Tuesday, February 17, 2015

Are u Aware of Security?

Security Awareness for .Net Developers

 I wanted to share with you what I have learn form MS Tech Ed 2015.

"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer." 

                                                                             -Chris Shiflett


This article give some tips and tricks of secure a applications, understand security threat, tools and others.


Vulnerabilities & Solution


What are Vulnerabilities?


A vulnerability in Microsoft could allow an unauthenticated, remote attacker to execute arbitrary code, RegEx & ect.
  • RegEx vulnerability

    • RegEx - Regular Expressions provide a concise and flexible means for identifying strings. Also widely used in Text validations, Search engines and especially in security related applications, tools and libraries.

    • ReDoS - Regular expression Denial of Service is a denial-of-service attack that exploits the fact that most regular expression implementations may reach extreme situations that cause them to work very slowly. An attacker can then cause a program using a regular expression to enter these extreme situations and then hang for a very long time

    • The art of attacking the Web by ReDoS is by finding inputs which cannot be matched by the above Regexes and on these Regexes a Regex-based Web systems will get stuck.

  • External Binaries vulnerability
    • Due to an improper restriction by the affected software on the path used for loading external binaries.
  • Web Server vulnerability
    • The attack on specific web server configuration files and it allows an attacker to run arbitrary, system level code on the vulnerable server and retrieve any desired information contained therein. Improper coding errors lead to this vulnerability.

How MS helps to solve?

  • BinScope 
    • is to help detect potential vulnerabilities that can be introduced into Binary files. The tests it implements examine application binary files to identify coding and build practices that can potentially render the application vulnerable to attack or to being used as an exploit attack vector.

  • Attack Surface Analyzer
    • The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications. It's for the analysis of changes made to the attack surface of the OS.
Unsecured transportation & Solutions



Why Secure transportation channel?
  • Packet across network readable and there a risk to getting hacked. For example using Wireshark can caputer the  packets. Most important of online business is creating a trusted, secured & confident purchases environment.

How MS helps to solve?
  • The Secure Sockets Layer (SSL) is a computer networking protocol that manages server authentication, client authentication and encrypted communication between servers and clients. SSL uses a combination of public-key and symmetric-key encryption to secure a connection between two machines, typically a Web or mail server and a client machine, communicating over the Internet or an internal network.


Obfuscation & Solutions

What is Obfuscation?
  • Obfuscation is to make code harder to understand or read. The code is often obfuscated to protect it from such an attack. Deobfuscation techniques, such as program slicing, are sometimes employed to reverse engineer obfuscation.

What is the use of Obfuscators?
  • Compresses managed resources to reduce the size of the assembly. Takes all the DLLs and merges dependencies into the main assembly, so you don't have to load lots of DLL files, and so that they can also be obfuscated. Compresses and embeds your dependencies into your main assembly, simplifying the deployment of your software and reducing the size of your program. Remove unused codes make .NET assembly smaller.

Finally, This may helps you to understand application vulnerabilities & practice SDL

Specially thanks to MVP Walter Wong

References:

 MS Tech Ed 2015 - Dev325: Security Awareness for .Net Developers by MVP Walter Wong

B' happiiiiiii always..............!
Posted by at 2 comments:

Monday, February 16, 2015

Little about a Windows Mobile app

I wanted to share with you what I have learn form MS Tech Ed 2015.

 Windows Phone platform commonly known as a mobile platform that provides personalized characteristic, unique experience and smooth performance. In 2014, a signature cinema chain launches a Windows Phone GCS application with Microsoft. 

 I got an opportunity to listen to a speech of one of a big figure in IT about an architectural & development experience of the Golden Screen Cinema windows mobile app.


During the development life cycle they have highly focus on the following facts.
  • Identified the Platform uphill Challenges
    • iOS & Anroid already exists with high number of download
    • Customer does not understand Windows Phone from consumer
    • Windows phone platform market share is not convincing
  • Strategy
    • Differentiate itself from iOS & Anroid
    • Propose  new features & hopefully new business to generate more revenue
    • Using Hi-fidelity story-boarding to convince customers
  • Improvement Challengers
    • Better brand marketing
    • Increase application performance & reduce internet data usage
    • Support new method of payment via mobile app
    • Speed up application loading time & don't sacrifice user experience
    • Mobile application version checking
  • Increase application performance
    • Cache movie poster image offline
    • Download once & reuse
    • Reduce Flickr effect
  • Key Features
    • Voice Recognition
    • Movie poster stick to the wall paper
    • Advertising
    • Movies details & biography
    • Offline history records
    • Remainders for movie date time& snacks orders
    • Continuous client support
  • Conclusion
    • Understand platform capability during proposal stage and be innovative
    • Understand customer needs 
    • Stay connected with customers

Think different...

 Specially thanks to MVP Walter Wong

References:

MS Tech Ed 2015 - Dev216 - Journey of Developing Windows Phone Application for Cinema by MVP Walter Wong

 B' happiiiiiii always..............!
Posted by at No comments:

Wednesday, February 11, 2015

Waiting for VS 2015.....


I wanted to share with you what I have learn form MS Tech Ed 2015.

As all of you know VS 2015 CTP was released very recently. And they are waiting for the user feed backs for the final release.
New Features:
Create custom window layouts
enables to save up to 10 custom window layouts and quickly switch between them
Menu -> Window -> Save/Apply/ Mange or Reset Window layouts

Color management & Fade up unused component
fade up all the unused componanet & able to clean up at once with the help of lightbulb option

Colorized tool tips
when hover over collapsible outline editor display the hidden code in full color and even shows the full declaration to provide more context

Code fixes and Refactorings
When hover over an error or warning in the editor then it will often show a lightbulb with a tooltip explaining the problem. The lightbulb tells us there are possible fixes for the problem.
By right click on the code & select Quick Actions will helps to define a toll tip which contains the existing code in red & correction code in green


Debugging improved
Debugging has more extensive support for modern language features like LINQ queries, Lambda Expressions and Extension Methods, that can now be used in the Watch window, Immediate window, conditional breakpoints and other debugger contexts


Inline renaming
rename re factoring find all of the references to rename and do tons of work, taking minutes on a large solution. rename works as inline in the editor.


Diagnostic analyzer
new window appears while debugging that gives Debugger Events (with IntelliTrace), Memory Usage, and CPU Usage

Blend
with new look Start page links to recent projects, creating new projects and lots of related content and news.Solution Explorer contains lists projects, folders and files and Properties are switched to using Visual Studio-like layout. Code/XAML editor supports IntelliSense across both code window and XAML

 View History
ability to monitor code change history inspecting the functions.

 .Net natives
ability to configure
right click on project -> Properties -> Build -> enable Compile with ,net (not clear)

 Specially thanks to MVP Walter Wong

 References:

 MS Tech Ed 2015 - Dev233 - New Improvements of Microsoft Visual Studio 2015 by MVP Walter Wong
http://www.c-sharpcorner.com/UploadFile/736ca4/new-improvement-of-C-Sharp-and-visual-basic-in-visual-studio-2015/
http://blogs.msdn.com/b/visualstudio/archive/2015/01/16/visual-studio-2015-cpt-5-now-available.aspx

B' happiiiiiii always..............!
Posted by at No comments:
Subscribe to: Posts (Atom)