refactor: repo examples to neutral brand names

README.md

@@ -1,9 +1,14 @@
-# [dotnetconf 2023](https://dotnetconfspain.com/) - Desarrollo seguro para Muggles
+# Desarrollo seguro para Muggles
 
 
-This repository contains demos performed in the "Desarrollo seguro para Muggles" talk in the dotnet2023 tech conference.
+This repository contains demos performed in the "Desarrollo seguro para Muggles" talk.
+
+**Check out the official slides for:**
+
+1. dotnet2023 [Slides](./assets/dotNET2023_Desarrollo%20Seguro%20para%20Muggles.pdf).
+2. netcoreconf 
+
 
-**Check out the official [Slides](./assets/dotNET2023_Desarrollo%20Seguro%20para%20Muggles.pdf).**
 
 **Check out the site [devsec.fyi](https://book.devsec.fyi/) and [its repository](https://github.com/piraces/DevSecTricks) for more resources and info.**
 
@@ -123,9 +128,9 @@ This repository has been modified to **avoid to deploy extra unneeded resources
 
 3. Open an Azure Cloud shell in the portal (note: this needs an storage account, that you can create when initializing the shell the first time, which may incur in additional charges).
 
-4. Clone this repository in your shell: `git clone https://github.com/rpiraces-plain/dotnet2023`
+4. Clone this repository in your shell: `git clone https://github.com/rpiraces-plain/security-development-muggles.git`
 
-5. Get into the folder `./azure-goat` folder of this repository by executing `cd dotnet2023/azure-goat`.
+5. Get into the folder `./azure-goat` folder of this repository by executing `cd security-development-muggles/azure-goat`.
 
 6. Once in the folder, initialize the terraform state by executing `terraform init`.
 
@@ -166,7 +171,7 @@ From there, we can use the leaked credentials to access the Cosmos database and
 ### Detecting the vulnerability and attempting to stop it before reaching production
 
 Using static analysis tools, we can detect the vulnerability before deploying the application to production.
-In this case we have a [GitHub Action](https://github.com/rpiraces-plain/dotnet2023/actions/workflows/security_scan.yml) which runs the following tools:
+In this case we have a [GitHub Action](https://github.com/rpiraces-plain/security-development-muggles/actions/workflows/security_scan.yml) which runs the following tools:
 - [Trivy](https://aquasecurity.github.io/trivy): has multiple scanners that look for security issues, and targets where it can find those issues.
 - [TruffleHog](https://github.com/trufflesecurity/trufflehog): to find and verify credentials in this repo.
 - [tfsec](https://aquasecurity.github.io/tfsec): to find security issues in the terraform code.
@@ -217,9 +222,9 @@ Posts are kept stored in the DB with the original id, and the HashId is generate
 
 5. Create two Web Apps in the App Service Plan, try to give them different and coherent names to differentiate them.
 
-6. Clone this repository in your shell: `git clone https://github.com/rpiraces-plain/dotnet2023`
+6. Clone this repository in your shell: `git clone https://github.com/rpiraces-plain/security-development-muggles`
 
-7. Get into the folder `./broken-access-control` folder of this repository by executing `cd dotnet2023/broken-access-control`.
+7. Get into the folder `./broken-access-control` folder of this repository by executing `cd security-development-muggles/broken-access-control`.
 
 8. Open the main solution file `ProCodeGuide.Samples.BrokenAccessControl.sln` in Visual Studio (Rider or your IDE of preference).
 
@@ -379,9 +384,9 @@ _**Note:** the extension is build and zipped ready to use by the action availabl
 
 **Step by step:**
 
-1. Clone this repository in your shell: `git clone https://github.com/rpiraces-plain/dotnet2023`
+1. Clone this repository in your shell: `git clone https://github.com/rpiraces-plain/security-development-muggles`
 
-2. Get into the folder `./spy-extension` folder of this repository by executing `cd dotnet2023/spy-extension`.
+2. Get into the folder `./spy-extension` folder of this repository by executing `cd security-development-muggles/spy-extension`.
 
 3. Install the dependencies by executing `yarn` (ensure you have [Yarn 1.x](https://classic.yarnpkg.com/en/) installed).
 

cookies/Pages/CookiesGet.cshtml

@@ -3,7 +3,7 @@
 @{
     ViewData["Title"] = "Cookie Get";
     var browserAndTimeCookie = HttpContext.Request.Cookies["BrowserAndTime"];
-    var insecureCookie = HttpContext.Request.Cookies["Dotnet2023Key"];
+    var insecureCookie = HttpContext.Request.Cookies["Insec2023Key"];
 }
 
 <div class="text-center">

cookies/Pages/CookiesSet.cshtml.cs

@@ -28,7 +28,7 @@ public void OnGet()
                 HttpOnly = false,
                 SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None
             };
-            Response.Cookies.Append("Dotnet2023Key", "1234Qwert");
+            Response.Cookies.Append("Insec2023Key", "1234Qwert");
 
