Practice

Requirement Document -> extract core use cases that can have the most impact on the design of the software project.

So instead of implementing each feature end-to-end and fully polished, we want to implement these core use cases first. Because implementing these use cases early on will give us an idea of the challenges involved in this project.

Backlogs are where we store all the use cases of the project.

Dependencies between the use cases are shown using dashed arrows. Based on these dependencies, we will know in which order we need to implement these use cases

Overriding Code-First Conventions

Data Annotations

Easier
Has Limitation

Fluent API

More Powerful
A bit more complex

`Info`

System.ComponentModel.DataAnnotations Namespace

Presentation Model or ViewModel is a different class that is purely used for presentation and is not part of the domain.

Preventing Common Web Application Vulnerabilities

SQL Injection

Allows an attacker to execute malicious SQL statements in your application.

use parameterized queries
use Entity Framework to generate SQL queries

if we use SqlQuery() of DbSet, then it will again generate SQL Query and the application will be vulnerable to SQL Injection.

Cross-site Scripting (XSS)

Enables an attacker to execute a malicious script on the victim's computer.

escaping content (eg. <script> => <script>)
By default, ASP.NET MVC applications have protection mechanism that detects javascript in inputs of the forms. (it can be explicity disabled in the Web.config file.)
By default, Razor views automatically escape content. (except Html.Raw())

Cross-site Request Forgery (CSRF)

Allows an attacker to perform actions on behalf of a user without their knowledge.

call @Html.AntiForgeryToken() in the forms, and then decorate the target action with [ValidateAntiForgeryToken] attribute.

Avoid Using Magic Expressions because they are very fragile as we rename variable or method name or class name that is referenced in magic strings, code will break it will not get changed.

Instead of that use Lambda Expressions

PreviousWebHooks NextOperating Systems

Last updated 4 years ago

hashtagOverriding Code-First Conventions

hashtagData Annotations

hashtagFluent API

hashtagInfo

hashtagPreventing Common Web Application Vulnerabilities

hashtagSQL Injection

hashtagAllows an attacker to execute malicious SQL statements in your application.

hashtagCross-site Scripting (XSS)

hashtagEnables an attacker to execute a malicious script on the victim's computer.

hashtagCross-site Request Forgery (CSRF)