Skip to content

May 4, 2006

Home Archives: May 2006

Web Hacker Boot Camp

Book Review-Web Hacker Boot Camp

Robert Bogue May 4, 2006 No Comments

“What evil things lurk inside the hearts and minds of men… “

When I was still in high school – many moons ago – I remember a programming competition. We were supposed to create a program that calculated the length of a line in a triangle (or some such trivial problem). To test your application once you said it was done, the judges would often enter a negative number for the length of a line. On a whim we had put a trap in for that particular condition while building the program. It was this test that helped us complete the challenge.

Putting testing into our code today for bad values seems commonplace. We test for values out of range and have validation controls and all sorts of things that lead us toward developing more robust solutions. However, despite all of our advances in the areas of validating user input, we as an industry still struggle with security issues in our applications.

While the news may be focused on the next new exploit of Windows – because that has mass appeal –  we are still finding that our applications have their own flaws in them that can be exploited just as easily as someone exploiting a flaw in Windows. Actually, much of the time the mistakes in our applications are much more trivial to reveal.

Web Hacker Boot Camp is a journey through the mind of a hacker. It reveals how hackers do their job and what their techniques are. It stops short of telling you precisely what to do to make your application secure, but it certainly provides you with the information you need to think about to make the application secure.

There’s good content in this book if you’re interested in how to fortify your application against attack. The only downside is that you’ll have to look past some editing and layout issues to get the information out of the book.

If you want to discover how you could lose control of your web servers because of flaws in your application code, Web Hacker Boot Camp is definitely a book to get.

Stupid ASP.NET Tricks (Don’t try these at home)

Robert Bogue May 4, 2006 No Comments

I’ve been struggling with ASP.NET lately and wanted to offer up two things not to do …

1) Try to dynamically load another instance of the same user control from within a user control — ASP.NET gets very confused and starts loosing track of your controls in inexplicable ways.  All of the sudden the label in the partially defined class will unexpectedly be null.  (By the way, I was trying to draw “sublines“ in a shopping cart — things like free accessories I wanted to stay with the parent line.)

2) Load dynamic controls in a repeater — For some reason still unknown to me, if you dynamically add controls to a repeater (such as user controls into table rows) the post back values never come back … and the controls aren’t represented in the control tree.  I could just be missing something but I’ve decided it’s a bad idea…

Article: .NET Offers a “First Chance” to Squelch Performance-killing Hidden Exceptions

Robert Bogue May 4, 2006 No Comments

Processing exceptions in any language is expensive. The process of capturing an exception and rolling it into a package that can be processed by code requires a stack walk—basically looking back through the history of what has happened—and that requires a lot of processing time to complete. In .NET software development we sometimes talk about boxing and unboxing of variables and how that can consume a great deal of time in a program—and it can. However, the amount of time necessary to process an exception dwarfs the time necessary to box and unbox a variable. (If you want to know more about boxing and unboxing you can read about it in the article “Boxing and Unboxing of Value Types in C#” on CodeGuru.)

Despite the fact that exceptions are expensive to process they are positively a great thing for debugging applications and making software more reliable. The challenge is when exceptions are used incorrectly; specifically, when they are used to respond to normal conditions instead of exceptional conditions. Generally when this happens the layers of software above the layer generating the exception start “eating” the exception—because nothing is wrong (more on eating exceptions in a moment)—and manually return to normal program flow. This, however, leads to subtle performance issues that are difficult to find. Running a profiler on the code can show where performance is being impacted, however, there’s a quicker and simpler way to find performance problems like these—or rule out exceptions as a potential cause of performance issues.

Using first chance exceptions in the debugger is a way to ferret out these hidden exceptions that your application is generating so that you can go back and prevent them from happening in the first place. The more exceptions you prevent, the faster your application will run. First chance exceptions are exposed via Visual Studio and can be leveraged in any language that compiles to the CLR.

http://www.devx.com/dotnet/Article/31414/

Recent Posts

Book Review-Life’s Journeys According to Mister Rogers

Book Review-The Simple Faith of Mister Rogers: Spiritual Insights from the World’s Most Beloved Neighbor

Book Review-The Mister Rogers Effect: 7 Secrets to Bringing Out the Best in Yourself and Others from America’s Beloved Neighbor

Now Available: Organizational Readiness for Generative AI Draft White Paper

Book Review-The Good Neighbor: The Life and Work of Fred Rogers

Public Speaking

See more