I just read Insanely Simple: The Obsession That Drives Apple's Success and was really inspired by it's peek into Steve Job's mind.
What is really great about the book (and author) is how it shows the decision making process behind Steve/Apple's success.
The key message is how Simple and well designed products/solutions, are a result of a relentless and uncompromising focus on Simplicity.
Saturday, 29 June 2013
Writing REPL scripts on side-by-side Chrome and IE
Following the Chrome-Hijacking posts, I’m starting to convert the WatiN Extension methods into ChromeDriver, and to do so needed to execute requests side-by-side (to test the APIs and to be able to write UnitTests for them).
To do that (side-by-side Chrome and IE execution) I wrote this script:
To do that (side-by-side Chrome and IE execution) I wrote this script:
Tuesday, 25 June 2013
CodingLab Library at Union Jacks in Chiswick
After talking about the 'Open Library' for my RaspberryPi, Arduino, BeagleBone, Pyhton, CodeClub books and materials on the Chiswick High Road with Ed (Chiswick's Union Jack manager), I'm happy to say that he embraced the idea and gave us some nice (prime-location shelf) location downstairs to hold the first batch of Library books :)
This means that if you want to learn about:
- Scratch
- RaspberryPI
- Arduino
- BeagleBone
- Phyton
- Linux
- and others (OWASP, Android, Robotics)
... just pop in into Union Jack, grab a drink and take a look one of the available books:
Review of first CodeClub meetup in Chiswick (24th Jun 2013), with Scratch and RaspberryPI 'coding stations'
Following the 'Open Library' for my RaspberryPi, Arduino, BeagleBone, Pyhton, CodeClub books and materials on the Chiswick High Road idea and the creation of CodingLab , I organised a Code Club meetup at Chiswick's Union Jack which had a nice crowd and vibe.
Here are some pictures of this event and set-up
Here are some pictures of this event and set-up
Saturday, 22 June 2013
PoC of Auto-Screenshot of Hijacked Notepad main Window
On the topic of Window-Hijacking, here is a PoC that:
- creates a GUI with two Panels (left and right)
- starts a new notepad process
- hijacks its main window into the left panel
- takes a screenshot of a captured Nodepad window every 100ms
- checks if the screenshot is different from the last one, and if it is:
- shows the screenshot of the hijacked notepad window into the right panel (inside a PictureBox)
Using WebStorm with Chrome and ChromeDriver (to view KarmaJS execution results)
Following from the example described inWhen the best way to automate Chrome is to use ... Chrome , here is a more practical scenario where I’m creating a GUI that has both WebStorm and Chrome running side-by-side
Here is what it looks like:
Here is what it looks like:
When the best way to automate Chrome is to use ... Chrome (with examples on Google search, direct AngularJS scope manipulation and ChromeDriver javascript access)
On the topic of Web Automation, I always wanted to have a REPL environment for Chrome like I have for IE (using Watin).
In the past I have explored multiple solutions, for example the use of CefSharp (see here and here). But that was never the real thing, and there was always a couple issues (caused by the fact that the ‘real’ chrome wasn't being used).
For a while, in the back on my mind the solution was simple and obvious: Use the real Chrome process in a way that it can be programmatically accessed from an O2’s C# repl environment!
Well, the good news is that is exactly what I have done :)
I just created the Gui you can see below, which uses the Window-Hikacking technique to inject an (Selenium's ChromeDriver started) Chrome process' window in a Panel, and pass its reference (as a variable) to an O2 REPL environment.
In the past I have explored multiple solutions, for example the use of CefSharp (see here and here). But that was never the real thing, and there was always a couple issues (caused by the fact that the ‘real’ chrome wasn't being used).
For a while, in the back on my mind the solution was simple and obvious: Use the real Chrome process in a way that it can be programmatically accessed from an O2’s C# repl environment!
