Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
The company that I work for is redeveloping an in-house product for external use.
The product will initially be developed in C# using WPF, then ported to Silverlight.
One of the focus points is coding against malicious attacks e.g. SQL injection etc.
Questions:
Can anyone recommend URLs pointing to articles on security 'best practices'.
Can anyone recommend an analysis tool for analysing the code to identify weaknesses. We would, if possible, like to include the tool in our continuous integration scripts.
The best resource I've found is here:
http://www.owasp.org/index.php/Main_Page
Within that site, I would start here:
http://www.owasp.org/index.php/Top_10_2007
The top 10 is for web site vulnerabilities, but the concepts apply to all types of apps. In my personal opinion, you really can't do better for a starting point when it comes to learning about secure coding.
This site provides best practices, tools, and really makes everything understandable regardless of your skill level.
*Added *
Another good resource is the MSDN documentation, since your question is tagged as C#.
http://msdn.microsoft.com/en-us/library/ms998408.aspx
Try the following article on MSDN: Security (How Do I in C#).
I guess starting with secure development would mean three steps:
Identify and understand the big picture: what may go wrong
This means understanding the technical aspects of a vulnerability and how it helps making things go wrong.
Typically, I'd go with the OWASP's Top 10 web application security vulnerabilities (google: owasp top 10 2007).
If you don't understand it, then, please, ask for guidance. Understanding such a document doesn't directly tells you how to build secure code but it is a good indicator on your level of understanding on secure development.
Find good general practices that lead to secure development
While many documents tell you how things may go wrong, few resources actually tell you how to avoid them in a general way.
Currently, I'd mostly recommend these resources:
David Rook's "Secure Development principles" (google: david rook principles of secure development)
OWASP's Top 10 vulnerabilities protection section pages (each entry is clickable on the online version of the Top 10)
Find resources tailored for your technology
Get access to resources that tell you "how to do this" in a language that you speak. Typically, C#. The MSDN portal provides developers with many security checklists (http://msdn.microsoft.com/en-us/library/ms998408.aspx).
Finally, get into it: connect to regular input on application security, find blogs, read news (build Google alerts with some vulnerabilities names or words such as 'application security' or 'secure development') and see what happens.
Hope it helps.
sb
PS: sorry for the 'google' links, I am a new user and can only post 1 url in my answers :(
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
<EDIT>
About this question being off-topic and too opinion-based, I'll try to be more clear. My goal was to undestand if such a tool existed, I was not interested in opinions about what was the best one. At the time I wrote this question I spent quite a good amount of time searching the internet and found just old dead projects but such a tool for java existed and I couldn't belive there were nothing for c#.
I think this question is related to programming (code verification), and it is not really asking for an opinion. Also, it's still not easy to find this information and I think my answer could help saving someone's time.
That said, I'm not an expert of stackoverflow, if you still think the question/answer does not fit the site feel free to delete it.
</EDIT>
I've found Moonwalker http://fmt.cs.utwente.nl/tools/moonwalker/ but the last update has been done in 2009 and i don't think it supports .net4.5 (and it's poorly documented).
The answer to this question propose CodeContracts as a model checking tool Model checking tool c# but I've tried using it and I don't think it really is a model checker, not in the same way Java Path Finder for Java is. Im i worng? Can it be used like JPF?
I need to be able to known if a certain part of code is designed in a way that can deadlock. Let's say it's a school thing and even if I'm sure my code is working I must model check it. (Yes we are allowed and encouraged to look on the internet).
As the user #HighCore said, and after lot of searching i can say that a mature and up-to-date tool like the one I described does not exist.
Model checking refers usually to explicit methods, however symbolic methods are equally advanced and arguably more capable for establishing properties of actual code.
For a Turing complete language, the verification problem is undecidable, so model-checking tools usually accept a less powerful language as input. This implies having to convert your problem to that language, before checking. This is why you have not come across any "C# model checking tool".
Have you looked at Boogie and the C#-like Dafny ? These are (essentially) for annotating with Hoare logic.
Alternatively, you can consider model checking your C# solution after (manually) translating it to Promela, then using SPIN.
Related tools (e.g. C-to-Promela translators) are listed here.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I want to develop my blog website in ASP.NET. What could be the best way I can write my blog through?
I mean will Tiny MCE work for me, last time when I used it I faced terrible formatting issues. Because my blog will include code, different formatting, pictures etc. Please suggest me how to post blog?
I am using ASP.NET 3.5 and SQL Server 2005.
Why write your own from scratch? Take a look at Orchard CMS. It's an opensource .NET CMS being developed with help from Microsoft http://www.orchardproject.net/
Its fairly new, so there's still some features missing, but its really easy to get setup and since you're a .NET developer you can add your own functionality.
I agree with Jamiegs. Blogging is by and large a solved problem. Why not use an existing package? Most packages will include much more than anything you'd put together in your spare time not to mention that you'll benefit from all of the field testing too.
