OpenAccess ORM Express Telerik OpenAccess is an Enterprise-grade ORM that does the data access plumbing in desktop and web applications. Supporting both forward and reverse mapping, the tool offers transparent persistence for your DAL and business objects. OpenAccess ORM provides tight Visual Studio integration and allows you to seamlessly create database independent code. OpenAccess ORM Express Edition provides the same functionality as the commercial version, but supports only the free databases (MS SQL Server Express, Oracle Express, MySQL and Firebird). List of features [ Click HERE ] ... Check tomorrow for another freebie for developers !!!
The Web Platform Installer (Web PI) is a simple tool that installs Microsoft's entire Web Platform, including IIS7, Visual Web Developer 2008 Express Edition, SQL Server 2008 Express Edition and the .NET Framework. Using the Web Platform Installer’s user interface, you can choose to install either specific products or the entire Microsoft Web Platform onto your computer. The Web PI also helps keep your products up to date by always offering the latest additions to the Web Platform. New Updates! Now supporting Windows XP and Windows Server 2003, Web PI makes it easy to install and stay up-to-date with the Microsoft Web Platform. This updated release lets you install ASP.NET MVC, Visual Studio Tools for Silverlight, and much more! [ CLICK HERE to get the details. ]
http://www.iis.net/downloads/default.aspx?tabid=34&i=1691&g=6 is ok for a download link but is meaningless to a search engine ! The answer to SEO friendly URLs is to change the URL to something that has semantic context. For IIS we have the IIS Re-Writer. Some of the features are .... -
Rules-based URL rewriting engine. Rewrite rules are used to express the logic of what to compare/match the request URL with and what to do if comparison was successful. Web server and site administrators can use rewrite rule sets to define URL rewriting logic. -
Regular expression pattern matching. Rewrite rules can use ECMA-262 compatible regular expression syntax for pattern matching. -
Wildcard pattern matching. Rewrite rules can use Wildcard syntax for pattern matching -
Global and distributed rewrite rules. Global rules are used to define server-wide URL rewriting logic. These rules are defined within applicationHost.config file and they cannot be overridden or disabled on any lower configuration levels. Distributed rules are used to define URL rewriting logic specific to a particular configuration scope. This type of rules can be defined on any configuration level by using web.config files. -
Access to server variables and http headers. Server variables and HTTP headers provide additional information about current HTTP request. This information can be used to make rewriting decisions or to compose the output URL. -
Various rule actions. Instead of rewriting a URL, a rule may perform other actions, such as issue an HTTP redirect, abort the request, or send a custom status code to HTTP client. -
Support for IIS kernel mode and user mode output caching. IIS 7.0 output caching provides significant performance improvements for web applications. URL rewrite module is fully compatible with both types of output caching. This means that it is possible to safely cache responses for rewritten URL's and thus boost the performance of web applications that rely on URL rewriting. -
Lower case conversion. A lower case conversion function called "tolower" can be used within rewrite rule to convert any rule input string or substitution URL to lower case. -
Rewrite maps. Rewrite map is an arbitrary collection of name-value pairs that can be used within rewrite rules to generate the substitution URL during rewriting. Rewrite maps are particularly useful when you have a large set of rewrite rules, all of which use static strings (i.e. there is no pattern matching used). In those cases, instead of defining a large set of simple rewrite rules, you can put all the mappings between input URL and substitution URL as keys and values into the rewrite map, and then have one rewrite rule which references this rewrite map to look up substitution URL based on the input URL. -
Failed Request Tracing support. IIS7.0 Failed Request Tracing can be used to troubleshoot errors related to URL rewriting. -
Rule templates. Rule template is an extension for URL rewrite module user interface, that simplifies creation of rewrite rules for a particular task. The GoLive release of the module includes 3 built-in rule templates, plus it allows plugging in any number of custom templates. -
UI for testing of regular expression and wildcard patterns. A GUI tool for testing rule patterns is included into the module's user interface. The tool can be used to quickly check how the regular expression or wildcard pattern works. Also, it can be used for troubleshooting and debugging of problems related to pattern matching. -
