Source code samples for "Defence in Depth" articles and presentations.
This is an accompanying implementation of a secure REST API in .NET 10 that follows the series of articles found at:
https://securityblog.omegapoint.se
An article that covers these concepts exactly can be found at:
https://securityblog.omegapoint.se/en/secure-apis-by-design
https://securityblog.omegapoint.se/en/test-driven-appsec
Presentation of this material can be found at YouTube:
https://youtu.be/V-SgiA-D9r0 (NDC Security 2023, demos in .NET)
https://youtu.be/6dgwzjuWhl0 (Jfokus 2025, demos in Java)
Java repo at https://github.com/Omegapoint/defence-in-depth-java
The approach follows that of the book "Secure by Design":
https://www.manning.com/books/secure-by-design
The repo also contains a token service for demo and education purposes built with Duende Identity Server:
https://github.com/DuendeSoftware/IdentityServer
This repo contains instructions for reviewing the security posture, both using GitHub Pull Request review agents and from the prompt.
Agent instructions can be added in many ways, this is just a POC to show that we can use agents to identify security issues in this repo, according to implemented secure by design principles, not for any code.
Other copilot-instructions can be found at https://github.com/github/awesome-copilot