         }
     }

cookies/README.md

@@ -8,12 +8,12 @@ What do Secure, HttpOnly, Lax, Strict or None means in terms of cookies?
 2. Open the browser at this URL: [https://localhost:6001](https://localhost:6001)
 3. You have two main pages, the `Get Cookies` and the `Set Cookies`
 4. Start by going to the Set Cookies page, and then click the `Check the cookies!` link at the bottom.
-5. Open the dev tools from your browser and check the flags for these two cookies: Dotnet2023Key and BrowserAndTime
+5. Open the dev tools from your browser and check the flags for these two cookies: Insec2023Key and BrowserAndTime
    1. In Chrome, F12, "Application", "Cookies" and select the web page
-6. The Dotnet2023Key is unprotected, and represents a bad practice in development, saving a key or password as the value of the cookie.
+6. The Insec2023Key is unprotected, and represents a bad practice in development, saving a key or password as the value of the cookie.
 7. Try the dev-tool's console, and type `document.cookie`
 
-You should be seeing the Dotnet2023Key, that can be changed right from the console. Chose any new value, update it (document.cookie='') from the console and refresh the `Get Cookies` page. Hacked!
+You should be seeing the Insec2023Key, that can be changed right from the console. Chose any new value, update it (document.cookie='') from the console and refresh the `Get Cookies` page. Hacked!
 
 We were able to to modify its value because of the configuration we set to these cookies. Now we are going to see how to protect them.
 

csp/Pages/CSP.cshtml

@@ -5,7 +5,7 @@
     <h1 class="display-4">Content Security Policy</h1>
     <div class="mt-5 mb-5">
         <!--Inline styles-->
-        <img src="https://dotnetconfspain.com/wp-content/webp-express/webp-images/uploads/2023/04/dotnet23-info.png.webp"
+        <img src="https://cdn.plainconcepts.com/wp-content/uploads/2021/10/Robot-Spot-Boston-Dynamics-1-680x440.jpg"
              class="img-fluid"
              style="max-width:300px; max-height:300px;">
     </div>

csp/Pages/CSP.cshtml.cs

@@ -14,11 +14,11 @@ public CSPModel(ILogger<CSPModel> logger)
 
         public void OnGet()
         {
-            // 1º Iteration: Collect endpoint and all blocked
+            // 1º Iteration: Collect endpoint and all blocked
             var cspHeader = "default-src 'self'; report-uri /collect";
 
             //var cspHeader = "default-src 'self'; " +
-            //    "img-src 'self' https://dotnetconfspain.com/wp-content/webp-express/webp-images/uploads/2023/04/; " +
+            //    "img-src 'self' https://cdn.plainconcepts.com/wp-content/uploads/2021/10/; " +
             //    "style-src 'self' https://cdn.jsdelivr.net 'unsafe-hashes' " + // Inline style hashes
             //    "'sha256-yckz1zrIL2HgQwm7x1ins99s5jndZE3XnmgOAkJvDOg=' " +
             //    "'sha256-cr42sjoWSSOFzzQSZXmLpq70OHNKYvOVmFo9ESrqcH0=' " +

csrf/README.md

@@ -28,4 +28,4 @@ Start by checking these two files:
 4. The attack shouldn't work now, we are safer than at the beginning!
 
 
-But what if we want to protect every controller from our server instead? We can do that by  adding the code we have in the lines 25-29 in the `Program.cs`.
+But what if we want to protect every controller from our server instead? We can do that by adding the code we have in the lines 25-29 in the `Program.cs`.

csrf/wwwroot/csrf_form.html

@@ -9,7 +9,7 @@
     <script src='js/site.js'></script>
 </head>
 <body>
-    <h1>Hey Dotnet!</h1>
+    <h1>Hey Folks!</h1>
     <input type="button" value="Hacked!">
     <form action="https://localhost:6001/Home/AddToList" 
           method="post"

hashes/readme.md

@@ -9,7 +9,7 @@ Finally, in order to test this code, we will be using Jupyter Notebooks with Doc
 ## Setup
 
 ### Google Colab
-Just open the following URL, trust the code and start running: [https://colab.research.google.com/github/rpiraces-plain/dotnet2023/blob/main/hashes/src/Hashes_salt.ipynb](https://colab.research.google.com/github/rpiraces-plain/dotnet2023/blob/main/hashes/src/Hashes_salt.ipynb)
+Just open the following URL, trust the code and start running: [https://colab.research.google.com/github/rpiraces-plain/security-development-muggles/blob/main/hashes/src/Hashes_salt.ipynb](https://colab.research.google.com/github/rpiraces-plain/security-development-muggles/blob/main/hashes/src/Hashes_salt.ipynb)
 
 ### Locally