Carlos Schults carlosschults

Code Security Essentials: What Every Developer Should Know

A comprehensive guide based on a conversation with Johannes Doss, VP of Code Security at Sonar

The Evolution of Security Ownership

Security responsibility in software development has undergone a fundamental transformation over the past two decades. Johannes Doss, who has spent 20 years in cybersecurity—from his early days playing capture-the-flag competitions to professional penetration testing and now leading code security at Sonar—has witnessed this evolution firsthand.

His journey into security began personally: his computer got infected with the Sasser worm, sparking both frustration and intrigue about how someone could gain access to his machine. This led him down a path of security exploration, eventually studying IT security in Bochum, Germany, and competing in hacking competitions where university teams would try to hack each other in isolated environments.

Student Materials

Course Labs

ASPE Satisfaction Policy

gitignore for Visual Studio

Gitlab Flow

	public int CalculateSquareOfAge(Person? p)
	{
	var result = 0;
	if (p != null)
	result = p.Age * p.Age;

	return result;
	}

	public void Foo(string? bar)
	{
	if (!bar.IsNullOrEmpty())
	{
	var length = bar!.Length;
	}
	}

	public void Foo(string? bar)
	{
	if (!bar.IsNullOrEmpty())
	{
	var length = bar.Length;
	}
	}

	string? nullableString = "hello";
	string nonNullableString = nullableString;

	public int CalculateSquareOfAge(Person? p)
	{
	int age = p?.Age ?? 0;
	return age * age;
	}

	public int CalculateSquareOfAge(Person? p)
	{
	int age = p.Age;
	return age * age;
	}

	public int CalculateSquareOfAge(Person p)
	{
	int age = p.Age;
	return age * age;
	}

	interface IDisplayService
	{
	void DisplayMessage(string message) { WriteLine(message); }
	}