New versions of Anti-XSS & CAT.NET available today and some background and history about the ACE team

*** UPDATE **********   ALL LINKS ARE LIVE NOW!   *********************   Hi All – this is Irfan Chaudhry, Director of the ACE Team. As you may have read on some of the other blogs, today, we’re releasing versions of Anti-XSS and CAT.NET (available in 32-bit and 64-bit versions) to the general public. Anti-XSS is a…

7

Performance Monk and the Deadly Duo

Alik here. Following great feedback on our last post we decided to continue sharing ACE Team members’ insights with the online community. This time Bani shares how he is finding his new temple by changing his religion (from UNIX to Windows). He also shares fantastic tips and resources on how effectively to do so –…

1

The Secrets Of High Performance Consulting From ACE Performance Engineer

Alik here. Being member of a global team I was wondering recently about few questions: How distributed team can improve its own performance and communications? How the team can share technical and professional values when each member is thousand miles away? How our team – ACE team – can offer more value to the online…

6

Vulnerabilities in Web Applications due to improper use of Crypto – Part 2

Continuing with my last post on vulnerabilities in web applications due improper use of crypto, lets look at what might happen if you reuse an internal method for encrypting data. Consider a web application that needs to encrypt an application cookie. The developer uses the CookieProtectionHelper.Encode method to encrypt it. CookieProtectionHelper.Encode is an internal method,…

3

Vulnerabilities in Web Applications due to improper use of Crypto – Part 1

Cryptography is used often in web applications. Web sites that use cookie based authentication encrypt and sign the authentication cookie. Query strings are sometimes encrypted to prevent manipulation and also to pass sensitive data from one page to another. Form fields may be encrypted and signed to hold sensitive data on the client side. In…

4

Disk Partition Alignment (Sector Alignment): Part I: Slide Deck

Disk partition alignment is a best practice.  Now that SQL Server wait stats are formally documented & DMVs are available, disk partition alignment may be the best-kept secret related to SQL Server performance optimization.   In combination with stripe unit size & file allocation unit size, you can increase I/O throughput by 10%, 30%, or…

1

IE7 vs. IE8 in VSTS 2008 SP1 Load test

As we all know, IE8 is coming out soon (Beta 2 is already released) and one of the major performance changes in IE8 is opening up to 6 concurrent connections per host, comparing to only 2 in IE7. So, the question is: Does VSTS have IE8? And if it does, does it really open 6…

1

How to simulate IE Caching in VSTS 2008

Sometimes it’s beneficial to run load test simulating IE cache. For example, if application is used frequently by repeated users, or if project team wants to set up production monitoring system that measures user experience with cache. There are two places in VSTS where cache should be enabled to achieve close IE cache simulation: 1)     …

4

Improving Smart Client Performance using IIS 6 Native Compression

In .NET 2.0 the property .EnableDecompression was added which will allow you to use IIS 6 Native Compression in your smart client application. The following article explains how to implement compression in your application and how to configure IIS 6 to support compression of asmx web services. Step 1: Configure client side code to allow…

5

ASP.NET Performance: High CPU Utilization Case Studies And Solutions

This post shares case studies of high CPU utilization of ASP.NET web sites. High CPU utilization was caused by lack of batch compilation, multiple folders, and use of XmlSerializer. In all cases the result was high CPU and poor performance; the symptom was .NET CLR Loading\Current Assemblies counter showing “unusual” number of loaded assemblies. Case…

6