feat: Implement DevSecOps demo page for GHAS features

- Add new DevSecOps.cshtml page with GHAS latest news and features
- Implement ILogger for backend logging and security demonstrations
- Add intentionally vulnerable code patterns for GHAS demo:
  * Log forging vulnerabilities
  * SQL injection patterns
  * Regex DoS vulnerabilities
  * Hard-coded credentials
- Update package dependencies:
  * System.Text.Json 8.0.4 (vulnerable version for demo)
  * Microsoft.Data.SqlClient 5.0.2 (vulnerable version for demo)
  * Newtonsoft.Json 12.0.2 (vulnerable version for demo)
- Add navigation menu link to DevSecOps demo page
- Update Index page with links to new DevSecOps features
- Build verified without compilation errors

Implements issue #72 - DevSecOps demo for GitHub Advanced Security

Author: CalinL

src/webapp01/Pages/DevSecOps.cshtml

@@ -0,0 +1,169 @@
+@page
+@model DevSecOpsModel
+@{
+    ViewData["Title"] = "DevSecOps & GitHub Advanced Security";
+}
+
+<div class="container">
+    <div class="row">
+        <div class="col-md-12">
+            <h1 class="display-4 text-primary">@ViewData["Title"]</h1>
+            <hr />
+        </div>
+    </div>
+
+    <div class="row">
+        <div class="col-md-8">
+            <div class="card mb-4">
+                <div class="card-header bg-primary text-white">
+                    <h3 class="mb-0"><i class="bi bi-newspaper"></i> Latest GHAS News & Updates</h3>
+                </div>
+                <div class="card-body">
+                    <p class="lead">Stay up-to-date with the latest GitHub Advanced Security features and enhancements:</p>
+                    
+                    @if (Model.LatestNews.Any())
+                    {
+                        <ul class="list-group list-group-flush">
+                            @foreach (var newsItem in Model.LatestNews)
+                            {
+                                <li class="list-group-item">
+                                    <i class="bi bi-check-circle text-success me-2"></i>
+                                    @newsItem
+                                </li>
+                            }
+                        </ul>
+                    }
+                </div>
+            </div>
+
+            <div class="card mb-4">
+                <div class="card-header bg-success text-white">
+                    <h4 class="mb-0"><i class="bi bi-shield-check"></i> DevSecOps Best Practices</h4>
+                </div>
+                <div class="card-body">
+                    <div class="row">
+                        <div class="col-md-6">
+                            <h5>Security in Development</h5>
+                            <ul>
+                                <li>Shift-left security testing</li>
+                                <li>Automated code scanning</li>
+                                <li>Secret detection & management</li>
+                                <li>Dependency vulnerability scanning</li>
+                            </ul>
+                        </div>
+                        <div class="col-md-6">
+                            <h5>GHAS Integration</h5>
+                            <ul>
+                                <li>CodeQL static analysis</li>
+                                <li>Dependabot alerts & updates</li>
+                                <li>Security advisories</li>
+                                <li>Supply chain protection</li>
+                            </ul>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <div class="col-md-4">
+            <div class="card mb-4">
+                <div class="card-header bg-warning text-dark">
+                    <h5 class="mb-0"><i class="bi bi-exclamation-triangle"></i> Demo Security Testing</h5>
+                </div>
+                <div class="card-body">
+                    <p class="text-muted">This form demonstrates security vulnerabilities for educational purposes:</p>
+                    
+                    <form method="post">
+                        <div class="mb-3">
+                            <label for="userInput" class="form-label">Test Input:</label>
+                            <input type="text" class="form-control" id="userInput" name="userInput" 
+                                   value="@Model.UserInput" placeholder="Enter test data...">
+                            <small class="form-text text-muted">
+                                ⚠️ This input is intentionally vulnerable for demo purposes
+                            </small>
+                        </div>
+                        <button type="submit" class="btn btn-warning">
+                            <i class="bi bi-bug"></i> Test Vulnerabilities
+                        </button>
+                    </form>
+                    
+                    @if (!string.IsNullOrEmpty(Model.UserInput))
+                    {
+                        <div class="mt-3 alert alert-info">
+                            <strong>Input processed:</strong> @Model.UserInput
+                            <br>
+                            <small>Check application logs for security demonstrations</small>
+                        </div>
+                    }
+                </div>
+            </div>
+
+            <div class="card">
+                <div class="card-header bg-info text-white">
+                    <h5 class="mb-0"><i class="bi bi-link-45deg"></i> GHAS Resources</h5>
+                </div>
+                <div class="card-body">
+                    <div class="d-grid gap-2">
+                        <a href="https://docs.github.com/en/code-security" target="_blank" class="btn btn-outline-primary btn-sm">
+                            Code Security Docs
+                        </a>
+                        <a href="https://docs.github.com/en/code-security/code-scanning" target="_blank" class="btn btn-outline-primary btn-sm">
+                            Code Scanning Guide
+                        </a>
+                        <a href="https://docs.github.com/en/code-security/secret-scanning" target="_blank" class="btn btn-outline-primary btn-sm">
+                            Secret Scanning
+                        </a>
+                        <a href="https://docs.github.com/en/code-security/dependabot" target="_blank" class="btn btn-outline-primary btn-sm">
+                            Dependabot
+                        </a>
+                        <a href="https://docs.github.com/en/code-security/security-advisories" target="_blank" class="btn btn-outline-primary btn-sm">
+                            Security Advisories
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <div class="row mt-4">
+        <div class="col-md-12">
+            <div class="alert alert-warning">
+                <i class="bi bi-exclamation-triangle-fill"></i>
+                <strong>Educational Demo:</strong> This page contains intentionally vulnerable code patterns for GitHub Advanced Security demonstration purposes. 
+                Never use these patterns in production environments.
+            </div>
+        </div>
+    </div>
+</div>
+
+@section Scripts {
+    <script>
+        // Enhance the demo experience
+        document.addEventListener('DOMContentLoaded', function() {
+            const newsItems = document.querySelectorAll('.list-group-item');
+            newsItems.forEach((item, index) => {
+                setTimeout(() => {
+                    item.style.opacity = '1';
+                    item.style.transform = 'translateX(0)';
+                }, index * 100);
+            });
+        });
+    </script>
+}
+
+<style>
+    .list-group-item {
+        opacity: 0;
+        transform: translateX(-20px);
+        transition: all 0.3s ease;
+    }
+    
+    .card {
+        box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+        transition: transform 0.2s ease;
+    }
+    
+    .card:hover {
+        transform: translateY(-2px);
+    }
+</style>

