This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] In the first post of this series [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] I talked about injection and of most relevance for .NET developers, SQL injection. This exploit has some pretty severe consequences but fortunately many of the common practices employed wh...

This content is now available in the Pluralsight courses "OWASP Top 10 Web Application Security Risks for ASP.NET" and "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] There’s a harsh reality web application developers need to face up to; we don’t do security very well. A report from WhiteHat Security [http://www.slideshare.net/jeremiahgrossman/whitehat-security-8th-website-security-statistics-report] last year reported “83%...

Something that has always struck me as a bit unique about the software industry is the huge variances we see in professionalism. Consider industries such as medicine or aviation; the lower bounds of their professionalism is comparatively high and the deviation of expertise within the practitioners is comparatively low when compared to software development. Of course there are exceptions – every now and then a doctor malpractices or a pilot crashes – but these are relatively rare occurrences comp...

I thought I was a bit of a latecomer to Twitter when I jumped on board two years ago but given the growth rate since then – it’s gone from 100 million tweets in Q4 of ‘08 to 4 billion tweets in Q1 of 2010 – I appear to be a relative sage of the Twittersphere. Having now reached a point where I consider Twitter a “must have” business tool, I’m enjoying encouraging others to seek out the same benefits. However it’s always difficult to articulate the virtues in a casual conversation so here are 20...

So I got a little bit inspired the other day after watching Scott Hanselman’s Web Deployment Made Awesome: If You're Using XCopy, You're Doing It Wrong [http://www.hanselman.com/blog/WebDeploymentMadeAwesomeIfYoureUsingXCopyYoureDoingItWrong.aspx] from MIX10. With a perfect candidate ASP.NET 3.5 web app and VS2010 RC I dived in and generated Web.Release.config and Web.Debug.config files then went to publish. Unfortunately it didn’t all go to plan and all I got was this particularly uninformati...

Another year, another MIX conference in Vegas and another three days of reading all the news from afar. Fortunately the Twitter age doesn’t leave those of us on the other side of the world completely isolated and there has been some really interesting news shared by those on the ground in the US. Here’s a summary of what I found interesting and what I see is significant for the technologies involved. It’s by no means a comprehensive review – one look at the sessions list [http://live.visitmix....

It’s a hot summer day in Perth over on the western seaboard of Australia and the local pub is packed with patrons downing cold beers. You’re in your shiny new Ferrari – red, of course – and come cruising past the pub in full view of the enthralled audience. As any red-blooded, testosterone fuelled Aussie bloke would do, you give the Italian thoroughbred a full redline launch to the delight of the crowd. Right up until you run into the street sign: Why did this happen? Well there’s the fact th...

As a new parent, I obsess about what the baby is doing. Is he awake, asleep, sucking his thumb or even still breathing? I mean I want to be quite, just not too quite. Do I try and sneak in commando style just to make sure he’s all good and risk waking a sleeping baby (this is never a good idea!), or do I sit in anticipation waking for the baby monitor to confirm signs of life? I’m sure new parent paranoia is not unique to me but I like to have a little more control over my environment than just...

A while back I wrote about Creating your own custom Subversion management layer [https://www.troyhunt.com/2009/10/creating-your-own-custom-subversion.html] which involved rolling your own UI in .NET to perform common management tasks in SVN such as provisioning a repository or managing permissions. This is a great way of quickly and easily giving users a self-service mechanism for managing their own repositories in a controlled, secure fashion. Continuing the theme of customising SVN to do yo...

Software development has come a long way over the last few decades. We’ve gone from extremely laborious, protracted exercises to create even basic functionality (punch cards anyone?), to the drag and drop, WYSIWYG environment of today. We’ve also gone from a very small number of enthusiast programmers to literally millions of individuals writing software worldwide (there were over 1.3 million software engineers [http://www.bls.gov/oco/ocos303.htm] in the US alone in 2008). And we’re all looking...