Let's Talk Software

Rants about software topics and Method Development news.

Tag:

Custom Software Agile Workflow Method Dev Software Developer Website Development Web Apps Digital Transformation

OWASP ZAP - Passive Scanning - Get Started

2015-03-26
Custom Software

OWASP ZAP is an excellent (FREE) tool to test your website for common security issues. It has a large library of plugins and an what seems to be an active community. Although the tool has an active attack method, I prefer the passive attack method as you can use the site as you normally would. Although tutorials do exist on how to get started, I personally had difficulty finding them or knowing what I was even looking for when I first started. Especially related to passive security scanning. The interface isn't the most "intuitive", so I figured I would write these instructions for anybody encountering the same problems.

ASP.NET Identity 2.0 Security Stamp

2014-07-09
Custom Software

I'm currently working through a complete Identity setup without using Entity framework. This is taking me to difficult places as the source for this library is yet to be released. It involves lots of reading and guessing. One area of confusion is the Security Stamp.

You can read about the description over at stack overflow http://stackoverflow.com/questions/19487322/what-is-asp-net-identitys-iusersecuritystampstoretuser-interface.

This is the best I found, but it still wasn't enough for the full blown, non EF version.

FireFox Settings

2014-06-05
Custom Software

Because the Internet is still the wild west (as it should be), I run FireFox in a mode that I recommend. This can decrease page load times, reduce bandwidth usage and reduce the tracking that can be done (not prevent it). Click on through to see the screen shots…

SQL Tool Belt Merge Statement

2014-03-24
Custom Software

Database, Database, Database. They are everywhere, and have been for a long time. Personally I find working with a database enjoyable, especially when the requirements get twisted and you need to expand your mind to solve the problem. This blog post is not about one of those mind-bending situations. Just some basics that help with everyday SQL. This one is actually dated now, but still not used as much as it probably should be.

Simple Injector ASP.NET MVC & WebAPI

2014-02-16
Custom Software

TLDR: Simple Injector is good, use it.

As most developers do, we use IOC in our ASP.NET MVC sites, it cleans up the code and allows for better testing. If you're not familiar with check out this article on Dependency Injection.

One of the longest running IOC libraries is Structure Map, which we originally choose because of it maturity and stability. After running with this for 4 (ish) years (with complete success), I started to look into different possibilities for my Injector library. Knowing that Structure Map has every feature you would ever want leads me to think there might be code that is affecting performance. I only use IOC for a Service Layer & Repository Layer injection and its very simple at that, so I really don't need all of the bells and whistles. I would rather have less features and better performance.