Interactive Web Development

AWS easier for asp.net developers. {1}

by Gerardgon Z
This article talks about Amazon Web Services making it a lot easier for ASP.NET to roll out cloud-based applications for their cloud service. Elastic Beanstalk allows for easy and care free deployment of new ASP.NET applications onto Amazon’s cloud service. This allows developers to focus more of their time on actually developing their applications instead of worrying about the cloud infrastructure and its deployment and cloud environment. read more...

Amazon makes efficiency a web developer’s friend {2}

by Ermie C
This article is exactly what it says because Amazon has given resources for web developers that make it easier for them to create their web applications for their Amazon account.  It’s called Amazon Web Services or AWS, and it allows Javascript, jQuery, ASP.NET, PHP, and Java.  The platform is called Elastic Beanstalk and uses the Windows Server 2008 R2 AMI(Amazon Machine Image).  They mention, “Elastic Beanstalk then automatically takes care of deployment details such as capacity provisioning, load balancing, auto-scaling and application health monitoring, according to the company.”  This means that everything will be taken care of, as their applications are uploaded into the Amazon cloud. read more...

How Data Binding Works {2}

by Michael M
Data binding is the process that retrieves data from a given data source and associates it to attributes of the User Interface elements. Data binding gets data from the middle tier of an application and displays it in a nice looking html format. When you use data binding expressions with ASP.Net controls, behaviors are attached to the controls life cycle through the Data Binding event handlers. As developers of our web pages we have the power the trigger data binding events for individual controls or if we want to we can make it trigger all controls within the page. If you want to call for data binding you would use, <%# … %> and the data binding expression will update themselves if you do not want to call data bind, you can create a new page class that overrides the on load method. Data binding expressions can only be used with ASP.Net control markup and require you to call to the Data bind method. read more...

ASP.NET Makes Data Binding More Flexible! {1}

by Jamal A
The article I read talks about the upcoming versions of Microsoft Web development tools, ASP.NET which makes data binding more flexible.  However, before the end of the year, Web developers will have a new version of Visual Studio (11), ASP.NET (4.5) and ASP.NET MVC (4). The author talks about what’s new in ASP.NET, followed by new features in ASP.NET MVC.  According to the article, In ASP.NET 4.5, one of the first things you’ll notice if you use the Web Application template project is that the content for the default.aspx page is now completely useless. However, the default login and change password pages are useful and the default master page is relatively innocuous. The good news is that Visual Studio 11 IntelliSense supports the new HTML5 tags out of the box. The new default.aspx page includes section tags, for instance, and IntelliSense shows that the related header, footer and article tags are also known to Visual Studio. These new tags mean you can stop using <span> and <div> tags with Cascading Style Sheet (CSS) classes to structure related elements on your page, and use tags dedicated to that task. ASP.NET 4.5 adds a new property called ItemType to DataView controls, which you can set to the name of some class in your application. Once you do that, the syntax for data binding not only gets simpler but you also get IntelliSense support for the data item to which you’re binding. read more...

Amazon Web Services Aides Developers {2}

by Alexander H
Amazon Web Services (AWS) has recently released Elastic Beanstalk, which has been developed to assist ASP.NET developers in implementing cloud-based applications. Developers can upload their ASP.NET applications to AWS’s cloud using the AWS toolkit for Visual Studio, and Elastic Beanstalk will then automatically deploy details such as capacity provisioning, load balancing, auto-scaling and application health monitoring. In order to enable these features, developers must first install the Visual Studio toolkit, as well as sign up for an AWS account. Although there are no additional charges for using Elastic Beanstalk, enterprises still have to pay for the AWS resources needed to store data and run their applications. There are even trial versions of the toolkit available for users who are interested in acquiring the tool for development purposes. read more...

ASP.NET DoS Vulnerability {2}

by Quoc L
A recently discover vulnerability within the ASP coding that let hacker overload the CPU core with HTTP request.  By sending in specially coded  ~100kb HTTP request, it will consume 100% of the core processing power. Sending those in multiples time can easy cog up server resources. This exploit was first identified at the Chaos Communication Congress, called CVE-2011-3414. Later on a user on GitHub(open source community) called HybirsDisaster release actual poof of this exploit. read more...

