Application security

Application security best practice

In the industry surveys extending from Symantec Threat Reports to the Gartner analyst report, the application security is always referred to as most critical area of risk for enterprises and the most predominant threat vector for cyber-crime. It unquestionably bodes well, why try to spend time on reconnaissance when the front door is completely open?

The Facts:

Numerous associations have started to spend a lot of energy and cash to secure applications. Well known methodologies incorporate threat modeling, code review, black box testing and source code analysis. Frequently disregarded is the somewhat crucial practice of reducing the attack surface of the application.

Amid configuration and development of a system and the associated application the software should commonly uncover both customer and business resources through database access, network ports, APIs, web services and the user interface. The whole accumulation of passage focuses in a product is called its Attack Surface. These frame the routes in which a foe can attack a system. A major attack surface for the most part implies huge security issues, or regularly additional time and budget dollars devoted to protecting the system. It’s additionally imperative to recollect that channels to neighborhood resources are not by any means the only vectors for attack, remote resources should likewise be remembered.

For the most part, when a software system is architected, executed and configured, the highest point of mind issue is tied in with giving helpful usefulness that meets business objectives. From a security perspective, in any case, the design and deployment groups should consider turning things off and additionally on.

The security community has made a generally decent showing with regards to as for understanding which attack vectors are more probable targeted by adversaries. Given that point of view, remember the accompanying:

• Minimize the utilization of scripting engines and controls, for example, ActiveX, VBScript or JavaScript.
• Avoid symbolic links as these are likely targets.
• Restrict file permissions minus all potential limitations degree possible.
• Minimize the quantity of services that must keep running as root.
• Keep up with powerlessness research and manufacture a compelling patch process.

A valuable practice is to assemble a design rule for developers appropriate to your design environment and the business and security prerequisites associated with your system. Further, at deployment time, a security configuration guide and checklist of security best practices is suggested. Strangely, some in the industry, for example, SAP have put significantly more intensely in this area.

Regardless of whether through design reviews, deployment aides or development tools, the practice of reducing the attack surface associated with an application can possibly rapidly yield an exceptional yield on investment.

Exception Handling

Tips to Improve Your Exception Handling

Getting exception handling right can spare you hours (or even days) of investigating. Unforeseen production issues can demolish your supper and end of the week designs. They can even influence your notoriety if not settled rapidly. Having an unmistakable arrangement on the most proficient method to oversee exceptions will spare you time diagnosing, duplicating, and correcting issues.

1. Utilize a solitary, framework wide exception class

Rather than making separate classes for every exception sort, make only one. Furthermore, make it expand RuntimeException. This will decrease your class count and evacuate the need to announce exceptions you wouldn’t deal with at any rate.

2. Utilize enums for error codes

A large portion of us were prepared to put the reason for an exception into its message. This is fine while evaluating log documents (ugh), however it has drawbacks:

• Messages can’t be deciphered (unless you’re Google).
• Messages can’t be effortlessly mapped to easy to understand text.
• Messages can’t be examined automatically.

Placing information in the message likewise surrenders the wording over to every designer, which can prompt distinctive expressions for a similar disappointment.

6 hints to enhance your exception handling

A superior approach is to utilize enums to show the exception’s sort. Make one enum for every class of errors (installments, confirmation, and so on.). Make the enums actualize an ErrorCode interface and reference it as a field in the exception. While tossing exceptions, essentially go in the appropriate enum. Easy to understand, internationalized text would now be able to be recovered by utilizing the error code as the asset package’s query key.

3. Add error numbers to enums

Now and again a numerical error code can be related with every exception. HTTP reactions for instance. For those cases, add a getNumber technique to the ErrorCode interface and execute it in each enum.

4. Add dynamic fields to your exceptions

Great exception handling implies likewise recording relevant data, not only the stack follow. Doing this will spare you big time when attempting to analyze and replicate errors. What’s more, customers won’t need to disclose to you what they were doing when your app quit working (you’ll definitely know and ideally have settled it).

5. Counteract superfluous settling

Long, redundant stack follows help nobody. Far more detestable, they squander your opportunity and assets. While rethrowing exceptions, call a static wrap technique rather than the exception’s constructor . The wrap technique will be in charge of choosing when to settle exceptions and when to simply restore the first example.

Your new code for rethrowing exceptions will resemble the accompanying.

6. Utilize a focal lumberjack with a web dashboard

Consider this tip a reward. Contingent upon your circumstance, accessing production logs could be a significant bother. A bother that may include numerous go-betweens (since numerous engineers don’t approach production situations).

Things deteriorate in case you’re in a multi-server condition. Finding the correct server — or confirming that the issue just influences one server — can be a significant headache.

Conversion of ASP.NET to ASP.NET Core

Before knowing how to convert ASP.NET to ASP.NET Core you must be knowing what is ASP.NET and ASP.NET Core.