Well, the good news is that is exactly what I have done :)
I just created the Gui you can see below, which uses the Window-Hikacking technique to inject an (Selenium's ChromeDriver started) Chrome process' window in a Panel, and pass its reference (as a variable) to an O2 REPL environment.
Thursday, 20 June 2013
Adding KarmaJS support to WebStorm to automagically run tests on file changes (and test UI with SublimeText, Chrome and Cmd.exe)
On the AngularJs and KarmaJS theme (see A small AngularJS Jasmine test executed by KarmaJS and the related posts linked at the bottom), here is my first attempt at using Karma to test AngularJS code inside TeamMentor.
I’m using WebStorm instead of VisualStudio, since for Javascript coding WebStorm is MUCH better/faster/cleverer, specially since it has good support for AngularJs and Jasmine (with KarmaJS support easily added, as we are about to see).
Also shown below is a cool tool I created that hijacks windows from SublimeText, Chrome and Cmd.exe windows into the same UI (an O2 Platform .NET Script)
Here is the directory structure:
I’m using WebStorm instead of VisualStudio, since for Javascript coding WebStorm is MUCH better/faster/cleverer, specially since it has good support for AngularJs and Jasmine (with KarmaJS support easily added, as we are about to see).
Also shown below is a cool tool I created that hijacks windows from SublimeText, Chrome and Cmd.exe windows into the same UI (an O2 Platform .NET Script)
Here is the directory structure:
A small AngularJS Jasmine test executed by KarmaJS
When I try to understand how a particular technology works I always like to create a simple test case with a small number of moving parts.
This post shows such example for an AngularJS page, a Jasmine test, a NodeJS web server and a KarmaJS execution cycle.
The files used/customised were based on the KarmaJS test/e2e/angular-scenario example:
This post shows such example for an AngularJS page, a Jasmine test, a NodeJS web server and a KarmaJS execution cycle.
The files used/customised were based on the KarmaJS test/e2e/angular-scenario example:
KarmaJS AngularJS Scenario Test Runner execution variations in IE 7,8,9 and 10 when using AngularJS
While trying to get Karma JS to work, I found a number of different behaviours for its AngularJS Scenario Test Runner in IE’s multiple 'compatibility modes'.
TLDR: some of the Jasmine and AngularJS test apis don't work (although Angular does seem to work ok)
Here is the default web page I was using:
TLDR: some of the Jasmine and AngularJS test apis don't work (although Angular does seem to work ok)
Here is the default web page I was using:
If AngularJS doesn’t work on your O2 Platform IE scripts (the fix is to change browser compatibility mode)
If when trying to open an AngularJS page inside an O2 Platform script, you see:
... this means that the IE browser embedded in that .NET process is set to run under IE 7
... this means that the IE browser embedded in that .NET process is set to run under IE 7
Wednesday, 19 June 2013
Debugging a weird case of missing module in AngularJS and KarmaJS
When I was trying the Running KarmaJS’s AngularJS example test/e2e/angular-scenario (on Chrome) I hit on the the following weird behaviour.
TLDR; the solution was to run npm install –g karma@canary
TLDR; the solution was to run npm install –g karma@canary
Running KarmaJS’s AngularJS example test/e2e/angular-scenario (on Chrome)
To learn and get an idea of how Karma (the 'Spectacular Test Runner for JavaScript') works, and how it can be used to create browser automations tests, here are the steps I took to get the test/e2e/angular-scenario example to work.
It all started with a clone of: git@github.com:karma-runner/karma.git
It all started with a clone of: git@github.com:karma-runner/karma.git
Sunday, 16 June 2013
Trying to running HuBot (and being stuck on ‘ERROR XMPP authentication failure’)
Sitting on a Starbucks in a Saturday morning (after dropping the kids on PSSA) it felt like a good time to try HuBot (repo is here).
