.NET

I got a little stumped this week and turned to the fountain of software knowledge, also known as Stack Overflow [http://stackoverflow.com], with a question about Missing popout class in ASP.NET menu for nodes without a URL [http://stackoverflow.com/questions/3697634/missing-popout-class-in-asp-net-menu-for-nodes-without-a-url] . The problem is simply this; let’s take the following Web.sitemap file: <?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteM...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] Consider for a moment the sheer volume of information that sits out there on the web and is accessible by literally anyone. No authentication required, no subversive techniques need be employed, these days just a simple Google search can turn up all sorts of things. And yes, that includes content wh...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] Authenticating to a website is something most of us probably do multiple times every day. Just looking at my open tabs right now I’ve got Facebook, Stack Overflow, Bit.ly, Hotmail, YouTube and a couple of non-technology forums all active, each one individually authenticated to. In each case I trust...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] In the first post of this series [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] I talked about injection and of most relevance for .NET developers, SQL injection. This exploit has some pretty severe consequences but fortunately many of the common practices employed wh...

This content is now available in the Pluralsight courses "OWASP Top 10 Web Application Security Risks for ASP.NET" and "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] There’s a harsh reality web application developers need to face up to; we don’t do security very well. A report from WhiteHat Security [http://www.slideshare.net/jeremiahgrossman/whitehat-security-8th-website-security-statistics-report] last year reported “83%...

Something that has always struck me as a bit unique about the software industry is the huge variances we see in professionalism. Consider industries such as medicine or aviation; the lower bounds of their professionalism is comparatively high and the deviation of expertise within the practitioners is comparatively low when compared to software development. Of course there are exceptions – every now and then a doctor malpractices or a pilot crashes – but these are relatively rare occurrences comp...

It’s a hot summer day in Perth over on the western seaboard of Australia and the local pub is packed with patrons downing cold beers. You’re in your shiny new Ferrari – red, of course – and come cruising past the pub in full view of the enthralled audience. As any red-blooded, testosterone fuelled Aussie bloke would do, you give the Italian thoroughbred a full redline launch to the delight of the crowd. Right up until you run into the street sign: Why did this happen? Well there’s the fact th...

A while back I wrote about Creating your own custom Subversion management layer [https://www.troyhunt.com/2009/10/creating-your-own-custom-subversion.html] which involved rolling your own UI in .NET to perform common management tasks in SVN such as provisioning a repository or managing permissions. This is a great way of quickly and easily giving users a self-service mechanism for managing their own repositories in a controlled, secure fashion. Continuing the theme of customising SVN to do yo...

I was a little confused this week as to why ReSharper was recommending using implicitly typed variable declarations in a VS2010 solution targeting .NET 2. Somewhere in my mind I had directly associated the “var” keyword with the release of .NET 3.5 so this looked a little odd to me: As it turns out, the var keyword is a feature of the compiler, not the .NET CLR. The same is true for automatic properties and object initialisers. The bottom line is that you can use these features in VS08 or...

In my quest for both some engaging blog material and a desire to get up to speed with everything new in the latest generation VS and .NET fast, following is an overview of 25 illustrated examples of Visual Studio 2010 and .NET 4. It’s not seriously in depth, just enough to understand what’s new and where you can go to get the serious details. Background Rather than churning out another ubiquitous “Hello World” app, I’ve used an existing ASP.NET 3.5 project which has been my test bed for pretty...