• NET Core

The cross platform framework which is used for building the modern and cloud base applications that are present on Windows, Linux or MacOS is known as ASP.NET which is nothing but an open source.

• NET

For building the enterprise class and server based application of web for windows is known as the ASP.NET which provides all services that are needed

• Converting ASP.NET to ASP.NET Core

There are few steps which are to be followed to convert ASP.NET to ASP.NET Core-

1. For demonstrating the upgrade we will be starting to create the ASP.NET MVC application. You will be creating the application with such a name like the WebApp 1 so that the namespace matches the ASP.NET Core project which will be created by us in the next step.
2. Now for the creation of ASP.NET Core web application you will be giving the name as it is given in the step 1 so that matching can take place. The same namespace helps in copying the code between the two pages. Different directory must be used for creation of the project than the project done in step 1 with the same name.
3. Next comes the process of configuring the site so that the MVC can be used.
4. Next comes the process of adding a controller which is minimal and the view which will be serving as the place holders for the controller of the ASP.NET MVC and the views that will be migrated by you in the next coming section. In this section firstly controller folder is to be added and then the MVC controller class with the name of HomeController.cs is to be added to the controller folder which is followed by the step of adding the views folder and the index.cshtml MVC view page.
5. Next comes the process of installing various Microsoft applications and then finally the .csproj file is opened and a target is added.
6. The above process is continued by the process of opening the Startup.cs file where the code is changed for matching.
7. Next comes the process of migration of the lay out files.

These are some of the simple steps which are to be followed to convert ASP.NET to ASP.NET Core.

Bootstrap vs WordPress

From the time when Internet came into being, websites have been created in HTML, a programming language. These days, the times are changing and with the progress of innovative mobile products a lot of people are looking at options to standard web platforms. There is an increase in demand for web and mobile applications which can be established in a short duration of time to be accessible in the market.

One such common and most used platform for creating fully functional websites and mobile applications is WordPress, a content management system and a theme framework. . The extensively acknowledged open source blogging platform, WordPress has already grown popular as a website designing and development platform. The best thing about WordPress is that it is easy to use and elastic enough for just about everything.

Bootstrap is also another front end framework that facilitates creation of the front end of web sites and web applications. It is a novel and growing website style, offering a great foundation for building full-featured, responsive web applications that can, hypothetically, work on all platforms, and is a wonderful preliminary point for constructing a responsive WordPress theme. A substantial contribution has been provided by Bootstrap in giving a fresh form to the open Source Content Management Systems by incorporating with them and producing special, simple, easy and professional themes and templates that are afterward prepared into classy websites. The websites formed by means of the Bootstrap framework are extremely compatible with all the main web browsers, streamlines open plans, and hustles up the performance of front end web applications.

Though both run exceptionally well, they both have pros and cons and are completely different from each other.

Why and when to use WordPress and Bootstrap?

WordPress is good for everyone, particularly if observed from a big screen system, such as a tablet or computer. Themes for WordPress are more abstract and visually attractive than Bootstrap. The only downside of using WordPress is that the high-end scheme of WordPress makes it consume more memory when loading the pages of the website that may be slower when loading on a phone or other gadget.

Bootstrap, at par with WordPress though, is best suited for smartphones or hand-held devices. Its active design lets the page and text to change size according to the size of the viewing window. This way you can escape side-scroll while browsing the site. As it uses less memory to load than WordPress does, it is suitable for loading on a mobile device.

Advantages and Downsides of theming Bootstrap as a framework for WordPress themes

There are predefined classes in bootstrap that can be used to develop the front end of the web pages that is compatible across browsers and small devices, in turn saving a lot of time.

Few advantages can be listed as below:

• Ease of use
• Highly flexible
• Responsive grid
• Releases frequent updates as compared to other frameworks
• Consistent and uniform across various platforms

However, there are some downsides of using Bootstrap when developing your themes.

• With a lot of styles in it, you have to spend an excessively huge amount of time functioning through all the classes and picking out which ones to select.
• It dampens creative design, as the site design will be centred on what Bootstrap offers, and not on what is needed for your site.

Conclusion

A WordPress theme framework will frequently give you everything you acquire from Bootstrap. Bootstrap is loaded with a lot of structures and therefore needs decent information about bootstrap, HTML, and CSS to accurately harness its supremacy. Also, it saves a lot of time to manually build all the components from scratch. On the other hand, if you are new to programming it is recommended to get your themes made by skilled WordPress designers.

Cordova-Tips and Tricks

In this digital age, mobile applications are in vogue, beginning with smartphones and tablets, to smart watches. On the other hand, creating an app for mobile platform individually is daunting with restricted resources, or if you are a single developer. Here Cordova comes into play, wherein, mobile applications can be developed using standard web technologies.  