Your Choice of Which is Better! {6}

by Jasmine C
Why do developers think it’s better to use ASP.NET MVC? Well, even though MVC provides developers with goodies, ASP.NET Forms may still be useful to some developers. Why is it that ASP.NET MVC was created in the first place?  Well according to the article I read, from the time period that ASP.NET Forms was released to when ASP.NET MVC was released, MVC addressed the technical and business changes that were occurring in that time period between the two release dates.  Even though ASP.NET MVC makes sites easier to test, easy to modify and much more, both ASP.NET MVC and ASP.NET Forms contain the same core functions.  The article also talks about ASP.NET MVC offers developers total control over HTML and the interaction with inline JavaScript is cleaner.  When ASP.NET Forms was first release, developers were shielded from the dirty details of HTML so this control allows developers to comfortably build Ajax applications and give existing apps more responsiveness and interactivity.  Another great thing about ASP.NET MVC is that Web standard compliance is easier and since the Web is always evolving, this is a great asset for developers.  All in all, even though the use of ASP.NET Forms is still acceptable in today’s society, ASP.NET MVC allows for a cleaner more testable code with added benefits and thus should be used once ASP.NET Forms no longer services you, as the developer, at the level you’re used to. read more...

ASP.net & SQL Injection Exploits… Again? {Comments Off on ASP.net & SQL Injection Exploits… Again?}

by Evin C
According to an article presented late last year, hackers of the world are attempting to use a technique referred to as “SQL Injection” on Microsoft’s ASP.Net platform. The troubling thing is, they have been wildly successful. The author states, “About 180,000 pages have been affected so far, security researchers say ‘attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rrnu.’” Using this technique they have been able to exploit this iframe and attempt to plant malware on visiting PC’s via “a number of browser drive-by exploits”. Having seen a trend in the exploitation of SQL Injection, Microsoft has released information to programmers on how to protect again such attacks since at least 2005 and the attacks continue to occur. read more...

Security Implementation in Visual Studio {Comments Off on Security Implementation in Visual Studio}

by Jorge R
The topic of my article this week talks about the security implementation in Visual Studio has in place to counter security threats. The author explains that the most common attack on website is the buffer overflow. Which is done by overwriting the buffer storing return address with the substring of source code. This attack changes the control flow by the attack which is then given full control over the software. In a attempt to stop these attacks researchers have designs new defensive techniques to stop hacker. These techniques include boundary checking, source backup, memory access control, address randomization, modification detecting, and instruction scrambling. The GS tool in Visual studio for C/C++ compiler is a useful tool for developers to write secure software. The problem upon using GS is the fact that it only defeats half the problem with buffer overflows. It cannot prevent a called function from manipulating the callers frame pointer. With these issues at hand Microsoft has taken the step to address these issues and help developers writer secure programs. With Visual Studios new updates, it has the ability to, “protect the caller’s frame pointer from callee’s  tampering at no additional cost”. It also has the ability to generate higher security strength while alleviating the denial of service attack by analyzing the indirect function call by the prologue pattern. read more...

Authorization Service for Web Services {Comments Off on Authorization Service for Web Services}

by David H
The article that I found this week talked about the design issues for an authorization framework for Web Services. In the article, the author also emphasizes the features that required for authorization policy language for Web Services. In the design for authorization, the author addresses that there are some fundamental issue that we need to take into consideration. First step that we need to do is choose what types of information that used in the decision making process. It goes from static and generic information to specific information then to dynamic and specific information. These range was depend on system state. The second steps that we need to consider is the class of authorization policies that need to support in the Web Services architectures. The range is from identity based to role based to delegation to joint action then to dynamic separation of duty. Depend on types of information there can be different places which checks need to be performed by different authorities. For policy language features, the author mentions that using XML technology with own namespace and schemas it will help in a heterogeneous environment of We Service. For standard specifications, the author mentions that XML have encryption and signature. read more...