UI for managing rewrite rules and rewrite maps. Rewrite rules and rewrite maps can be added, removed and edited by using "URL Rewrite Module" feature in IIS Manager. -
GUI tool for importing of mod_rewrite rules. URL rewrite module includes a GUI tool for converting rewrite rules from mod_rewrite format into an IIS format. [ Click HERE to get the IIS URL Re-Writer ]
Note that the IIS component list of items to install is EMPTY !!! And, I WAS running as Admin ! The real problem was that a CGI process that I was playing with stopped IIS. Sometimes we gotta laugh at ourselves :)
Data Structures and Algorithms: Annotated Reference with Examples This book written by Granville Barnett and Luca Del Tongo is part of an effort to provide all developers with a core understanding of algorithms that operate on various common, and uncommon data structures. Data Structures and Algorithms: Annotated Reference with Examples is completely free! [ CILICK HERE ]
Deitel books are great learning tools and often used as course text or soup to nuts learning guides. Also the physical quality of the book (printing, paper choice, color, etc) make it a collectors item if your a book lover) I had the pleasure of being a technical reviewer on this one (though the way these guys write there isn't much review to do :) This book includes coverage of the new features in ASP.NET 3.5, Web Services, Silverlight, Winforms, LINQ, WPF and More. Get more info here: http://www.deitel.com/books/vb2008htp/
For many years I've had an interest in and a focus on Application Security. Now, I'll be ramping up and doing a bunch of security related work in my role here at Microsoft. I hope you will add www.SecureDeveloper.com to your blog reader. I expect to include coverage of topics of interest to Web Developers, Server Admins, Rich Client Developers and RIA Devs. As always, please feel free to send your requests and suggestions !!
Spring is ugly in my job. From early March until late June I'm on the road. Conferences, Meetings, etc.
Then when I finally get done my spring traveling.... There is "make up" work to do.
I have to "make it up" to my two little princess and my wife. Work my way through a whole spring filled "Honey Do List".
And then, there is the repair work. Winter is hard on everything. There is lots to do on the house, my office building, the yard, etc. after the winter weather (and my pack of German Shepherds) does its winter damage.
And then of course there is the work I have to do on my body. After nearly four months on the road I'm left feeling old, fat, ad out of shape. At 47 by body brings me new challenges and as someone who spent his whole life in a kickboxing gym, my metabolism refuses to adjust to a sedentary lifestyle.
Well, I'm caught up !
For the rest of the summer and fall I'm going to be primarily focused on developing developer training and guidance in the form of Videos and Webcasts on the following topics.
- Web Security - The first of these videos will be up later this week and the series will continue. The topics will be of interest to ASP.NET developers as well as Slveright developers, IIS users, and Rich Client Developers using REST and SOAP services.
- Data Access - BOTH ADO.NET and LINQ (and not JUST to Microsoft SQL Server).
- Dynamic Data - The cool new technology for ASP.NET Developers.
- Web Forms - With all the hype around ASP.NET MVC, I think it's important to focus on the Web UI technology that MOST of us will continue to be using :)
Comments, Suggestions ?
[ Use the "Email Me" Link HERE them to me. ]
 T
Check out this 2 day security brain fest. It happens to be right after Black Hat in Vegas. See you there ? The LifeCycleSecurity conference was started to provide a venue where professionals in the Application Security industry can learn from each other's experiences. We will be addressing security from the server to the browser. Application Security : We will have topics that address how professionals are creating systems that are resistant to attacks against the web application layer and the systems that support these web applications. Browser security: With the increase in attacks against browsers such as malware and other attack vectors, protecting your users is more important than ever. This is increasingly being done with content filtering devices. The Lifecyclesecurity conference will include several tracks that address techniques that are being used to protect against these browser / content based attacks. http://www.lifecyclesecurity.com/
While at TechEd 2008 I got to spend some time in the "Fish Bowl" with Georgeo Pulikkathara. Georgeo interviewed me on Microsoft's Secure Development Lifecycle (SDL) and my upcoming Developer Security Activities. Please [ click HERE ] to check out Georgeo's blog post and [ Click HERE ] to have a listen to the show.