Cordova, a mobile application development framework is a platform to gather Native Mobile applications using HTML5, CSS and Java Script for cross-platform development. Put simply; it is a basin for joining our web app with native mobile functionalities. As the web applications cannot use built-in mobile functionalities, Cordova is used, as it offers a channel for linking web app and mobile device. By means of Cordova, hybrid mobile apps that can use camera, location, file arrangement and other native mobile tasks can be made. 

To start with, the prerequisites needed to use Cordova are, one should be familiar with HTML, CSS and JavaScript. The main features of Cordova are: it has Command line Interface, core components for creating base of the app, it has plugins for native mobile functions implementation and it is licensed under the Apache license.  

When to use Apache Cordova? 

• When developers want to spread out an application across more than one platform. 
• When you want to cultivate a plugin interface between native and Web View components. 

It seems mostly useful; however, there are certain limitations too. Let’s discuss its advantages and limitations to understand it better. 

Advantages of Cordova: 

• Hybrid mobile apps can be built as it offers one platform.  We just need to develop one app that will be used on different mobile platforms. 

• Hybrid app can be built faster as compared to native app saving the development time. 
• No need to learn platform specific programming languages as JavaScript is required. 

Limitations of Cordova: 

• As there are a plethora of devices and platforms, some plugins create compatibility issues.  
• With so many browsers available, it creates issues too wasting a lot of time in testing and optimizing to cover huge number of devices and operating systems.  

• As compared to native apps, hybrid apps are slow, so it is not ideal to use Cordova for big apps that need heaps of data and functionality. 

Cordova – Superlative Practices 

As we all know that, hybrid mobile apps can be created using Cordova, so you need to ponder few things before starting the development. Underneath are the finest practices for Cordova apps progress. 

• Single Page Apps is the suggested scheme for all Cordova apps. This scheme will expand loading speed and complete performance. 
• Mobiles generally use Cordova, hence it is normal to use touch start and touch end actions as an alternative to click actions. In contrast, touch actions are not held on every platform. Ponder this prior to the development. 

• It is recommended to use hardware accelerated CSS Transitions instead of JavaScript animations, as they execute well on mobile devices. 
• Use native scrolling and use loaders when needed. Fit the images perfectly as an alternative of scaling the image. 
• Also, you need to make sure that you test your app on a lot of devices and operating systems. It is not necessary that if app mechanism is perfect on one device, then it will work on some other gadget or platform. 

Conclusion 

Now we are able to determine that Cordova applications fix just like native applications.  App development by means of acquainted technologies decreases development time and the energy needed to form numerous applications for diverse platforms. On the other hand, when building applications, it is suggested that you use current framework, which will help your application come nearer to the built-in look and feel. 

Using Azure Storage in ASP.NET Core

Azure Storage in ASP.NET Core 

As days are passing by, more and more projects are making their files properly saved and secured under the cloud storage service. The options are different and according to the preference of the individuals they change. For some GCloud is the best option and for some AWS S3 happens to be the option looked for. Then there is the Azure storage that is used by a great many individuals as well. 

The Details that You would Require: 

The Azure account set up is something that you will need to have before starting the process. You can get the first year free for their storage services, so definitely this is good news. As it does not have a free tier, the blob storage of Azure should not have had any cost, but actually the reality is different. Whether you are paying for it or not, cents are surely getting spent for the same. At the time your account setup process is done, you will have to visit to the Azure Portal and there you will be getting a complete list of instructions for setting up the storage account. Once that is done, then you will be able to have the proper key and detail for the same which you will be saving. 

Setting Up the Nuget: 

When you will be starting your project then there are some trial and error methods that you will have to follow. The Nuget Package Manager will be making things easier for your in this matter. Also, you should know that the code Install+Package Windows Azure.Storage is all that you will be needing for the same. For a full framework this same package you can use now. 

Making the Container: 

Making a container is important as it serves the purpose of storing the files there. The usage is here is as same as it is in Amazon buckets. It is true that the portal containers may be safer. But then, you will not get the full control over the same. Therefore it is better to make your own container. 

After making the container, You are all set to upload the files. For that you will have to create one reference to the blob that you have. The code would be:  

var newBlob = container.GetBlockBlobReference(“myfile”); 

await newBlob.UploadFromFileAsync(@”path\myfile.png”); 

The same way, you will also be able to download the blobs and for that the code is: 

var newBlob = container.GetBlockBlobReference(“myfile”); 

await newBlob.DownloadToFileAsync(“path/myfile.png”, FileMode.Create); 

Apart from all these you can also lease files. All these process have become much easier now with the Azure ASP.NET system for you. 

Cloud Architectures – Key Issues as it grows!