Since I already had NodeJS installed on my test VM, I stated with the Deploying Hubot onto Windows instructions:
Since I already had NodeJS installed on my test VM, I stated with the Deploying Hubot onto Windows instructions:
Using Jabber-net to talk to OpenFire
After Installing Ignite’s OpenFire and Spark (IM server and client), using Jabber-Net, I wrote a O2 Platform C# script to access OpenFire, which will:
- Connect to a local OpenFire server
- Login as a user
- Find the HuBot room
- Join that room
- Post public messages to it
(see end of post for the source code)
NDepend Query to visualize call flows
After installing NDepend and writing a first simple CQL query, it was time to try something more interesting, namely a query that could help me write rules to find security vulnerabilities like SQL Injection.
So I decided to write a rule to find out the call flows into/from a particular method, ie ‘Who calls this method and who it calls?’
With NDepend enabled on the source code of TeamMentor/Master , I opened a class and chose this option:
So I decided to write a rule to find out the call flows into/from a particular method, ie ‘Who calls this method and who it calls?’
With NDepend enabled on the source code of TeamMentor/Master , I opened a class and chose this option:
Customizing my first NDepend CQL rule (Potentially dead Methods)
After Installing NDepend, I was looking at the rules execution result of TeamMentor/Master and saw that there were a result of 21 Potential dead methods:
Installing NDepend
After a nice correspondence with NDepend’s Patrick Smacchia who offered me a license of in exchange for some blog posts on how I used it, here is my first one covering the installation and first run
If don't know about NDepend, here are some references :
If don't know about NDepend, here are some references :
- on NDepend Website:
- Getting Started
- Features
- CQL Syntax , CQL Features and CQL Rules Help
- API
- Exploring Existing Code Architecture in Visual Studio
- NDepend on Wikipedia (with more references links)
- Pattrick's blog
- Other blog posts and articles:
- .NET Tools: NDepend static analysis tool, leave T-Pain behind.
- Educating Programmers with Placemats - NDepend Static Analysis Poster which talks about this NDepend Metrics pdf
- Exiting The Zone of Pain - Static Analysis with NDepend
- Continuous code quality measurement with NDepend and TeamCity
- Static Code Analysis based on NDepend
Trying DevExpress (install and uninstall)
Since I'm still not 100% happy with Resharper performance and system Impact, I just tried CodeRush from DevExpress
The rest of this post shows how I installed, used it and uninstalled CodeRush
The rest of this post shows how I installed, used it and uninstalled CodeRush
Friday, 14 June 2013
AngularJS code editor using UI-Bootstrap and CodeMirror (done without using jQuery)
I’m adding a number of AngularJS views to TeamMentor, and here is a simple HTML based source code editor inspired on the How to Integrate Codemirror With Angular UI post and ui-codemirror repository.
In the end, these are the APIs I used:
In the end, these are the APIs I used:
- http://angularjs.org/
- http://angular-ui.github.io/bootstrap/
- http://twitter.github.io/bootstrap
- http://codemirror.net/ (just the core bit)
Gource Visualisation of "TeamMentor Git Development - 18 Months in 180 Seconds"
Here is a pretty cool video of 18 months of Git commits using the Gource tool which is a software version control visualization tool.
Try to see it in full screen and at 1024p HD quality:
Try to see it in full screen and at 1024p HD quality:
Wednesday, 12 June 2013
More TeamMentor UI Javascript trace and debug views
On the topic of TeamMentor UI debug helpers (see Opening up TeamMentor’s Javascript Trace Viewer which hooks TM method calls) here are a couple other useful options:
Opening up TeamMentor’s Javascript Trace Viewer which hooks TM method calls
If you are trying to debug (or understand) the TeamMentor’s Javascript layer, there are a number of debugging tools and options (in the /Javascript/TM/Settings.js file) that might help you:
Tuesday, 11 June 2013
Trying out NCrunch
Intrigued by Kofi’s NCrunch and TeamMentor post, and since today I had to write a number of Unit Tests, I decided to give NCrunch a test drive.
