Posts in category .net - page 12

Language Integrated Query: An introduction presentation online

This evening’s presentation on Language Integrated Query (LINQ) is now available from my presentations page.

The event went well with 12 developers (it’s a small island) and took a less time to produce because I didn’t write a script for but slides to lead us through areas I wanted to cover.

This means the on-line presentation is of less useful than previous ones however I am pondering the transcript/audio-track option (in my best radio voice of course).

We are now considering topics for February and with something a bit special for March.

Stay tuned!

[)amien

Language Integrated Query: An introduction talk tomorrow

I’m just finishing up the slides, notes and writing code samples for my LINQ presentation at the Guernsey Software Developer Forum tomorrow evening.

Hopefully the broader scope of this presentation will mean a few new faces – the previous talks on Subversion and web application security might have been a little specific for a such a small audience (Guernsey is around 70,000 people on an island 9 miles long).

As always I will put the presentation up here afterwards but will also revise the older ones with the new style and put up both PowerPoint and Keynote versions under an open license as well as a couple of cheat sheets.

Is there any interest in adding audio narration and transcripts?

This presentation is now available on-line.

[)amien

LINQ presentation at Guernsey Developer Forum

I will be giving a talk at the Guernsey Software Developer Forum at the end of the month on Microsoft’s new Language Integrated Query (LINQ) with particular emphasis on the capabilities and object-relational mapping characteristics of LINQ to SQL.

Now confirmed for:

  • Date & time **Tuesday 29th January, 6pm**
  • Location **Guernsey Training Agency above Smith Street Post Office**
  • Open to **everybody**

This presentation is now available on-line.

[)amien

Thoughts on awareness of security vulnerabilities & full disclosure

HTML, SQL and XSS injection vulnerabilities aren’t new but they are still largely ignored by developers.

My first encounter with these issues was in 1999 whilst writing an extranet e-commerce web site. Back then the ASP fix consisted of Server.HtmlEncode for all output and a Replace(“‘”, “””) for strings heading to SQL (other types headed there via CInt/CLong/CDate and I wasn’t aware of parametrized queries).

Convincing co-workers on the severity of the issue and what to do about it for several years can be a draining process when you work with such a variety of different developer personalities and projects and you would rather be spending the time on more exciting things

Over the last few months I’ve been trying hard to push the message further afield via presentations at the local user group, articles here on my blog, discussions in Redmond as well as forums and private mailing lists.

More than once I’ve had the feeling I should give it a rest in case people think I have nothing else to talk about and at a few times I’ve considered publishing a few scripts I had in my head to really show the sort of things available. Of course doing such a thing would both highlight the problem but also provide a dangerous tool to people who might use it to actually exploit sites which is a problem with full disclosure. In the end my article How dangerous is HTML injection was a much neutered version without a killer payload.

Thankfully some great people are now on the case including Rob Conery and Phil Haack who I believe in to push this from inside and Steve Sanderson who came up with an elegant prototype on how to handle this at the source.

That will be all the HTML injection posts for a while I hope for there are many other things I want to work on and write about.

[)amien