
November 19, 2024 at 4:59 PM
NSwag v14.2.0 with .NET 9 support has been released!
#dotnet #nswag #dotnet9
github.com/RicoSuter/NS...
#dotnet #nswag #dotnet9
github.com/RicoSuter/NS...