I downloaded the MSI, the install was smooth and next time I opened up VisualStudio there was a new NCrunch menu available:
I downloaded the MSI, the install was smooth and next time I opened up VisualStudio there was a new NCrunch menu available:
Changing the way User Sessions are handled by TeamMentor (will be 3.3 Release HotFix 3)
One feature we introduced in TeamMentor 3.3 was the limitation of only allowing one user session to be active at any given time.
This had the nice side effect of 'preventing user account reuse'.
In practice, this meant that TM users had to stop using shared accounts (like the admin account), which was a good thing.
But, it created nasty side effects where the user can only be logged in once across all its devices. And an even worse side-effect happened when we implemented a SSO solution for a client, and we realized that for the cases where there was one SSO token shared across multiple users, we would have to create an TM account per user session!
So we went back to the Concurrent Logins Have Broken issue, reopened it and changed it priority to P0 (which means that this will be another 3.3 HotFix)
The rest of this post shows the workflow that I took when making the code 3.3 HotFix #3 changes, testing them and pushing the new version to GitHub.
This had the nice side effect of 'preventing user account reuse'.
In practice, this meant that TM users had to stop using shared accounts (like the admin account), which was a good thing.
But, it created nasty side effects where the user can only be logged in once across all its devices. And an even worse side-effect happened when we implemented a SSO solution for a client, and we realized that for the cases where there was one SSO token shared across multiple users, we would have to create an TM account per user session!
So we went back to the Concurrent Logins Have Broken issue, reopened it and changed it priority to P0 (which means that this will be another 3.3 HotFix)
The rest of this post shows the workflow that I took when making the code 3.3 HotFix #3 changes, testing them and pushing the new version to GitHub.
Fixing a couple bugs and pushing new TeamMentor 3.4 Dev Version (from 4 to 5)
This post shows one way to use GitHub to update the main development branch of TeamMentor.
At the moment TeamMentor/Dev repo is at version 3.3 – Dev 4
At the moment TeamMentor/Dev repo is at version 3.3 – Dev 4
The day CodingLab.org was born
After brainstorming about the idea of 'Open Library' for my RaspberryPi, Arduino, BeagleBone, Pyhton, CodeClub books and materials on the Chiswick High Road with Sarah (my wife), she come up with the name of Coding Lab, as a better way to present the concept to local venues (with the added idea of doing regular/monthly lab sessions in there).
So I:
So I:
- did a quick DNS search,
- found that CodingLab.org was available,
- registered it,
- created a GitHub repository for it https://github.com/O2platform/CodingLab
- added some GitHub Pages
Creating TeamMentor release 3.3.2 (3.2 version with HotFix 2)
Now that the two P0 issues are marked as fixed (after a round of QA):
Monday, 10 June 2013
'Open Library' for my RaspberryPi, Arduino, BeagleBone, Pyhton, CodeClub books and materials on the Chiswick High Road
Yesterday I 'dropped' 10 Python books to a friend's kid house with a 'take a look at these books and pick one that make sense to you' workflow (they are trying to use a RaspeberryPI and learn how to code in Python)
Later that day one of the kids asked me '... can we keep two?..' , which is always a good sign :)
This got me thinking that that some of my books (I have lot of them) deserve to be shared with more kids :)
Maybe I could have them 'somewhere' on the local Chiswick High Road (West London) as a kind of 'Public Geek Library' for kids (and adults).
This could also be a great location to put information about CodeClub and examples of what I'm creating with the kids that I am teaching every Wednesday.
Later that day one of the kids asked me '... can we keep two?..' , which is always a good sign :)
This got me thinking that that some of my books (I have lot of them) deserve to be shared with more kids :)
Maybe I could have them 'somewhere' on the local Chiswick High Road (West London) as a kind of 'Public Geek Library' for kids (and adults).
This could also be a great location to put information about CodeClub and examples of what I'm creating with the kids that I am teaching every Wednesday.
Sunday, 9 June 2013
Installing Ignite’s OpenFire and Spark (IM server and client)
When testing HuBot, I needed an IM server and client
Since the HuBot install article that I was following recommended OpenFire and Spark, I decided to give it a test drive.
