File Upload In A Web Test: The Case Of Submitting A Form With JavaScript

     This post documents steps we have taken to simulate file upload with Web Test when the form is submitted via JavaScript [vs. simple postback]. Credits go directly to Shai Raiten, MVP, brilliant young man, and the mind behind the workaround. Quick Resource Box How to upload a file in a Web test Shai Raiten’s…

0

Sysinternals ProcMon New & Improved – Captures Both System & Application Events

     This post inspired by fantastic news I heard over at John Robbins blog of Wintellect. John collaborated with Mark Russinovich. Mark made it possible for Process Monitor [ProcMon] to collect events reported by an application and John wrapped a nice API that can be used either from native or managed code. Quick Resource Box…

0

Fiddler Extensibility: Flagging ASP.NET Performance Problems

     Although Fiddler PowerToy – Part 2: HTTP Performance is quite dated article about Fiddler, I constantly find very useful and practical gems in it. Flagging performance problems by coloring outstanding requests is one of them. Quick Resource Box Fiddler PowerToy – Part 2: HTTP Performance  Fiddler ASP.NET Performance: Get Rid of HTTP 401 and…

2

ASP.NET Performance Toolset

Any consultant can streamline ASP.NET Application performance troubleshooting process when he has a good toolset handy. By “good” I mean the tools are well known and it is free. These two attributes usually help passing security department smoothly and never meet procurement department too. These departments are well known road blockers. For a reason… Before…

0

Free Web Performance Tools From Microsoft, Google, Yahoo, And IBM

     This post is a quick overview of free performance tools available from Microsoft, Yahoo, Google, and IBM. It also contains a pointers to related articles that go deeper regarding the best practices and how the tools can help in identifying compliance to the best practices. Quick Resource Box: Microsoft’s Fiddler (Performance Tuning with Fiddler)…

1

Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities

Well defined set of search patterns helps significantly reduce time (cost) when performing security code inspections. This post focuses on input validation vulnerabilities commonly found in ASP.NET web applications. SQL Injection and Cross Site Scripting (XSS) String search patterns SQL Injections and XSS attacks are most common that exploit improper data access and lack of…

2

ASP.NET Performance Sin – Serving Images Dynamically (Or Another Reason To Love Fiddler)

Serving images dynamically may cause performance hit. Dynamically served images require more HTTP requests which violates Steve Souders’ performance rule #1 – Make Fewer HTTP Requests. The latency is also caused by parallelism (or parallel downloading) limitations as described in detail here Performance Research, Part 4: Maximizing Parallel Downloads in the Carpool Lane Static Images…

7

Free Performance Tool – Analyze IIS Logs Like A Pro With Funnel Web Analyzer

These free performance tools will save you time and money identifying performance bottlenecks. Your customers will thank you for building fast and responsive applications. Funnel Web Analyzer 5.0 for Windows Download the tool here. Analyzer gives insight into everything from server load and customer usage to intranet analysis. It allows you to gain vital feedback…

10

Quickly Find And Fix Cross Site Scripting (XSS) Vulnerabilities In Your ASP.NET Application.

Want to quickly check your ASP.NET Web application for Cross Site Scripting (XSS) vulnerability? It is pretty easy with the knowledge and tools you already have. This post describes how to quickly find and fix most of XSS vulnerabilities in your code. Why XSS vulnerabilities are possible XSS vulnerabilities are possible when un-sanitized data printed…

2