[POSTEvent] OWASP and .NET Core
Yesterday I was presenter ( yes, and organizer) at the ADCES monthly event . I have delivered a presentation about OWASP Top 10 and how to counter the attacks in .NET Core
You can find the slides and the code at https://1drv.ms/f/s!Aordxu1LWKDZgppmrz4W66zYdMk43Q
OpenSource library – Cross-platform targeting
|
Part 1 |
|
|
Part 2 |
|
|
Part 3 |
|
|
Part 4 |
|
|
Part 5 |
|
|
Part 6 |
|
|
Part 7 |
At https://docs.microsoft.com/en-us/dotnet/standard/library-guidance/cross-platform-targeting there are the recommendations for Cross platform. Let’s see what needs to be done for https://github.com/ignatandrei/AOP_With_Roslyn
Let’s see:
| Nr | Recommandation | AOP Roslyn |
| 1 | DO start with including a netstandard2.0 target. | Done – the main dll, AOPRoslyn, is already .netstandard2,0 |
| 2 | AVOID including a netstandard1.x target. | Not needed |
| 3 | DO include a netstandard2.0 target if you require a netstandard1.x target. | Not needed |
| 4 | DO NOT include a .NET Standard target if the library relies on a platform-specific app model. | Not needed |
| 5 | CONSIDER targeting .NET implementations in addition to .NET Standard. | Not needed |
| 6 | AVOID using multi-targeting with .NET Standard if your source code is the same for all targets. | Not needed |
| 7 | CONSIDER adding a target for net461 when you’re offering a netstandard2.0 target. | OK> see later point 9
|
| 8 | DO distribute your library using a NuGet package. | Done
https://www.nuget.org/packages/dotnet-aop
|
| 9 | DO use a project file’s TargetFrameworks property when multi-targeting | Struggle to implement/ partially done – modified AOPRoslyn.csproj |
| 10 | CONSIDER using MSBuild.Sdk.Extras when multi-targeting for UWP and Xamarin as it greatly simplifies your project file. | Not needed |
| 11 | DO NOT include a Portable Class Library (PCL) target. | OK |
| 12 | DO NOT include targets for .NET platforms that are no longer supported. | Not needed |
I tried to modify to include
<TargetFrameworks>netstandard2.0;net461</TargetFrameworks>
( Attention: Frameworks , not Framework)
First , you should publish the .csproj
dotnet publish <path to csproj>
should be modified with -f=”netstandard2.0″
Then , each dependency should support it :
error NU1202: Package PortableConsoleLibs 1.0.0 is not compatible with net461 (.NETFramework,Version=v4.6.1). Package PortableConsoleLibs 1.0.0 supports: netcoreapp2.0 (.NETCoreApp,Version=v2.0)
So you should contact the owners to support it – or re-compile the sources, if you have.
So I will stick with
“DO NOT include targets for .NET platforms that are no longer supported.” including NET461.
Conclusion: 11 / 12 it is a good score.
Friday links 296
- LeanEssays: The End of Enterprise IT
- ProtectedMemory Class (System.Security.Cryptography)
- Humanizr/Humanizer: Humanizer meets all your .NET needs for manipulating and displaying strings, enums, dates, times, timespans, numbers and quantities
- Moment.js | Home
- ePub Bud – Sell your children’s books on the Apple iBooks store, Amazon Kindle, and Barnes and Noble! – [[[From TabRocket]]]
- Internet of Things: Programming IoT Devices, Web Services and IoT Clients – CodeProject – [[[From TabRocket]]]
- Performance – Stack Exchange – [[[From TabRocket]]]
- Implementing RoleManager in ASP.NET MVC 5 – [[[From TabRocket]]]
- Telerik Extensions For ASP.NET MVC – Home – [[[From TabRocket]]]
- 12 opensource and free asp.net MVC gridview contols – [[[From TabRocket]]]
- Hello Web App: Intro to building web apps with Django by Tracy Osborn — Kickstarter – [[[From TabRocket]]]
- Hello Web App: Intro to building web apps with Django by Tracy Osborn — Kickstarter – [[[From TabRocket]]]
- No bugs journey episode 2: It’s a matter of values… – Eric Gunnerson’s Compendium – Site Home – MSDN Blogs – [[[From TabRocket]]]
- dotnet/dotnet-developer-projects.md at master · Microsoft/dotnet – [[[From TabRocket]]]
- dotnet/dotnet-free-oss-services.md at master · Microsoft/dotnet – [[[From TabRocket]]]
- Microsoft/dotnet – [[[From TabRocket]]]
- How to convert Word document to Pdf/Html in MVC4 | The ASP.NET Forums – [[[From TabRocket]]]
- DEV_BROADCAST_VOLUME structure (Windows)
- http://ro-3046958:8080/
- http://ro-3059184:8080/
Implement Open-source library guidance
|
Part 1 |
|
|
Part 2 |
|
|
Part 3 |
|
|
Part 4 |
|
|
Part 5 |
|
|
Part 6 |
|
|
Part 7 |
I have written previously a booklet about “Making Open Source Component from idea to deploy With examples from .NET Core” .
