Practice
Requirement Document -> extract core use cases that can have the most impact on the design of the software project.
So instead of implementing each feature end-to-end and fully polished, we want to implement these core use cases first. Because implementing these use cases early on will give us an idea of the challenges involved in this project.
Backlogs are where we store all the use cases of the project.
Dependencies between the use cases are shown using dashed arrows. Based on these dependencies, we will know in which order we need to implement these use cases
Overriding Code-First Conventions
Data Annotations
Easier
Has Limitation
Fluent API
More Powerful
A bit more complex
Presentation Model or ViewModel is a different class that is purely used for presentation and is not part of the domain.
Preventing Common Web Application Vulnerabilities
SQL Injection
Allows an attacker to execute malicious SQL statements in your application.
use parameterized queries
use Entity Framework to generate SQL queries
if we use SqlQuery() of DbSet, then it will again generate SQL Query and the application will be vulnerable to SQL Injection.
Cross-site Scripting (XSS)
Enables an attacker to execute a malicious script on the victim's computer.
escaping content (eg. <script> => <script>)
By default, ASP.NET MVC applications have protection mechanism that detects javascript in inputs of the forms. (it can be explicity disabled in the Web.config file.)
By default, Razor views automatically escape content. (except Html.Raw())
Cross-site Request Forgery (CSRF)
Allows an attacker to perform actions on behalf of a user without their knowledge.
call @Html.AntiForgeryToken() in the forms, and then decorate the target action with [ValidateAntiForgeryToken] attribute.
Avoid Using Magic Expressions because they are very fragile as we rename variable or method name or class name that is referenced in magic strings, code will break it will not get changed.
Instead of that use Lambda Expressions
Last updated
