Book Image

Mastering C# and .NET Framework

Book Image

Mastering C# and .NET Framework

Overview of this book

Mastering C# and .NET Framework will take you in to the depths of C# 6.0/7.0 and .NET 4.6, so you can understand how the platform works when it runs your code, and how you can use this knowledge to write efficient applications. Take full advantage of the new revolution in .NET development, including open source status and cross-platform capability, and get to grips with the architectural changes of CoreCLR. Start with how the CLR executes code, and discover the niche and advanced aspects of C# programming – from delegates and generics, through to asynchronous programming. Run through new forms of type declarations and assignments, source code callers, static using syntax, auto-property initializers, dictionary initializers, null conditional operators, and many others. Then unlock the true potential of the .NET platform. Learn how to write OWASP-compliant applications, how to properly implement design patterns in C#, and how to follow the general SOLID principles and its implementations in C# code. We finish by focusing on tips and tricks that you'll need to get the most from C# and .NET. This book also covers .NET Core 1.1 concepts as per the latest RTM release in the last chapter.

Related Content you might be interested in

Current Title:

Small book image
Mastering C# and .NET Framework
Dec, 2016 | 560 pages
No titles found
Table of Contents (21 chapters)
Mastering C# and .NET Framework
Mastering C# and .NET Framework
Credits
Credits
About the Author
About the Author
Acknowledgements
Acknowledgements
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Inside the CLR
Inside the CLR
An annotated reminder of some important computing terms
The evolution of .NET
Summary
2
Core Concepts of C# and .NET
Core Concepts of C# and .NET
C# – what's different in the language?
Languages: strongly typed, weakly typed, dynamic, and static
The true reason for delegates
The evolution in versions 2.0 and 3.0
Summary
3
Advanced Concepts of C# and .NET
Advanced Concepts of C# and .NET
C# 4 and .NET framework 4.0
C# 5.0: async/await declarations
What's new in C# 6.0
What's new in C# 7.0
Summary
4
Comparing Approaches for Programming
Comparing Approaches for Programming
Functional languages
The TypeScript language
Summary
5
Reflection and Dynamic Programming
Reflection and Dynamic Programming
Reflection in the .NET Framework
Interoperability
Summary
6
SQL Database Programming
SQL Database Programming
The relational model
The tools – SQL Server 2014
Data access in Visual Studio
The Entity Framework data model
Summary
7
NoSQL Database Programming
NoSQL Database Programming
A brief historical context
The NoSQL world
MongoDB on Windows
MongoDB from Visual Studio
Summary
8
Open Source Programming
Open Source Programming
Historical open source movements
The Roslyn project
TypeScript
Summary
9
Architecture
Architecture
The election of an architecture
CASE tools
The role of Visio
The database design
Visual Studio architecture, testing, and analysis tools
The end of the life cycle – publishing the solution
Summary
10
Design Patterns
Design Patterns
The origins
The SOLID principles
Open/Closed principle
Liskov Substitution principle
Interface Segregation principle
Dependency Inversion principle
Design patterns
Other software patterns
Other patterns
Summary
11
Security
Security
The OWASP initiative
The OWASP Top 10
A1 – injection
A2 – Broken Authentication and Session Management
A3 – Cross-Site Scripting (XSS)
A4 – Insecure Direct Object References
A5 – Security Misconfiguration
A6 – Sensitive Data Exposure
A7 – Missing Function-level Access Control
A8 – Cross-Site Request Forgery
A9 – Using components with known vulnerabilities
A10 – Invalidated redirects and forwards
Summary
12
Performance
Performance
Application Performance Engineering
Summary
13
Advanced Topics
Advanced Topics
The Windows messaging subsystem
Sub-classing techniques
Some useful tools
Platform/Invoke: calling the OS from .NET
Parallel programming
Parallel LINQ
The Parallel class
Task Parallel
.NET Core 1.0
ASP.NET Core 1.0
NET Core 1.1
Summary
Index
Index

A1 – injection

The injection threat is always based on input data from the user. An interpreter will take this information and, presumably, incorporate the data into the normal flow of a sentence that is to be executed behind the scenes.

So, the key here is that potential attacks should know the engine they're trying to surpass. However, the three main engines mentioned by A1 are SQL, OS, and LDAP, the first one being the most common (and that's why it's the most dangerous).

SQL injection

SQL injection is, perhaps, the most well-known of them all. It's based on some characteristics of the SQL language:

  • Several sentences can be linked together, separated by a semicolon (;)

  • You can insert an inline comment with a double dash (--)

  • The programmer doesn't care about the contents introduced by the user and adds those contents to a string that is passed to the interpreter, which blindly executes the command:

As you can see in the figure, you just have to pass the sentence or 1=1 -- to make it work. If...

Previous Section
End of Section 4
Next Section