src/webapp01/Pages/DevSecOps.cshtml.cs

@@ -0,0 +1,86 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using System.Text.RegularExpressions;
+using System.Data.SqlClient;
+using Microsoft.Data.SqlClient;
+using Newtonsoft.Json;
+
+namespace webapp01.Pages
+{
+    public class DevSecOpsModel : PageModel
+    {
+        private readonly ILogger<DevSecOpsModel> _logger;
+        
+        // Insecure: Hard-coded connection string for demo purposes
+        private const string CONNECTION_STRING = "Server=localhost;Database=DemoDb;User Id=sa;Password=P@ssw0rd123;";
+        
+        // Insecure: Vulnerable regex pattern for demo purposes  
+        private static readonly Regex EmailRegex = new Regex(@"^(.+)@(.+)$", RegexOptions.Compiled);
+
+        public DevSecOpsModel(ILogger<DevSecOpsModel> logger)
+        {
+            _logger = logger;
+        }
+
+        public List<string> LatestNews { get; set; } = new List<string>();
+        public string UserInput { get; set; } = string.Empty;
+
+        public void OnGet()
+        {
+            _logger.LogInformation("DevSecOps page accessed at {Time}", DateTime.UtcNow);
+            
+            LoadLatestGHASNews();
+            
+            // Insecure: Log user data without sanitization for demo purposes
+            string userAgent = Request.Headers["User-Agent"].ToString();
+            _logger.LogInformation("User accessed DevSecOps page with User-Agent: " + userAgent);
+        }
+
+        public void OnPost(string userInput)
+        {
+            UserInput = userInput ?? string.Empty;
+            
+            // Insecure: Log forging vulnerability for demo purposes
+            _logger.LogInformation("User input received: " + userInput + " from user: " + User.Identity?.Name);
+            
+            // Insecure: SQL injection vulnerability for demo purposes
+            if (!string.IsNullOrEmpty(userInput))
+            {
+                try
+                {
+                    using var connection = new SqlConnection(CONNECTION_STRING);
+                    var query = $"SELECT * FROM Users WHERE Name = '{userInput}'"; // Vulnerable to SQL injection
+                    _logger.LogWarning("Executing query: " + query);
+                }
+                catch (Exception ex)
+                {
+                    _logger.LogError("Database error: " + ex.Message);
+                }
+            }
+              // Insecure: Regex vulnerability for demo purposes
+            if (!string.IsNullOrEmpty(userInput) && EmailRegex.IsMatch(userInput))
+            {
+                _logger.LogInformation("Valid email format detected");
+            }
+            
+            LoadLatestGHASNews();
+        }
+
+        private void LoadLatestGHASNews()
+        {
+            LatestNews = new List<string>
+            {
+                "GitHub Advanced Security now supports AI-powered code scanning with enhanced vulnerability detection",
+                "New Dependabot features include automated security updates for container dependencies", 
+                "Secret scanning now detects over 200+ token types including cloud provider keys",
+                "Code scanning with CodeQL now supports Python 3.12 and enhanced C# analysis",
+                "Dependency review action helps prevent vulnerable dependencies in pull requests",
+                "GHAS now integrates with third-party security tools through the Security tab API",
+                "Enhanced supply chain security with SLSA compliance and artifact attestation",
+                "New security advisories database provides comprehensive vulnerability information"
+            };
+
+            _logger.LogInformation("Loaded {Count} GHAS news items", LatestNews.Count);
+        }
+    }
+}