I settled on hosted Wordpress and just pointed my domain there. Hosted Wordpress is somewhat more limited than self-hosted (you can't install your own themes, etc...) but I've hardly found it restrictive. Their documentation around the various shortcodes for displaying source code or embedding maps is pretty complete.
I have been using Obout's html editor almost a year now without any problems. http://obout.com/editor_new/sample_full.aspx . Ajax Toolkit has free lite version of Obout's editor.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I am looking for an open source CMS for ASP.NET MVC. I have found MvcCms, N2, and AtomicCMS. I'm looking for any advice, anecdotes, resources or articles comparing the different open source projects so I can find the best one for my project. I'd like to find information about the features, extensibility, relative reliability and continued development of the different projects. Thanks guys.
You ought to look at Orchard CMS. It was released a few days ago, so still in its infancy. We are having a very close look as most clients want this kind of thing.
Orchard is open source, but it is part of Microsoft's push for MVC 3. So there are a lot of very good brains behind it.
On the other hand, there is a rule whereby you only take an MS product seriously when version 3 comes out. What I think you will find is that they will rattle out the versions quite quickly, so I would bet on this one.
To date, we use Telerik Sitefinity for all CMS. The pros are that it uses master pages, so no new skills. The cons, it is slow and I have found it tedious to customise.
Still, it delivers good websites. For example, one we did (still under development):
Preston Reid Travel Agency
It is entirely updated by the staff who definitely NOT technically minded.
However, Sitefinity is not MVC, so I will get increasingly out of date with it, plus you have to pay for commercial sites (from US$ 499).
Orchard is free and will get a big community eco system, so will evolve quickly. I suspect Orchard will kill off all the other free MVC CMS.
That's my bet, and it has always paid to bet on Microsoft...
I can find a few listed and compared here; have a look. Hope it helps.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Our team doing a project in asp.net & Mssql 2005.since our team member are distributed. we need a online tool for tracking project changes, and control access to our online code repositories.
While searching i got tools like
http://codesion.com
, http://repositoryhosting.com
is project mangement possible using http://codesion.com
, http://repositoryhosting.com
Suggest a better tools for the doing
project.
http://www.codespaces.com/ has some execelent project management, taks scheduling, bug tracking software combined with good source control of SVN or GIT. Using Tortoise SVN or Tortoise GIT.
Github and GoogleCode are great, but I think they both require an opensource project.
Another question to answer is: Do you need strict access control below repositories?
In Subversion you can always undo each and every change a developer makes. So as long as you only allow your developers acces to the repository you can handle the rest of the security via policy.
This won't work in cases with external contracters, but if all developers are normal employees, in many cases there is no need to restrict access.
Im my eyes the time to configure every directory tree every time is much more costly than to fix a possible deletion/breakage later. (Giving access to a repository is uncommon; a new directory very common).
That leaves the tracking of changes; and I usually use AnkhSVN and TortoiseSVN for that. (Easier to maintain than most web tools and very easy to install.. You probably have them already).
Then you only need some issue tracker...
http://hosted-projects.com/ No downtime (noticed) in about a year. They provide the best project management tool I ever used: trac.
I've come across Freepository it uses SVN. Not set up a project on it yet though so don't know its pro's and con's.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I need to connect to an Exchange-Server and to read some values, that a third party application stores there (BlackBerry Enterprise Server).
In my understanding I need to use CDO with C++ (C# doesn't seem to work this well in this regard). Is that right? I tried searching a little, but there seems to be lot of different approaches with a lot of different APIs and the whole topic confuses me a little.
Can anyone point me to some resources or tell me where to start?
Thanks!
You have a few options based on the version of Exchange you are using.
If you are running Exchange 2007
Exchange Web Services - Language agnostic approach to communicating with Exchange and the primary method moving forward. Googling EWS will return lots of good hits with tutorials and information in addition to the numerous books.
An example from Microsoft
If you are running Exchange 2003 or earlier
WebDAV is a simple way to access Exchange as Marc recommend. There are lots of good tutorials on the web for it as well. It is also language agnostic like EWS.
Dan's WebDAV 101 Blog - a blog I've used in the past for WebDAV & EWS info.
Any version of Exchange
If C++ is an option, there's also MAPI. If you're not familiar with MAPI programming, it's going to be a little bit of a learning curve, but you can do just about anything to a mailbox and it's contents. MAPI isn't supported in C#.
It's been at least three years since I worked on this problem, but it seemed to me like the best solution was C# with WebDAV. Rather than try to explain code I don't really remember, here's a link to a tutorial I wrote at the time. Definitely check out the links at the end, I remember they were very helpful in understanding how the technology worked.
Thanks for the answers guys!
However I ended up downloading a little tool called MFCMapi from codeplex and using the provided source code as a guide on how to do things.