Microsoft has released an advisory for the recent SQL Injection attacks which points to several tools that will help identify and block these type of attacks. The goal of this blog post is to help our audience identify the best tool depending on their role (i.e. Web Developers vs IT administrators). Currently, there are three tools available which serve different purposes and they complement each other.
Web developers Recommendations
· The Microsoft ® Source Code Analyzer for SQL Injection is a static code analysis tool that identifies SQL Injection vulnerabilities in ASP code (ASP pages are the ones that have been under attacked). In order to run this tool you will need source code access and the tool will output areas vulnerable to SQL injection (i.e. the root cause and vulnerable path is identified). In our view fixing the root cause of the bug is the best way to eradicate vulnerabilities. The tool scans ASP source code and generates warnings for first order and second order SQL Injection vulnerabilities.
IT/Database administrators Recommendations (Web developers can benefit from this as well)
We are recommending two tools, one can help identify SQL injection vulnerabilities by crawling the website (for example, when access to the source code is not possible) and the other one aims to block potential SQL injection attacks.
· HP Scrawlr, developed by the HP Web Security Research Group, will crawl a website, simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities (Microsoft has worked with HP in this effort). Scrawlr uses some of the same technology found in WebInspect but has been built to focus only on SQL Injection vulnerabilities. This will allow an IT/DB admin to easily find vulnerabilities similar to the ones that have been used to compromise sites in the recent attacks. No source code is required to run this tool. From a starting URL, the tool recursively crawls that URL in order to build up a site tree that will be then analyzed for SQL injection vulnerabilities. For more information check out https://download.spidynamics.com/products/scrawlr/
· Second, in order to block and mitigate SQL injection attacks (while the root cause is being fixed), one can deploy filters using URLScan 3.0. This tool restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being executed on the server. Basically, it uses a set of keywords to block certain requests (i.e. the request will get drop and never processed by SQL) That said, we highly encourage fixing the root cause of the problem instead of attempting on producing a perfect filter that will block all type of attacks (since in our view this is not possible and error prone).
The following table summarizes the pros and cons of these tools.
|
Tool
|
Usage
|
Pros
|
Cons
|
Users
|
|
Microsoft Source Code Analyzer for SQL Injection
|
Identifies SQL Injection vulnerabilities in ASP code through static code analysis.
|
Identify the root cause of the bug at the source code level.
|
This version currently only works on ASP pages
|
Web developers
|
|
Scrawlr
|
Detect SQL vulnerability by crawling a website.
|
No source code is required.
|
Cannot identify the line of code responsible. |
IT/DB Administrator
Web developers
|
|
UrlScan v3.0 Beta
|
Blocks the types of HTTP requests that Internet Information Services (IIS) will process.
|
URLScan filter can be easily deployed to mitigate SQL injection attack while the root cause is being fixed.
|
Not fixing the root cause, thus the risk has not been eliminated completely.
|
IT Administrators
|
The IIS team has released the Beta 1 (Go Live) release of the Microsoft Web Deployment Tool! The tool provides deployment and migration support for IIS 6.0 and 7.0. It incorporates many features that enable web server administrators to deploy, sync and migrate sites, including configuration, content, SSL certificates and other types of content associated with a Web server.
This tool can be used on Windows Server 2008 and IIS 7.0 as well as Windows Server 2003 and IIS 6.0. Please note that this is a Beta release, support is available on the forums.
How to Get Started
Download the x86 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602
Download the x64 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603
Read the walkthroughs: http://go.microsoft.com/?linkid=8100895
Web Deployment Tool forum: http://forums.iis.net/1144.aspx
Web Deployment Team blog: http://blogs.iis.net/msdeploy/
Features
- PowerShell Support - We have PowerShell cmdlets so that you can integrate MS Deploy commands with PowerShell directly.
- Enhanced Dependency Checking - We have IIS7 dependency information listed, plus the ability to see where a dependency is being triggered from. For example, if you have a dependency on Windows Authentication, you can now determine where this is set in the configuration.
- Detailed Help File - We have a Help chm file included in the tool so that you can browse through all the functionality and flexibility offered by the tool, instead of looking through online walkthroughs.
|