src/webapp01/Pages/Index.cshtml

@@ -9,5 +9,39 @@
         <h5 class="card-title">.NET 💜 Azure v5</h5>
         <p class="card-text">Learn about <a href="https://learn.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
         <p class="card-text">Visit our <a asp-page="/About">About GHAS</a> page to learn about GitHub Advanced Security features.</p>
+        <p class="card-text">
+            <strong>🚀 New!</strong> Check out our <a asp-page="/DevSecOps" class="btn btn-primary btn-sm">DevSecOps Demo</a> 
+            to explore the latest GitHub Advanced Security features and best practices.
+        </p>
+    </div>
+</div>
+
+<div class="row mt-4">
+    <div class="col-md-6">
+        <div class="card">
+            <div class="card-header bg-info text-white">
+                <h5 class="mb-0">🔐 Security Features</h5>
+            </div>
+            <div class="card-body">
+                <ul class="list-unstyled">
+                    <li>✅ Code Scanning with CodeQL</li>
+                    <li>✅ Secret Scanning</li>
+                    <li>✅ Dependency Management</li>
+                    <li>✅ Security Advisories</li>
+                </ul>
+                <a asp-page="/DevSecOps" class="btn btn-outline-info">Explore GHAS →</a>
+            </div>
+        </div>
+    </div>
+    <div class="col-md-6">
+        <div class="card">
+            <div class="card-header bg-success text-white">
+                <h5 class="mb-0">🛠️ DevSecOps Integration</h5>
+            </div>
+            <div class="card-body">
+                <p>Learn how to integrate security into your development workflow with our comprehensive DevSecOps guide.</p>
+                <a asp-page="/DevSecOps" class="btn btn-success">Get Started</a>
+            </div>
+        </div>
     </div>
 </div>

src/webapp01/Pages/Shared/_Layout.cshtml

@@ -17,15 +17,17 @@
                 <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target=".navbar-collapse" aria-controls="navbarSupportedContent"
                         aria-expanded="false" aria-label="Toggle navigation">
                     <span class="navbar-toggler-icon"></span>
-                </button>
-                <div class="navbar-collapse collapse d-sm-inline-flex justify-content-between">
+                </button>                <div class="navbar-collapse collapse d-sm-inline-flex justify-content-between">
                     <ul class="navbar-nav flex-grow-1">
                         <li class="nav-item">
                             <a class="nav-link text-dark" asp-area="" asp-page="/Index">Home</a>
                         </li>
                         <li class="nav-item">
                             <a class="nav-link text-dark" asp-area="" asp-page="/About">About GHAS</a>
                         </li>
+                        <li class="nav-item">
+                            <a class="nav-link text-dark" asp-area="" asp-page="/DevSecOps">DevSecOps Demo</a>
+                        </li>
                         <li class="nav-item">
                             <a class="nav-link text-dark" asp-area="" asp-page="/Privacy">Privacy</a>
                         </li>

src/webapp01/webapp01.csproj

@@ -8,12 +8,12 @@
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <DockerfileContext>.</DockerfileContext>
   </PropertyGroup>
-
   <ItemGroup>
     <PackageReference Include="Azure.Identity" Version="1.13.2" />
-    <PackageReference Include="Microsoft.Data.SqlClient" Version="6.0.2" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.0.2" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-    <PackageReference Include="System.Text.Json" Version="9.0.4" />
+    <PackageReference Include="System.Text.Json" Version="8.0.4" />
+    <PackageReference Include="Newtonsoft.Json" Version="12.0.2" />
   </ItemGroup>
 
 </Project>