Now Microsoft and contributors make a library guidance for OpenSource projects at https://docs.microsoft.com/en-us/dotnet/standard/library-guidance/ . I will take as a working point my component, https://github.com/ignatandrei/AOP_With_Roslyn , and see where it goes and how many things I already implemented.
The items are:
Cross-platform targeting
Strong naming
NuGet and open-source libraries
Dependencies
SourceLink
Publishing
Versioning
I will implement each one in one blog post
Friday links 295
- Proposal for Cross-plat Server-side Image Manipulation Library · Issue #2020 · dotnet/corefx
- OneTab
- Javascript debounce function ~ Siderite’s Blog
- JavaScript Debounce Function
- simplcommerce/SimplCommerce: A super simple, cross platform, modularized ecommerce system built on .NET Core
- Sign in to your account
- First look to javascript unit test framework – ExpectJs
- Automattic/expect.js: Minimalistic BDD-style assertions for Node.JS and the browser.
- ChromeDevTools/awesome-chrome-devtools: Awesome tooling and resources in the Chrome DevTools ecosystem
- The Simplest and Most Perfect Explanation of Privilege I’ve Ever Seen
- The Top 50 Developer Tools of 2016 | StackShare
- .NET Object Comparison with ZCompare – CodeProject
- Patrick Diamond’s answer to What are the top 10 economic must-reads that are fun to read, and not academic? – Quora
- What are the top 10 economic must-reads that are fun to read, and not academic? – Quora
- The ‘Next Five’ Top Reads on the Dismal Science – Persistent Fluctuations – Quora
- In Praise of the Junior Developer
- Fizz Buzz Test
- Microsoft/VS-PPT: Productivity Power Tools – a set of Visual Studio extensions improving developer productivity.
- Generate TypeScript Client API for ASP.NET Web API – CodeProject
- 4 server logs you need to know to troubleshoot failed ASP.NET requests – CodeProject
My Async Await tutorials
Rule of thumb: just await / async from top to down.
To deeply understand async await in .NET Core , please follow the following resources:
1. https://channel9.msdn.com/Events/TechDays/Techdays-2014-the-Netherlands/Async-programming-deep-dive – to gain inner knowledge about what code is async / await
2. Read https://blog.stephencleary.com/2012/02/async-and-await.html to have started into async await
3. Read MSDN for a better understanding : https://msdn.microsoft.com/en-us/magazine/jj991977.aspx?f=255&MSPPError=-2147217396
4. Common pitfalls in ASP.NET Framework( not in console! ) with async await: https://blog.stephencleary.com/2012/07/dont-block-on-async-code.html
5. No problem in ASP.NET Core: https://blog.stephencleary.com/2017/03/aspnetcore-synchronization-context.html
Happy reading !
Friday links 294
- Intro to Vue.js: Rendering, Directives, and Events | CSS-Tricks
- Helper Class for Calling Asynchronous Methods using Func<T> Generics – CodeProject
- Terminals – Documentation
- Fast Deep Copy by Expression Trees (C#) – CodeProject
- Reactivity in Depth — Vue.js
- Should I expose asynchronous wrappers for synchronous methods? | Parallel Programming with .NET
- Telegraf – Time-Series Data Collection | InfluxData
- Druid | Interactive Analytics at Scale
- OneTab
- The Joel on Software Discussion Group (CLOSED) – Why I Hate Frameworks
- Camels and Rubber Duckies – Joel on Software
- Evidence Based Scheduling – Joel on Software
- Strategy Letter II: Chicken and Egg Problems – Joel on Software
- Unusual employee benefits at Basecamp – the complete list | Jason Fried | Pulse | LinkedIn
- Google begins live testing of Instant Apps that load without installation | InfoWorld
- Performance decrease when using interfaces · Issue #9105 · dotnet/coreclr
- coreclr/virtual-stub-dispatch.md at master · dotnet/coreclr
- Terminals – Home
- Performance Calendar » Little RGB Riding Hood: a JPEG’s Tale
- Strategy Letter V – Joel on Software
[ADCES] Meetup Xamarin
The ADCES meetup was about Xamarin – https://www.meetup.com/Bucharest-A-D-C-E-S-Meetup/events/255822334/ . Andrei Nitescu (https://github.com/andreinitescu ) and David Ortinau(https://twitter.com/davidortinau), Senior Program Manager, Mobile Dev Tools at Microsoft. Xamarin Mobile SDKs participated to the meeting.
There were 3 hours well spent learning inner workings and the future of Xamarin.
My activities
I was thinking to have a page for my programming related activities in each year. It is a good opportunity to remember what I have done and if I do something right with my time. So , without other discussion , here they are ( so far …) : http://msprogrammer.serviciipeweb.ro/my-activities-2018/