As Cloud Architectures Grow Up, Migration and Portability Will Be Key Issues

For the past decade or two in technology, a new system of storage came into being and is now on the surge of application development. As all other components and alternative measures begin to fade out as from their support, cloud architecture is gaining importance for developing applications. With most software developing firms bringing out products that utilize the latest in the cloud technology, it is important to understand the demands of software. As business applications designed get easier to manage and maintain, certain issues of maintenance, migration, and portability creep into application development.

Check for upgradability

Cloud technology has been on the rise and rightly so. As more companies shift to storing their big data on cloud servers, for example, high-end platform components like InfoPath, Windows Workflow Foundation, products of Microsoft were all upgraded, their compatibility came into question. The components were not migration friendly and upgrades were unsuccessful. It is crucial that developers consider that their platform applications are all migration friendly when shifting to the cloud.

On and off the cloud

As cloud architecture complicates itself, application components are upgraded and a few are even introduced. This increases the possibility of a migration risk as the component’s complexity affecting upgradability and compatibility. Amongst the benefits, an issue of component complexity rises reducing application developers to repair services to get outdated applications upgraded to the cloud.

Learn from your mistakes

Often solutions are found in experiences from the past. Earlier applications developed were well suited for the cloud and modified to be compatible. Migrating to the cloud architecture is easier. However, if you’re looking to move to alternative cloud server architectures, it’ll be harder and create complicated migration issues. For this reason, locking in your application vendor is important. Shifting vendors is harder as data migration may not seem seamless.

Things to consider

• Compatibility of applications designed using pure coding and safe practices tend to be far more compatible when compared to configurable solutions. Utilize programming languages like C++ and Java that are still compatible with major framework updates.
• With an increase in platform components, there are problems of management of those components.
• As cloud architecture develops and cloud technology booms, it’ll get harder for you to keep with your upgrades of the application. You will probably have to round off the software development life cycle every 15-30 days.

To conclude

Certain applications develop are compatible even after several years and framework updates. This is because of their simplicity, use of different technologies, and better migration chances. Cloud architecture based applications offer the same longevity only with a different, more complicated, yet more rewarding route. Planning changes to counteract migration issues when on complicated cloud architecture serves as a solution.

Rider advanced debugging

Rider advanced debugging with breakpoints

In this day and age, everything is going online. For this very reason, a lot of apps are being built and a lot of time of software developers is spent debugging the software or app they are writing. Here, a tool, debugger comes into play wherein it not only tracks down bugs but also aid us in recognizing a part of code when it is being implemented. On the other hand, when it comes to debugging, setting a breakpoint is the key and then you can

step through code. One such efficient debugger offering a lot of benefits is Rider’s debugger. It helps you in setting exception breakpoints and conditional breakpoints and assists in decreasing the time needed to debug a code offering a lot of benefits and in turn increasing productivity.

Rider backs a horde of breakpoint kinds. They are as follows:

· When you want to take a break in proceedings during program execution at a particular line of code, line breakpoints come into picture.

· When a definite condition applied is correct, program implementation can be stopped using Conditional breakpoints.

· And every time a particular exception comes about, exception breakpoints are used for pausing while debugging making things easier.

Combine all the above discussed breakpoints with hit counters as and when needed and debug the code efficiently.

Conclusion

Debug the application code in an efficient manner with the help of Rider. With a plethora of features, Rider surely is a boon for software developers saving them a lot of time in debugging the code as and when needed during the implementation of software or an app. It has definitely made things much easier than ever before. However, how good it is, try it yourself and reap benefits! Get things moving saving a lot of time and energy!

LESS

LESS

Gone are the days of simple and plain CSS! Now is the time to put the language in order and make it more supportive by means of active CSS by means of LESS. With the help of LESS, we can use some programming and logic inside CSS to make it more authoritative, and just by changing the value of the variable in one place, the needful is done. A lot of built-in functions are there which lets you to use variables and do stuffs for instance without a glitch; you can bring out a change as per the need by just altering one variable.

In a nutshell, Less is a CSS pre-processor that encompasses the CSS language.

A horde of profits of using LESS consists of the following:

· It offers a reorganized code and the repetition of code over and over again can be evaded.

· It allows you to save a lot of time as needless recurrence of CSS code does not occur.

· It is easier to understand and keep up, as definite values are restructured simply once (in the control panel), not all over the place they come about.

The only shortcoming with LESS is that it needs JavaScript to be facilitated in the operator’s browser. In case of browser not able to run JavaScript or when it is turned off then the consequential page looks pretty disorganized!

Conclusion

With all the benefits discussed above, LESS is definitely a great way to style web pages saving a lot of time and effort. It is a tool to speed up development and it can be applied to sites in numerous methods and it falls flawlessly into the desired style. What is more, it can be easily picked up and can be used without going through the learning process. For all these reasons, it is slowly but surely gaining popularity in the web development world.