All Posts

Azure DevOps ARM Templates: How to ruin your day!

Love CI/CD in Azure DevOps! But if you make this one innocent mistake while using ARM Templates, you can completely utterly ruin your day. ARM Templates are scoped to a Resource Group. I use ARM Template deployments for deploying Azure Data Factory to QA and Prod When configuring an ARM Template deployment watch out for…

Keep reading

Azure: Locking Resources

Azure lets you lock your resources so they cannot be deleted without first removing the lock. Only an owner or administrator in your account can use this feature. It overrides a user’s permission so that they cannot accidentally delete or remove a resource. These locks are outside the Role Based Access Controls (RBAC). When the…

Keep reading

Enabling SSL in IIS Express

This blog post is intended to help lay the groundwork to eventually setup and configure Mutual Authentication (Two Way TLS/Client Cert).  For now, I will demonstrate how to just setup and configure basic SSL in IIS Express.  For this exercise, I will be using a self-signed certificate that Visual Studio automatically generates and installs for us.…

Keep reading

Ionic 2 Issues on Windows 10

The last couple days I have been struggling with installing Ionic 2 on my Windows 10 laptop. Here is my Ionic info: C:\Dev\ionicProjects>ionic info Your system information: Cordova CLI: 6.3.1 Gulp version: CLI version 3.9.0 Gulp local: Ionic CLI Version: 2.1.0 Ionic App Lib Version: 2.1.0-beta.1 OS: Node Version: v6.7.0 Here is the error I…

Keep reading

Cordova Hook: Internationalizing your App Name for Android

On a recent app I worked on, we needed to internationalize the App Name.  Currently, Cordova does not allow you to easily handle this via configuration.  One alternative is to open the Android project and modify it to include the internationalization.  However, if a developer removes the platform, the process has to be repeated.  This…

Keep reading

Android: What is AAPT?

Android has a ton of tools.  This is a quick introduction to a couple commands I use in AAPT. What is AAPT? AAPT (Anroid Asset Packaging Tool) is a great tool to help you view, create and update your APKs (as well as zip and jar files). Where is it? On Windows, check you Android/tools…

Keep reading

Securing your HTML Form in ASP.NET MVC

By now, developers should really understand how to build a form and properly secure it.  But this still seems to allude some.  It’s rather embarrassing to fail security assessments for certain secuirty flaws that can be easily avoided. In this blog, a refresher on the basics will be covered for securing your post as well…

Keep reading

Security Assessment 101: Failed because of my cookies???

What really?  My security assessment failed because of my cookies.  But I only use a couple of cookies to store certain user preferences.  Those cookies are there only for user convince.  Guess what?  That third-party that ran the security assessment doesn’t care.  All they care about is that you have cookies and that you are…

Keep reading

Security Assessment 101: Failed due to Login Enumeration

Wait a second?  Really, I can’t tell my user that they locked out the account.  Yep!!!  For sites containing highly sensitive information like employee information, financial information, etc…  you will fail a security assessment because you are telling a hacker the account is locked out. Why is that? The concern is a hacker attempted to…

Keep reading

KendoUI: Understanding ToDataSourceResult

Using server filtering is rather easy with Kendo UI MVC, unless your new to it.  Then that first couple hours is pretty frustrating untill you find the right article, information and samples.  I have very few gripes with Telerik and Kendo UI but they do have a problem with the Kendo UI Demos.  They do…

Keep reading

KendoUI: Formatting Dates, Numbers, Currency and Custom Formats

Ever need to format text in JavaScript?  Ok, dumb question.  Everyone has needed that functionality.  Well, if you use KendoUI, Telerik provides a pretty awesome framework for this.  There is a toString method which is documented here. This method takes three parameters: value –> the Date or Number to be formatted. format –> string to format.…

Keep reading

Security Assessment 101: Skip HTTP and just use HTTPS

So you built this awesome business web app.  You sold it to your customer and it’s now in production.  You’re using SSL which is even configured for best practices.  See my previous post on securing SSL.  But what happens when a user goes to your web application.  It probably redirects them to HTTPS so the user…

Keep reading

Security Assessment 101: What gives? My SSL failed?!?

You delivered your awesome business application and it’s running in production.  You are a developer and have some limited System Admin skills so obviously your company decided you were the perfect person to set up your production environments.  The data is sensitive so obviously you have SSL turned on.  Everyone involved is in ecstatic!!!  Then…

Keep reading

Getting started with Responsive Web Design for Business Web Applications

Finally getting time to make significant improvements to the UI of my business web applications.  One of the top priorities on my projects is UI Transformation using Responsive Web Design (RWD).  Should we have done this years ago???  Sure!!!!  So much to do so little time… There are many different aspects to tackling UI improvement…

Keep reading

Quick Tips – HTML5 FlowChart and Extract CSS

A couple quick tips… HTML5 FlowChart Found this HTML5 Element Flowchart by HTML 5 Doctor and wanted to share the link.  I think it’ll come in very handy when making choices with HTML5.  This chart has a basic flow chart for determining which HTML5 Element (<nav>, <article>, <section>, <aside>, <section>, <figure>, …) to use and…

Keep reading

Getting started with writing secure ASP.NET MVC Code

Over the last few years, I have become very focused on writing secure code.  One of the main driving forces for this is the number of security assessments my application has undergone over the last few years as well as the plethora of information now easily accessible.  So where does one start with writing secure…

Keep reading