Here is how I installed and set it up on a local VM.
The first step was to get OpenFire from the Ignite's website:
Since the HuBot install article that I was following recommended OpenFire and Spark, I decided to give it a test drive.
Here is how I installed and set it up on a local VM.
The first step was to get OpenFire from the Ignite's website:
A constant source of confusion: Simplicity
From this reddit I found the really interesting and thought provoking (long) post on A constant source of confusion: Simplicity
Simplicity is a topic that really matters to me, and is something that always try to do when writing code or creating APIs (like the ones in the O2 Platform, FluentSharp or TeamMentor).
That post has some great references, which are well worth a read:
Simplicity is a topic that really matters to me, and is something that always try to do when writing code or creating APIs (like the ones in the O2 Platform, FluentSharp or TeamMentor).
That post has some great references, which are well worth a read:
- Software engineering: An Idea Whose Time Has Come and Gone? - by the author of the Controlling Software Projects: Management, Measurement, and Estimation book and the one that said “You can’t control what you can’t measure.” (something the author now doesn't believe is correct)
- Worse is better - ( Wikipedia quote)"Worse is better, also called the New Jersey style, was conceived by Richard P. Gabriel to describe the dynamics of software acceptance, but it has broader application. The idea is that quality does not necessarily increase with functionality. There is a point where less functionality ("worse") is a preferable option ("better") in terms of practicality and usability. Software that is limited, but simple to use, may be more appealing to the user and market than the reverse...." :
- Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest for Transcendent Software
Saturday, 8 June 2013
What is Privacy all about? ... its about 'not being surprised'
Privacy is one of those subjective topics that is hard to talk about, because everybody seems to have a different definition of it (which depends on culture, personal experience, current/past jobs and state-of-mind.
Recently I found a Seth Godin post (while reading Whatcha Gonna Do with That Duck? in the toilet) which really provided a great explanation of privacy.
The post happens to also be online (People don't truly care about privacy) and here is the key part:
Recently I found a Seth Godin post (while reading Whatcha Gonna Do with That Duck? in the toilet) which really provided a great explanation of privacy.
The post happens to also be online (People don't truly care about privacy) and here is the key part:
Friday, 7 June 2013
Why the need to enable the use of OWASP chapter funds
I just send the text below to the OWASP Leaders list, which was part of this thread
My answer was to Tim's comment and I started a new thread with it
-------------
Tim's solution (see below) is great and we should apply it now (using data from the last year). The only thing I would change is to remove the C (soft cap) and P (hard cap). This would have a net positive result for all chapters (and not move the money to the 'OWASP mothership' which is a very sensitive topic).
My answer was to Tim's comment and I started a new thread with it
-------------
Tim's solution (see below) is great and we should apply it now (using data from the last year). The only thing I would change is to remove the C (soft cap) and P (hard cap). This would have a net positive result for all chapters (and not move the money to the 'OWASP mothership' which is a very sensitive topic).
For the ones really interested in this thread/topic, you should read the amazing Seth Godin's post Non-profits have a charter to be innovators which really explains why OWASP (as an organisation) as the DUTY and moral responsibility to spend its available funds, to experiment, to get things done, etc....)
OWASP is Hiring a FT Event Manager (35k USD)
Sarah Baso just posted the email below to the OWASP-leaders list which is a great move for OWASP.
-
OWASP Leaders -
We are looking for a motivated professional to take on management of OWASP Events.
Applications are being accepted until June 21, 2013 with interviews immediately following with a final decision made by July 5, 2013.
How to apply: Email a cover letter and resume with your name and the position you are applying for in the subject line to owasp.foundation@owasp.org.
Please help us spread the word about the position by posting to your chapter/project lists, adding to applicable job boards, or forwarding to any individuals that you think would be interested.
Help out with WebGoat .NET development
If you are looking for a great project to learn about ASP.NET, C# and Web Application Security, WebGoat .NET is a great place to start.
