Sunday, April 26, 2009

New definition to C#

If anyone asksus , what is C#, what will be our answer? All of us will say, C# is an Object Oriented Language targeting .NET run time. Today this definition of C# is only 10% correct or you can say 10% complete. Surprised! read ahead.

Few days back, I was listening to Anders Hejlsberg's PDC 2008 presentation on C# 4.0. There he formulated a new definition for C#.
C# is a multi-paradigm language that covers functional, imperative, generic, object oriented and component oriented disciplines.

C# 2.0 introduced some concepts of functional languages like anonymous methods and then came LINQ. F#, a pure functional language, makes extensive use of anonymous methods to achieve its goal. C# 4.0 will introduce new features that makes it interoperable with domain specific languages targeting .Net run time.

Some important links:

Currently Listening - Feel the Rush by Shaggy
~eNjOy CoDiNg~

Saturday, April 18, 2009

Places where I'm blogging

Connected Information Security Group blog. This is now closed as our team name is changed.

Our team got a new name, Information Security Tools, hence a new blog site,

My good old blogspot account where I started blogging few years back.

I'll use security tools blog for topics related to my work and application security and for all other things I'll use my blogspot account.


Safer Source Control Settings in Visual Studio 2008

There is a section for Source Control settings under Visual Studio IDE options where we can set check in and checkout behavior. Two important settings are:

* Save: Check out automatically (default)
* Editing: Check out automatically (default)

As per my experience these defaults are not good/ safe. These settings could result in:

* Checking out files without knowledge, as even a single click or key press will automatically checkout the files.
* Checking out files in share mode by default is again not a good option as it lets multiple users to work on same file simultaneously. If we require then we can do this for files where want to have this kind of flexibility but giving this as default is not good.

I suggest, we all should change these settings on our boxes to:

* Save: Prompt for checkout
* Editing: Prompt for exclusive checkouts

~vIsUaL sTuDiO rOcKs~

Currently Watching - Man Vs. Wild on Discovery

Monday, April 6, 2009

Where is Gaurav?

Hello! everyone,

It’s been a long time since I blogged last time. Past year was very busy @ work as well as personal stuff. I got into Microsoft and got married the same year. No, marriage is in no way related with getting a job @ Microsoft (I can see you people laughing). Here at Microsoft I’m part of Information Security Team with specific attention on development of tools which facilitates a secure computing environment.

Last year I worked on applications built entirely on different technologies. I was part of one huge project using SQL Server 2008 and Integration services. Best thing about working at Microsoft is you get to work on top end technologies, that too, months ahead of their market release. I was working on SQL Server 2008 for more than 6 months when SQL Server 08 officially released. Working on SQL Server 2008 was not just using another new version of database by migrating all 2005 databases to 2008. It was all about using new features like Partitioning, Compression, Query Logging etc. Our SSIS package was so fast that it processed 20 GB of data in 4 hours. Amazing and our applications database is one of the biggest application databases on SQL 2005 and SQL 2008. Crazy stuff. All this was part of information security domain.

Next on my plate was a small project. I was asked to create some custom templates for Visual Studio. This was not that complex project but its impact was huge. Technology used, Visual Studio 2008, SSRS, pre XML, SSAS and MDX queries. It took me some time to get hold of MDX stuff but this was again fun.

Next comes a web based application with security issues all over. My task, act as a superman, get hold of all those bugs, fix them, release the application and wait for the results. From past three years in my career I rarely gave importance to security of the application that I’m developing. As far as I can see, code reviews were always centred around design patterns and multi layer architecture. No one talked about security. One reason might be the type of applications that I was working on in those days. But things are entirely different here in Microsoft. Here we have a group known as ACE which certifies that our application is 100% secure before we go into production. Without their certification application cannot be deployed into production. Great stuff. I worked on all kind of security bugs, XSS, SQL Injection, One Click Attack, cross site script forgery etc. I am also an ACE certified application developer now. This was great learning experience.

Apart from these things I also worked on some initiatives which were highly appreciated. One of them and closest to my heart is Build and Deployment tool built using Windows Workflow Foundation. This is an amazing concept which will now be available with VSTT 2010.

Currently I’m working with ILM, Identity Lifecycle Management, product team to develop customized solution for internal customers. Besides this, my time goes by in playing with Windows Communication Foundation, SQL Server 2008 and Application Security. Few weeks back I did some good stuff on SQL Server policy based management and after one internal demo I’ll post it . Till then.....

~enjoy cOdInG~