Monday, November 28, 2011

OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection

Monday, November 28, 2011

When it comes to website security, the most ubiquitous indication that the site is “secure” is the presence of transport layer protection. The assurance provided by the site differs between browsers, but the message is always the same; you know who you’re talking to, you know your communication is encrypted over the network and you know it hasn’t been manipulated in transit:

Different TLS representations on different browsers

HTTPS, SSL and TLS (we’ll go into the differences between these shortly), are essential staples of website security. Without this assurance we have no confidence of who we’re talking to and if our communications – both the data we send and the data we receive – is authentic and has not been eavesdropped on.

But unfortunately we often find sites lacking and failing to implement proper transport layer protection. Sometimes this is because of the perceived costs of implementation, sometimes it’s not knowing how and sometimes it’s simply not understanding the risk that unencrypted communication poses. Part 9 of this series is going to clarify these misunderstandings and show to implement this essential security feature effectively within ASP.NET.

Read more

Monday, November 14, 2011

To the cloud! Performance testing ASafaWeb with AppHarbor & Blitz

Monday, November 14, 2011

If we can get over Microsoft’s cheesy catchphrase for a moment, the whole idea of “to the cloud” is actually pretty cool. It’s the promise of taking things that used to be both labour and capital intensive, commoditising them and serving them up on demand. This can very easily sound like PowerPoint presentation rhetoric so let’s move past the warm and fuzzies and actually see it in action.

A couple of weeks back I published a screencast as part of my 5 minute wonders series titled From zero to hero with AppHarbor. In that session I took my existing membership-enabled ASP.NET website (itself the subject of a previous 5 minute wonder), and literally sent it to the cloud courtesy of AppHarbor. So here we are 10 minutes later with a fully functional registration and log in enabled website under source control with continuous build and deployment. Oh, and it’s all been free.

But one of the great things about the promise of cloud-based services is that they can extend well beyond just app hosting. Microsoft’s Office 365 is just one example of software as a service using the cloud as a delivery channel and there are many more appearing every day. But today, I want to look at something a little closer to web developers’ hearts; Blitz.

Read more

Thursday, November 10, 2011

A lesson in usability anti-patterns from Virgin Blue

Thursday, November 10, 2011

Let me start this post by acknowledging that firstly, I screwed up and that secondly, Virgin Blue were very helpful after the aforementioned screw up. But they’ve still got a major usability issue and it’s one we website folks often face: defaults.

Tags:

Read more

Wednesday, November 9, 2011

Birth of a UX – ASafaWeb gets an identity part 3

Wednesday, November 9, 2011

Let me preface everything I’m about to write by saying this: I am not a designer. I enjoy design, but I tend to hack away at it a bit. Actually I’ve gone a bit to and from in my career moving from pure code roles to front end roles to web roles where you kind of need a bit of everything, and that’s probably where I’m most comfortable now. So treat everything that followers as the designer-by-default comments of a developer :)

Read more