Secure Code With The Microsoft Anti-Cross Site Scripting Library

| 0 comments

Recently I attended a Security Development Lifecycle training course in Dallas, Texas and I must admit while I was aware of many vulnerabilities in web applications, I learned just how easy it is to do some real damage if software engineers don’t fully understand the implications they face when developing a web application. In fact, while I was researching statistics on this topic I ran across a statistic that stated applications today contain more security flaws themselves than the operating system that they run on. Now stop and think about this for a moment. Typically companies do everything in their power to patch the operating system, stand up firewalls, and generally control access. If a web application for example does not account for security unauthorized individuals many gain access or worst case scenario steal data that can be detrimental to a company should it fall into the wrong hands. Here are three areas that I believe you should focus on to get you started. Validate input: Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Enforce security policies: Create software architecture and design your software to implement and enforce these security …

Continue reading

How To Process JSON With C# and JQuery

| 2 Comments

JavaScript Object Notation affectionately known as JSON is a wonderful way to deliver content to the browser in a lightweight method that can both save on bandwidth and reduce page weight. Who doesn’t like the idea of performance improvements? In this tutorial, I will demonstrate how to make a call to a SQL Server database via a Web Method and create an employee object that will hold the top ten employees. This object will contain the JSON data that in turn will be displayed in a standard HTML table. Of course you could use CSS to display the data and reduce the need for a table. The first step is to create the Employee class that defines the fields, properties, and constructors. /// /// Summary description for Employee /// public class Employee { private string _firstName; private string _middleName; private string _lastName; public string FirstName { get { return _firstName; } set { _firstName = value; } } public string LastName { get { return _lastName; } set { _lastName = value; } } public string MiddleName { get { return _middleName; } set { _middleName = value; } } public Employee(string firstName, string middleName, string lastName) { _firstName = …

Continue reading

UML Modeling and Visual Studio .NET 2010

| 2 Comments

First things first. If you have been living under a rock you may be surprised to learn that Visual Studio .NET 2010 RC is available for download. I have been looking at this IDE since the public beta was made available and the release candidate is fast and stable. Give it a spin for yourself. Microsoft even released a Visual Studio 2010 and .NET Framework 4 Training Kit just a few days ago that presentations, hands-on-labs, and demos. UML is not my favorite activity of software development but it is none the less important and Microsoft has made great strides with the integration of modeling and the Integrated Development Environment (IDE). If you stop and think out it for a moment you may realize that you can lower cost when it comes to purchasing third party modeling tools. However, only you can determine what works best in any given situation and if you are just beginning a project then you may want to rationalize the modeling capabilities of this next generation IDE. To start open the IDE and select “New Project” and choose “Modeling Projects”. Once you have completed this step you will notice this newly established project within the solution. …

Continue reading

Printer Friendly Web Pages

| 0 comments

While I personally do print a great deal of web pages I do find myself from time to time running across an article that I want to to keep and a bookmark is something I do not want to use. Print is something that you can file away to ensure that the information is available to you at any point in time. The one thing that drives me nuts is those sites that do not provide printer friendly versions of content or if they do it contains logos and other unnecessary images. Everyone has their own idea when it comes to this topic and while I tend to lean to 100% text when it comes to printer friendly pages there are exceptions to this rule. Just use common sense in this area and you will do fine. Take the following as good example of 100% text: How To Implement Printer Friendly Pages There are a number of ways you can do this and I will touch on two. Cascading Style Sheets (CSS) Third Party Sources Cascading Style Sheets (CSS) A print style sheet works basically in the same manner as the screen type with a slight difference which is to …

Continue reading

Best Practices: Visual Studio .NET Project Naming Standards

| 0 comments

If you have not adopted a best practice when it comes to naming your solution and projects within Visual Studio .NET, I urge you to take a moment a think about this subject. As anyone will tell you best practices are worth their weight in gold and why would anyone not want to review what others has determined that works? By doing so you are not doomed to make the same mistakes. I believe a great place to start is the .NET Framework Class Library itself. By looking at this framework you will notice that the namespaces are grouped by commonality therefore you can apply the same thoughts to your projects. An unexpected perk of adopting this type of thought is you will now be promoting code re-use and efficient separation of logic. Face it, anything that reduces complexity and increases productivity is well worth the thought. Assume for a moment that you have the following components: Business Logic Data Access Common Logic Exception Management Utilities In most cases this holds true for any application. To break these out within Visual Studio .NET as meaningful projects I suggest following the standard format of companyname.tier and this helps immensely in keeping …

Continue reading