Book Image

Mastering C# and .NET Framework

Book Image

Mastering C# and .NET Framework

Overview of this book

Mastering C# and .NET Framework will take you in to the depths of C# 6.0/7.0 and .NET 4.6, so you can understand how the platform works when it runs your code, and how you can use this knowledge to write efficient applications. Take full advantage of the new revolution in .NET development, including open source status and cross-platform capability, and get to grips with the architectural changes of CoreCLR. Start with how the CLR executes code, and discover the niche and advanced aspects of C# programming – from delegates and generics, through to asynchronous programming. Run through new forms of type declarations and assignments, source code callers, static using syntax, auto-property initializers, dictionary initializers, null conditional operators, and many others. Then unlock the true potential of the .NET platform. Learn how to write OWASP-compliant applications, how to properly implement design patterns in C#, and how to follow the general SOLID principles and its implementations in C# code. We finish by focusing on tips and tricks that you'll need to get the most from C# and .NET. This book also covers .NET Core 1.1 concepts as per the latest RTM release in the last chapter.

Related Content you might be interested in

Current Title:

Small book image
Mastering C# and .NET Framework
Dec, 2016 | 560 pages
No titles found
Table of Contents (21 chapters)
Mastering C# and .NET Framework
Mastering C# and .NET Framework
Credits
Credits
About the Author
About the Author
Acknowledgements
Acknowledgements
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Inside the CLR
Inside the CLR
An annotated reminder of some important computing terms
The evolution of .NET
Summary
2
Core Concepts of C# and .NET
Core Concepts of C# and .NET
C# – what's different in the language?
Languages: strongly typed, weakly typed, dynamic, and static
The true reason for delegates
The evolution in versions 2.0 and 3.0
Summary
3
Advanced Concepts of C# and .NET
Advanced Concepts of C# and .NET
C# 4 and .NET framework 4.0
C# 5.0: async/await declarations
What's new in C# 6.0
What's new in C# 7.0
Summary
4
Comparing Approaches for Programming
Comparing Approaches for Programming
Functional languages
The TypeScript language
Summary
5
Reflection and Dynamic Programming
Reflection and Dynamic Programming
Reflection in the .NET Framework
Interoperability
Summary
6
SQL Database Programming
SQL Database Programming
The relational model
The tools – SQL Server 2014
Data access in Visual Studio
The Entity Framework data model
Summary
7
NoSQL Database Programming
NoSQL Database Programming
A brief historical context
The NoSQL world
MongoDB on Windows
MongoDB from Visual Studio
Summary
8
Open Source Programming
Open Source Programming
Historical open source movements
The Roslyn project
TypeScript
Summary
9
Architecture
Architecture
The election of an architecture
CASE tools
The role of Visio
The database design
Visual Studio architecture, testing, and analysis tools
The end of the life cycle – publishing the solution
Summary
10
Design Patterns
Design Patterns
The origins
The SOLID principles
Open/Closed principle
Liskov Substitution principle
Interface Segregation principle
Dependency Inversion principle
Design patterns
Other software patterns
Other patterns
Summary
11
Security
Security
The OWASP initiative
The OWASP Top 10
A1 – injection
A2 – Broken Authentication and Session Management
A3 – Cross-Site Scripting (XSS)
A4 – Insecure Direct Object References
A5 – Security Misconfiguration
A6 – Sensitive Data Exposure
A7 – Missing Function-level Access Control
A8 – Cross-Site Request Forgery
A9 – Using components with known vulnerabilities
A10 – Invalidated redirects and forwards
Summary
12
Performance
Performance
Application Performance Engineering
Summary
13
Advanced Topics
Advanced Topics
The Windows messaging subsystem
Sub-classing techniques
Some useful tools
Platform/Invoke: calling the OS from .NET
Parallel programming
Parallel LINQ
The Parallel class
Task Parallel
.NET Core 1.0
ASP.NET Core 1.0
NET Core 1.1
Summary
Index
Index

A4 – Insecure Direct Object References

Let's remember this definition:

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

For some scenarios, this requires the attacker (who happens to be a legitimate user of the site) to know something about the resource to be attacked in order to substitute the expected information (such as their user account) for the victim's information (in this case, another account number, for example).

The canonical example offered by OWASP recreates a scenario in which a query about an account is to be done using a SQL request:

String query = "SELECT * FROM accts WHERE account = ?";
PreparedStatement pstmt =connection.prepareStatement(query , … );
pstmt.setString( 1, request.getParameter("accountNo"));
ResultSet results = pstmt.executeQuery( );

The...

Previous Section
End of Section 7
Next Section