Quite a few security related posts this weekend, maybe spured on by the two software (pre)releases from Microsoft.

Software

  • Download details: Anti-XSS Library V3.0 Beta – Another Security related release from Microsoft, The Anti-Cross Site Scripting Library is a library which encodes input based upon you giving it a white list of characters, and the library encodes all other characters not included in this list
  • Download details: CAT.NET V1 CTP – Microsoft release Microsoft Code Analysis Tool .NET CTP, a tool which plugs into Visual Studio and scans your code (in binary form) to identify possible security vulnerabilities such has SQL Injection, Cross Site Scripting and XPath injection.

Information

  • Introduction to NHibernate, Part 2 – Ian Cooper continues his series on getting started with NHibernate, and in this part looks at the details of mapping classes to your database (or vice versa)
  • The Academic Background of the .NET Community Leaders – Keyvan Nayyeri has been investigating the academic background of a number of the big names in the .NET space – I find it quite interesting that so many of the did actually study Computer Science (or something related) as I based on my experience a lot of talented developers tend to have studied something else.
  • The Importance Of Releasing Your Components Through Windsor – Davy Brion talks about a memory leak problem he encountered with transient components from the Windsor container.
  • NotImplementedException vs. NotSupportedException – Jared Parsons talks about the difference between two core exception types.
  • WCAG 2.0 is now FINAL!!! – The Public Sector Developer Weblog highlights the finalisation of the Web Content Accessibility Guidelines (WCAG) 2.0, offering further guidance for all developers and content creators with regards to accessibility.
  • The JavaScript language limitations that every programmer should learn – Brian Reindel talks about some of the key limitations of Javacript that a developer from another platform may take for granted.
  • Making frameworks container-aware – Jimmy Bogard talks about his frustration when he encounters frameworks that make it difficult to extend when you want to rely on Inversion of control / Dependency injection containers
  • My current architecture – Craig Bowes shares the details of his default architecture and how he came to the decisions to use these certain products and practices.
  • Array, Collection, IEnumerable<T> Usage Guidelines – David Kean continues his series of guidelines posts, based on the style of the book Framework Design Guidelines, Dave shares his own ideas on collections
  • "Hello World" TDD Style – Sean Feldman walks through the creation of a simple calculator class using test driven principles.
  • My Scaling Hero – Jeff Atwood pays tribute to Markus Frind who runs the very popular Dating website ‘Plenty of Fish’ on what by many standards if next to no hardware at all. I agree with Jeff – this does give us all hope that scalability is more than possible.
  • The Real Reason to Use a Dependency Injection Container Like Windsor – Rob Reynolds shows why he likes IOC and DI with this illustration of how it allows you to easily swap components without changing code in your application.
  • Itís alive! And it tells me what to do! – Louis DeJardin shows off some screenshots of intelisense support for the Spark view engine in Visual Studio.
  • The Perfect Storm Botnet – Rob Conery talks at length about the dangers of not encoding user input when you display it on a page, and how this can turn into Cross Site Scripting (XSS) vulnerabilities and worse still a BotNet running on your users PC.
  • Learning about StructureMap – Jan Van Ryswyck talks about 5 compelling features of the StructureMap IOC Container.
  • WPF Designer Removed From SharpDevelop 3.0 – The Sharp Develop Team talks about the forthcoming System.Xaml parser and how this leads to the removal of their WPF Designer from SharpDevelop 3