Late Night Dev

Published on Website Magazine Blog – 06/25/08

SQL Injection Detection and Defense
Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community [...]

Released in January – Web Deployment Projects for Visual Studio 2008 supports all of the features of Web Deployment Projects for Visual Studio 2005 and adds the following:

Easily migrating VS 2005 Web Deployment Projects to VS 2008 Web Deployment Projects
Replacing output only if web deployment builds succeed
IIS7 Support

Web deployment projects add many features to allow [...]

Thanks to Nico from Microsoft for pointing out a method I missed in my initial post. When constructing sql statements dynamically do not concatenate strings. Instead, use parameters when constructing your sql statements dynamically. For more information see – How To: Protect From SQL Injection in ASP.NET.
Microsoft also provides some good guidelines [...]

A great little tool for debugging web apps is available at http://www.fiddler2.com/fiddler2/.
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a powerful event-based [...]

Want to write more efficient next generation web apps? Spending some time learning AJAX (Asynchronous JavaScript And XML) will allow you to:

Write faster web apps
Write more efficient web apps
Write more user friendly web apps

AJAX does this by using the JavaScript XMLHttpRequest object to to retrieve data from the server without causing changes or [...]