Please grab the code (here or here), read the current issues and join the mailing list
See my WebGoat.NET in Action (and how I set-it up) post if you need help setting it up.
And please fell free to invite others to join the party :)
Please grab the code (here or here), read the current issues and join the mailing list
See my WebGoat.NET in Action (and how I set-it up) post if you need help setting it up.
And please fell free to invite others to join the party :)
13 Great Quotes from Steve Jobs
I like the fact that I can relate to most and am actively involved in executing them.
For example ... the idea that when we start working on something it tend to be very complex, and it is only by working on it 'over and over again' that it becomes simple, easy to use and useful (for a wide audience) ... is exactly how I approach the development of the O2 Platform and TeamMentor
For example ... the idea that when we start working on something it tend to be very complex, and it is only by working on it 'over and over again' that it becomes simple, easy to use and useful (for a wide audience) ... is exactly how I approach the development of the O2 Platform and TeamMentor
Controlling Selenium and Chrome WebDriver from a C# REPL GUI (while fixing UnitTest)
When I was Running TeamMentor WebAutomation UnitTests locally (using Selenium and ChromeDriver), there were a number of TeamMentor's UnitTests that failed, and could not be fixed with simple changes or re-execution
This post shows how I used the O2 Platform's FluentSharp REPL script_Me capabilities to debug the problem and find a solution.
This post shows how I used the O2 Platform's FluentSharp REPL script_Me capabilities to debug the problem and find a solution.
Running TeamMentor WebAutomation UnitTests locally (using Selenium and ChromeDriver)
If you want to run the TeamMentor's WebAutomation UnitTests (for example to see how we use Selenium and the multiple WebDrivers, like ChromeDriver), there are couple gotchas that you will need to take into account.
This post shows how I went from a git clone to a full execution of all unit tests.
This post shows how I went from a git clone to a full execution of all unit tests.
Wednesday, 5 June 2013
Adding Markdown support to TeamMentor's Article 'view and edit workflow'
After Adding MarkdownDeep Web Editor and Editing/Viewing an TeamMentor Article, the next step was to add Markdown support to the main TeamMentor's Article rendering and editing workflow.
Since all the heavy lifting was already done, adding these capabilities was relatively easy to do with the code that can be see on the 2ead06cf1098872849f8e1d68fb3215e2668f502 commit:
Since all the heavy lifting was already done, adding these capabilities was relatively easy to do with the code that can be see on the 2ead06cf1098872849f8e1d68fb3215e2668f502 commit:
Adding MarkdownDeep browser-based Markdown 'Edit and Preview' capabilities to TeamMentor (and editing an TM Article)
After Adding MarkDown support to TeamMentor using MarkDownDeep, where I got MarkdownDeep to work on the backend (ie server-side markdown transformation), the next step was to add client-side viewing and editing (i.e browser-side markdown transformation).
Although there is a MarkdownDeep NuGet package with the client-side coed, I wanted to put the files in a specific location, so I manually added the html, JS and CSs files into the TM’s Javascript folder:
Although there is a MarkdownDeep NuGet package with the client-side coed, I wanted to put the files in a specific location, so I manually added the html, JS and CSs files into the TM’s Javascript folder:
Adding MarkDown support to TeamMentor using MarkDownDeep
After adding ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout) I was ready to add Markdown support to TeamMentor.
I chose MarkdownDeep after reviewing the multiple Markdown C# and JavaScript APIs currently available (for more details see the references section at the end of this post)
My first step was to go NuGet and choose the MarkDownDeep - .NET Only Edition package:
I chose MarkdownDeep after reviewing the multiple Markdown C# and JavaScript APIs currently available (for more details see the references section at the end of this post)
My first step was to go NuGet and choose the MarkDownDeep - .NET Only Edition package:
Using ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout)
On TeamMentor's 3.3. release we added support for C# RazorEngine and System.Web.Razor.
