Stress Test ASP.NET Web Application With Free WCAT Tool

  Building ASP.NET web applications? Plan to serve thousands of users? Would you like to see how your application would behave [misbehave] under stress? Use simple-to-use and freely available WCAT tool to generate the load and get detailed report for expected throughput (requests/sec) and other important performance-wise information. Summary of steps Install WCAT Create configuration…

12

Performance Sin – Using Exceptions To Control Flow

Want to spot coding anti-patterns from performance perspective without actually looking in the code? One of the common performance coding anti-patterns I’ve noticed lately is using Exception Handling to control program flow. The anti-patterns Most common anti-pattern is just using exception handling to control flow, in some cases it was even nested exception handling –…

4

Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings

How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? How to stay focused? In this post I will show my simple technique to capture security flaws using Bookmarks in Visual Studio. Create bookmark folders. Hit Ctrl + K and then Ctrl…

3

Performance Code Review Tool – Practices Checker

Care about performance? Do you write your code with performance in mind? Want little help to spot performance bottlenecks automatically? Practices Checker to the rescue. The goal of the tool is “Help you perform a manual code inspection by analyzing your application for potential coding and configuration settings that do not adhere to the patterns…

8

Profiling JavaScript With Ajax View Tool: Spot Poor Performance Client Script In No Time

Ever wondered why your application unreasonably slow? You have it all – most powerful hardware, your database is tuned, SQL queries are optimized, network is barely utilized, and .Net code is super efficient. So why on earth response time is so slow? The answer might lie in recently developing area – client script. I’ve witnessed…

3

Create Your Own Guidance Explorer Items Inside Outlook 2007

Want to create your own nuggets of wisdom? Want it to look and feel like patterns&practices nuggets of wisdom look and feel? Want to reuse it, mix and match with existing ones? It is easy and fast with Outlook 2007. I will show how I extend my knowledge base with a snap using Outlook 2007’s…

1

Consume patterns&practices Guidance Explorer Via RSS Using Outlook 2007

patterns&practices recently released new version of Guidance Explorer [GE]. One of the most important addition was enabling RSS on the online GE store. What does that mean? It means you can consume distilled security, performance, and Visual Studio wisdom in any RSS reader of your choice. It means you can leverage familiar environment to consume…

6

Identify ASP.NET, Web Services, And WCF Performance Issues By Examining IIS Logs

Simple examination of IIS logs can reveal potential performance issues related to ASP.NET web applications, ASP.NET web services, and IIS hosted WCF services. Fast, easy, cheap. These are the simple steps I take: Time-Taken & W3C Logs: Turn it on… Collect the data in the IIS logs Open IIS logs in MS Excel 2007 Analyze…

10

Security Tools From Microsoft ACE Team

Mark covers arsenal of security tools available from Microsoft ACE team. The tools are: Threat Analysis & Modeling Enterprise (TAM-E) CAT.NET (Code Analysis Tool) Spider TCM (Assessment and compliance tool)


XSSDetect Public Beta now Available!

XSSDetect public beta is now available for download on MSDN. Overview XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It…

1