Troy Hunt

<< Part 2: MSBuild and deployable packages [https://www.troyhunt.com/2010/11/you-deploying-it-wrong-teamcity_11.html] Part 4: Continuous builds with TeamCity >> [https://www.troyhunt.com/2010/11/you-deploying-it-wrong-teamcity_25.html] In the first two parts of this series we got config transforms working and the web app successfully bundled into a nice self-contained deployable package. Next up: get the thing to publish. For the most part, the vast majority of web app deployment has historica...

<< Part 1: Config transforms [https://www.troyhunt.com/2010/11/you-deploying-it-wrong-teamcity.html] Part 3: Publishing with Web Deploy >> [https://www.troyhunt.com/2010/11/you-deploying-it-wrong-teamcity_24.html] In the first part of the series we looked at config transforms and how we’ve moved on from the bad old days of manual Web.config configuration at release time. Now let’s take a look at how we can incorporate this into a nice clean deployable package with the rest of the application....

Part 2: MSBuild and deployable packages >> [https://www.troyhunt.com/2010/11/you-deploying-it-wrong-teamcity_11.html] If you publish a web application using CTRL-C and CTRL-V, you’re deploying it wrong. If you manually run an Xcopy command, you’re deploying it wrong. If you use an FTP client to move your files to a remote server, you’re deploying it wrong. If not everyone is following exactly the same release process, you’re deploying it wrong. If publishing involves any manual handling of...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] If you’re anything like me (and if you’re reading this, you probably are), your browser looks a little like this right now: A bunch of different sites all presently authenticated to and sitting idly by waiting for your next HTTP instruction to update your status, accept your credit card or email...

I wasn’t intending to write about this simply because to be honest, it’s a stupid mistake. What swung me into blogger mode was that if I had found this post in my searches a couple of hours ago I’d be relaxing with a cold beer right now rather than nursing the sore head I’ve been banging against the wall this evening. This is all about MSBuild [http://msdn.microsoft.com/en-us/library/wea2sca5(VS.90).aspx] and more specifically, targeting “Package” so that the app can then be pushed out to a ser...

Finally they’ve delivered! Earlier today the much awaited padding oracle patch was released by Microsoft. As usual, Scott Guthrie has written about it and you can find all the info in ASP.NET Security Update Now Available [http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx] . It’s not a moment too soon either. According to Thai Duong [http://vnhacker.blogspot.com/], half of the duo responsible for bringing the vulnerability in ASP.NET to public awarenes...

The last week hasn’t been particularly kind to ASP.NET, and that’s probably a more than generous way of putting it. Only a week ago now, Scott Guthrie wrote about an Important ASP.NET Security Vulnerability [http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx] ; the padding oracle exploit. I watched with interest as he was flooded with a barrage of questions (316 as of now) and realised that whilst he’d done his best to explain the mitigation, he obvio...

You’ve gotta feel a bit sorry for Scott Guthrie. Microsoft’s developer division VP normally spends his time writing about all the great new work his team is doing and basking in the kudos of loyal followers. But not this weekend. Unfortunately his latest post [http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx] has been all about repeating the same dire message; ASP.NET has a major security flaw posing a critical vulnerability to millions of websites...

I got a little stumped this week and turned to the fountain of software knowledge, also known as Stack Overflow [http://stackoverflow.com], with a question about Missing popout class in ASP.NET menu for nodes without a URL [http://stackoverflow.com/questions/3697634/missing-popout-class-in-asp-net-menu-for-nodes-without-a-url] . The problem is simply this; let’s take the following Web.sitemap file: <?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteM...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] Consider for a moment the sheer volume of information that sits out there on the web and is accessible by literally anyone. No authentication required, no subversive techniques need be employed, these days just a simple Google search can turn up all sorts of things. And yes, that includes content wh...