Andrew Lock "Sock"
@andrewlocknet
Followers
16K
Following
3K
Media
136
Statuses
6K
Microsoft MVP and blogger, focused on ASP.NET Core. Author of ASP.NET Core in Action: https://t.co/GTRJ4hBm9s @[email protected] @andrewkock.bsky.social
Plymouth, England
Joined May 2016
Nice writeup in @InfoQ about CVE-2025-55315, quoting @andrewlocknet and a link to my repro tool
infoq.com
Microsoft recently released a security advisory and patched a critical vulnerability in ASP.NET Core that allows an attacker to bypass a security feature over a network due to an inconsistent...
0
1
1
Easier Reflection with [UnsafeAccessorType] in .NET 10 - https://t.co/nm7JpJndaF
@andrewlocknet
andrewlock.net
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference
1
6
42
Given the port from Disqus to Gisqus worked so well for my personal website (thanks to @andrewlocknet! 🙏), I've just done the same for the podcast! A good time to go and comment on your favorite episodes! 😊 https://t.co/Z2K6QWOu4I
unhandledexceptionpodcast.com
Software Development podcast hosted by Dan Clarke
As part of this, I added Giscus for comments instead of Disqus that I was previously using. I haven't ported the old comments yet though. Just Googled it and found this post (and migration tool!) by @andrewlocknet! Andrew - you're a star!!! 🙏⭐ https://t.co/KC2EVXiEjf
0
1
2
Blogged: Easier reflection with [UnsafeAccessorType] in .NET 10 https://t.co/XjeaVgAIsP In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference at compile time #dotnet
andrewlock.net
In this post I show how to work with [UnsafeAccessor] to do 'easier' reflection and how to use .NET 10's [UnsafeAccessorType] with types you can't reference
4
7
77
New issue of .NET R&D Digest is here! Thanks to @lemire, @ryanjfleury, @andrewlocknet, @KooKiz, @maoni0, @Scooletz, @thomaslevesque, @meziantou, @STeplyakov, @zodiacon and other great and talented authors for making amazing content! https://t.co/rL9iRsLPjb
#dotnet
olegkarasik.wordpress.com
This issue includes bits of computer science, AI, software development, parallelism, security, C#, .NET and of course some of .NET Internals.
0
9
22
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 by @andrewlocknet
https://t.co/BWyB1VTuYB
#aspnetcore
0
9
32
@schneidenbach @andrewlocknet Special Andrew Lock shoutout in my latest vid, as promised
1
2
9
Cracking blog post from @andrewlocknet explaining the 9.9 Request Smuggling issue in .NET from last week, way better than my video This blog post should have come from the .NET Security team IMO. It’s wild that volunteers have to do this. https://t.co/H4CLqdGlfg
andrewlock.net
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
2
12
80
This post links to a deep analysis discussion of the .NET security vulnerability (rated 9.9) - CVE-2025-55315. Best description of the issue that I've seen so far.
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 https://t.co/89TCJvjnNF In this post I discuss request smuggling, the recent vulnerability in #AspNetCore with a severity score of 9.9, and how attackers could exploit it #dotnet
0
1
6
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 https://t.co/89TCJvjnNF In this post I discuss request smuggling, the recent vulnerability in #AspNetCore with a severity score of 9.9, and how attackers could exploit it #dotnet
andrewlock.net
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
1
32
182
Great analysis of CVE-2025-55315 "the worst .NET vulnerability ever" by @andrewlocknet
andrewlock.net
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
0
1
6
Blogged: Adding metadata to fallback endpoints in ASP .NET Core https://t.co/4GcebEzkp5 In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of #dotnet #aspnetcore
andrewlock.net
In this post I discuss fallback endpoints and show how adding metadata to MVC or Razor Page fallback endpoints has some quirks to be aware of
0
2
12
Boosting your security while simplifying your life sounds like a win-win! 🎉 This by @andrewlocknet article explains how Trusted Publishing lets you push NuGet packages from GitHub Actions, cutting out the old, insecure method of storing API keys: https://t.co/kebLI5Kh0d
0
1
0
@OlegKarasik1 @unmeshjoshi @martinfowler @brendangregg @andrewlocknet @stephentoub @lemire @simonw @dhh No https://t.co/l14SuNklbZ ? I'm offended 🤣
blog.scooletz.com
We all love async programming. Until we don’t. Just ask fellow engineers who were tasked with making a piece of code async. They might mention something abou...
1
1
1
Just published a new issue of .NET R&D Digest! Thanks to @unmeshjoshi, @martinfowler, @brendangregg, @andrewlocknet, @stephentoub, @lemire, @simonw, @dhh and other great authors for their amazing content! https://t.co/xgz1yUYVdz
#dotnet
olegkarasik.wordpress.com
This issue includes bits of AI, software development, learning, C#, performance, security, C, programming languages, ruby, and of course .NET and .NET Internals.
1
5
15
Blogged: Publishing NuGet packages from GitHub Actions the easy way with Trusted Publishing https://t.co/j53JZWod5o In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow #dotnet #NuGet #GitHub
andrewlock.net
In this post I describe how you can use nuget.org's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow
0
6
14
Blogged: sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout https://t.co/rBhfgrsAei In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires #dotnet
andrewlock.net
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires
1
6
24
Packaging Self-Container and Native AOT .NET Tools for NuGet - https://t.co/QuBIEPP3iv
@andrewlocknet
andrewlock.net
In this post we look at the new support for platform-specific .NET tools, so that you can pack your tools as self-contained or Native AOT packages
0
3
5
Absolutely brilliant dive into the new RID-specific tools feature in #dotnet 10. Andrew has been on the bleeding edge of the feature, and this post is a great exploration of the cost/benefit for tool authors today.
Blogged: Supporting platform-specific .NET 10 tools on old .NET SDKs Exploring the .NET 10 preview - Part 8 https://t.co/jxoSEukcPB In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET 10 toolsand how to support old SDKs #dotnet
0
3
7
Blogged: Supporting platform-specific .NET 10 tools on old .NET SDKs Exploring the .NET 10 preview - Part 8 https://t.co/jxoSEukcPB In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET 10 toolsand how to support old SDKs #dotnet
andrewlock.net
In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10, and how to support old SDKs
0
3
9