For 3.4 release, there is requirement to add Markdown support (see next post). Since the API that I want to use (MarkdownDeep) works really well with ASP.NET MVC 4.0, here is how I added ASP.NET MVC 4.0 support to TeamMentor.
The process was quite smooth, and I was able to quickly get it up and running.
It all started with NuGet where I added this package
For 3.4 release, there is requirement to add Markdown support (see next post). Since the API that I want to use (MarkdownDeep) works really well with ASP.NET MVC 4.0, here is how I added ASP.NET MVC 4.0 support to TeamMentor.
The process was quite smooth, and I was able to quickly get it up and running.
It all started with NuGet where I added this package
Tuesday, 4 June 2013
WebGoat.NET in Action (and how I set-it up)
For the OWASP EU Tour London event I showed the WebGoat.NET vulnerable web app (which is a .NET variation of the highly successful Java-based OWASP WebGoat project).
Here are (draft) notes on my efforts to get WebGoat.Net up and running (which might help help others since there is very little documentation about this great new OWASP Project)
After cloning from https://github.com/jerryhoff/WebGoat.NET and using the code from the https://github.com/jerryhoff/WebGoat.NET/tree/new-lessons branch (note that there is now the https://github.com/OWASP/WebGoat.NET repo, which is a better home for this code), I was able to get WebGoat.Net running (see below the probs I had to solve), and here is what the first page looks like:
Here are (draft) notes on my efforts to get WebGoat.Net up and running (which might help help others since there is very little documentation about this great new OWASP Project)
After cloning from https://github.com/jerryhoff/WebGoat.NET and using the code from the https://github.com/jerryhoff/WebGoat.NET/tree/new-lessons branch (note that there is now the https://github.com/OWASP/WebGoat.NET repo, which is a better home for this code), I was able to get WebGoat.Net running (see below the probs I had to solve), and here is what the first page looks like:
View ESAPI 11 Encodings methods in real-time via an ASP.NET Web Page
In the Another step in the use of ESAPI and AppSensor Jars from .Net/C# (using Jni4Net) I posted the screenshots below, which are such a big step forward that I'm creating this separate blog post to expand the idea a little bit :)
One of the things that I always wanted to do with ESAPI , was to have programmatic access to the multiple ESAPI encodings methods, since I believe they are a great example of the type of encodings capabilities that are needed in order to safely consume data provided by (potentially malicious) users.
ESAPI provides a number of sepecific methods to encode a string (each focused on a particular use case)
One of the things that I always wanted to do with ESAPI , was to have programmatic access to the multiple ESAPI encodings methods, since I believe they are a great example of the type of encodings capabilities that are needed in order to safely consume data provided by (potentially malicious) users.
ESAPI provides a number of sepecific methods to encode a string (each focused on a particular use case)
- encodeForHTML
- encodeForHTMLAttribute
- encodeForCSS
- encodeForJavascript
- encodeForVBScript
- encodeForLDAP
- encodeForDN
- encodeForXPath
- encodeForXML
- encodeForXmlAttribute
- encodeForURL
Another step in the use of ESAPI and AppSensor Jars from .Net/C# (using Jni4Net)
Yesterday at the OWASP EU Tour London Chapter event meeting I presented the next step of my research on using ESAPI and AppSensor inside a .NET application like TeamMentor (using Jni4Net to allow the JVM to work side by side with the CLR).
The source code of the demo I presented is posted to the github.com:DinisCruz/TeamMentor_3_3_AppSensor repo, and this post shows a number of screenshots of what is in there.
I used TeamMentor’s TBot C# and AngularJS pages to create the prototypes (since it is very easy and fast to code in that enviroment)
The source code of the demo I presented is posted to the github.com:DinisCruz/TeamMentor_3_3_AppSensor repo, and this post shows a number of screenshots of what is in there.
I used TeamMentor’s TBot C# and AngularJS pages to create the prototypes (since it is very easy and fast to code in that enviroment)
Subscribe to:
Posts (Atom)