Security and the ASP.NET View State

| 0 comments

Many of you who work with Microsoft .NET are aware of the View State and for those of you who are just getting started with .NET please take the time to read the ASP.NET View State Overview over on the Microsoft Developer Network (MSDN). While the viewstate is necessary, it does not come without security concerns that you should understand and what you can do to mitigate the risks. The viewstate is a repository in an ASP.NET page that can store values that have to be retained during postback. The page framework uses view state to persist control settings between …

Continue reading

Microsoft Enterprise Library: Caching Application Block

| 0 comments

This is a a second article on the topic of the Microsoft Enterprise Library. If you have not read the previous article titled Microsoft Enterprise Library: Data Access Application Block, I recommend you do so. Introduction to the Caching Application Block The Enterprise Library Caching Application Block lets developers incorporate a local cache in their applications. It supports both an in-memory cache and, optionally, a backing store that can either be the database store or isolated storage. The Caching Application Block can be used without modification; it provides all the functionality needed to retrieve, add, and remove cached data. Configurable …

Continue reading

Microsoft Enterprise Library: Data Access Application Block

| 0 comments

For those of you who have been using the Enterprise Library from Microsoft then I tip my hat to you. I admit that I have not used this library for a number of years and in most cases the reason is because I have honestly not been in a position to do so. It is a long story so don’t ask. There are a number of reason why you should seriously consider the use of the Enterprise Library and I cannot think of any better reason than those provided directly from Microsoft. The goals of Enterprise Library are the following: …

Continue reading

Creating Charts With Microsoft Chart Controls

| 0 comments

There is no shortage of charting controls for the Microsoft .NET framework and while many do a great job, they may be overkill and costly to any project. If you’re not familiar with the Microsoft Chart Controls then you may find that you’re in for a pleasant surprise for two reasons; They are free Quickly render charts Quick Walkthrough My purpose here is simple and to the point. I want to demonstrate just how easy it is to return a chart to the end user. In this case I will be using an XML data source rather than a database …

Continue reading

Security Development Lifecycle: SQL Injection Attacks

| 0 comments

In an earlier post titled Security Development Lifecycle: Introduction I begun introducing what the Security Development Lifecycle (SDL) represents and as I continue this series I will focus on the SDL model that Microsoft has so graciously provided to the community. Introduction In part 2 of this series I want to focus of SQL Injection and for those of you just getting started it is important to understand what a SQL Injection attack is. Here is what Microsoft has stated: SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance …

Continue reading