📒
Notes
Cloud ComputingData Science/AIGame Development
  • Home
  • Big O
  • Data Structures & Algorithms
    • Data Structures
      • Array
      • Stack
      • Queue
      • Linked List
      • Binary Tree
    • Algorithms
      • Searching
      • Sorting
      • Graphs
        • Searching
        • Minimum Spanning Tree
        • Shortest Path Algorithms
      • String Algorithms
  • Object Oriented Programming
  • Languages
    • HTML/CSS
      • CSS
    • C++
    • C#
      • Types
      • Keywords
        • Modifiers
          • Access Modifiers
        • Method Parameters
      • Operators and Expressions
      • Collections
      • Constructors
      • Delegates
      • Indexers
      • Concepts
      • Features
        • LINQ
          • Operators
          • Working with Data
          • Methods
          • Resources
        • Asynchronous Programming
        • Reflection
    • Dart
    • GraphQL
    • JavaScript
      • Variable and Parameter
      • Built-in objects
        • Array
        • Built-in Functions
      • Functions
      • Classes
      • Prototype
      • Libraries
        • jQuery
        • React
          • Components
          • State and Lifecycle
          • Hooks
            • useState
            • useEffect
          • Resources
      • Testing Framework
      • Web APIs
    • Kotlin
      • Basics
    • Python
      • Basics
      • Data Structures
      • Functions
      • Resources
        • Flask
    • SQL
      • Basics
      • Operators
      • JOINs
      • Aggregations
      • Subqueries
      • Views
      • Functions
        • Window Functions
      • Stored Procedures
      • Performance Tuning
      • Extras
    • Resources
  • 🌐Web Frameworks
    • Angular
      • Templates
      • Directives
        • Attribute Directives
        • Structural Directives
    • ASP.NET
      • Fundamentals
        • Dependency Injection
        • Middleware
        • Session & State Management
      • Web apps
        • MVC
          • Controllers
            • Filters
          • Models
            • Model Binding
            • Model Validation
          • Views
            • Tag Helpers
            • View Components
          • Features
        • Client-side development
      • Web APIs
        • Controller-based APIs
        • Minimal APIs
        • OpenAPI
        • Content Negotiation
      • SignalR
      • Host and Deploy
        • IIS
      • Security
    • Django
      • The Request/Response Cycle
    • Terminologies
      • Web Server
        • Internet Information Services
    • Resources
  • 📱App Frameworks
    • Introduction
      • Resources
    • Xamarin
      • Lifecycle
      • Custom Renderers & Effects
      • Behaviors
      • Triggers
      • Gestures
      • Commands
      • Dependency Service in XF
      • Libraries
      • Showcase
    • .NET MAUI
      • Controls
      • Navigation
      • Storage Options
  • Multi-Platform Frameworks
    • .NET
      • .NET Framework
        • ADO.NET
        • WCF
      • Fundamentals
        • Logging
        • Testing
      • Advanced
        • Asynchronous Programming
        • Parallel Programming
        • Threading
        • Memory Management
          • Garbage Collection
    • Flutter
  • Object-Relational Mappers
    • Entity Framework
      • Application Models
      • Configuration
      • Setting Up
      • Advanced
  • Databases
    • Introduction
      • DBMS Architecture
      • Normalization
      • Database Transaction Models
    • Relational Databases
      • Microsoft SQL Server
        • Basics
        • Functions
        • Stored Procedures
        • Error Handling
        • Log Shipping
        • Querying and Manipulating JSON data
        • Statements
        • Topics
        • Extras
    • Non-Relational Databases
      • MongoDB
      • Redis
        • Data Structures
        • Introduction
        • Managing Database
  • Tools
    • Version Control
      • Git
        • Setup and Config
        • Basics
          • Sharing and Updating Projects
        • Resources
      • Perforce Helix
    • GitHub
    • Powershell
  • Software Development
    • Software Development Life Cycle
    • Software Design Patterns
      • GoF Design Patterns
      • Architectural Patterns
        • MVC
        • MVVM
        • N-tier Architecture
        • Onion Architecture
        • Data Transfer Objects
      • CQRS
    • Software Design Principles
      • S.O.L.I.D. Priniciple
  • System Design
    • Topics
      • Load Balancing
  • Topics
    • JWT
    • Caching
      • Static vs Dynamic Caching
    • OSI model
      • HTTP
    • Glossary
    • API
      • SOAP
      • REST
    • Microservices
    • WebHooks
    • Practice
    • Operating Systems
      • Windows
    • Architecture
  • 🔖Bookmarks
  • 🔗Resources
Powered by GitBook
On this page
  • Overriding Code-First Conventions
  • Preventing Common Web Application Vulnerabilities
  • SQL Injection
  • Cross-site Scripting (XSS)
  • Cross-site Request Forgery (CSRF)

Was this helpful?

  1. Topics

Practice

PreviousWebHooksNextOperating Systems

Last updated 4 years ago

Was this helpful?

Requirement Document -> extract core use cases that can have the most impact on the design of the software project.

So instead of implementing each feature end-to-end and fully polished, we want to implement these core use cases first. Because implementing these use cases early on will give us an idea of the challenges involved in this project.

Backlogs are where we store all the use cases of the project.

Dependencies between the use cases are shown using dashed arrows. Based on these dependencies, we will know in which order we need to implement these use cases

Overriding Code-First Conventions

Data Annotations

  • Easier

  • Has Limitation

Fluent API

  • More Powerful

  • A bit more complex

Info

Presentation Model or ViewModel is a different class that is purely used for presentation and is not part of the domain.

Preventing Common Web Application Vulnerabilities

SQL Injection

Allows an attacker to execute malicious SQL statements in your application.

  • use parameterized queries

  • use Entity Framework to generate SQL queries

if we use SqlQuery() of DbSet, then it will again generate SQL Query and the application will be vulnerable to SQL Injection.

Cross-site Scripting (XSS)

Enables an attacker to execute a malicious script on the victim's computer.

  • escaping content (eg. <script> => &lt;script&gt;)

  • By default, ASP.NET MVC applications have protection mechanism that detects javascript in inputs of the forms. (it can be explicity disabled in the Web.config file.)

  • By default, Razor views automatically escape content. (except Html.Raw())

Cross-site Request Forgery (CSRF)

Allows an attacker to perform actions on behalf of a user without their knowledge.

  • call @Html.AntiForgeryToken() in the forms, and then decorate the target action with [ValidateAntiForgeryToken] attribute.

Avoid Using Magic Expressions because they are very fragile as we rename variable or method name or class name that is referenced in magic strings, code will break it will not get changed.

Instead of that use Lambda Expressions

System.ComponentModel.DataAnnotations Namespace