Ruthlessly Helpful

Stephen Ritchie's offerings of ruthlessly helpful .NET practices.

Monthly Archives: May 2012

The SDL Static Analysis Story

With the two day Microsoft Security Development Conference starting tomorrow in DC, I am curious to hear about one thing: what is the static code analysis story in the Security Development Lifecycle?

Microsoft explains their vision of the Security Development Lifecycle and provides SDL Practice #10: Perform Static Analysis. On that page, under the heading of Tools specific to this practice, CAT.NET is recommended and download links are provided. However, the links are to CAT.NET version 1.0. What happened to CAT.NET 2.0?

On the MSDN blog a post from the SDL folks implies that security-oriented code analysis is going to be part of Visual Studio 11. I believe there is a lot of value in having a separate tool, like FxCop, to perform static code analysis across VS projects and solutions and on 3rd-party assemblies.

I would love to hear more about the tools specific to SDL Practice #10: Perform Static Analysis, and I am hopeful that this will be described in detail in one or more sessions at some future SDC.

Advertisements

Thank You Philly.NET Code Camp 2012.1

Philly.NET Code Camp 2012.1Although I have been developing software for more than 20 years, on Saturday I went to my first Code Camp. I delivered one session at Philly.NET Code Camp on the topic of Automated Unit and Integration Testing with Databases.

I was amazed. Philly.NET Code Camp is like a mini TechEd. I am impressed at how professionally everything was done. Registration, content, food, facilities, etc. This group knows how to put on a code camp. It is a testament to the capability and dedication of Philly.NET; it’s leadership and members. Keep up the good work. Thank you for an awesome day. I cannot wait for the next one.

Slides

Here are the slides, available through SlideShare.

Sample Code

The sample code from my session (Tools track, 1:40 PM) is available here:

Also, please review the requirements for using the code samples in the section below the slides.

Requirements For The Code Samples

To use the sample code, you need to create the Lender.Slos database. The following are the expectations and requirements needed to create the database.

The sample code assumes you have Microsoft SQL Server Express 2008 R2 installed on your development machine. The server name used throughout is (local)\SQLExpress. Although the sample code will probably work on other/earlier versions of SQL Server, that has not been verified. Also, if you use another server instance then you will need to change the server name in all the connection strings.

Under the 0_Database folder there are database scripts, which are used to create the database schema. For the sake of simplicity there are a few command files that use MSBuild to run the database scripts, automate the build, and automate running the tests. These batch files assume you defined the following environment variables:

  • MSBuildRoot is the path to MSBuild.exe — For example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319
  • SqlToolsRoot is the path to sqlcmd.exe — For example, C:\Program Files\Microsoft SQL Server\100\Tools\Binn

The DbCreate.SqlExpress.Lender.Slos.bat command file creates the database on the (local)\SQLExpress server.

With the database created and the environment variables set, run the Lender.Slos.CreateScripts.bat command file to execute all the SQL create scripts in the correct order. If you prefer to run the scripts manually then you will find them in the $_Database\Scripts\Create folder. The script_run_order.txt file lists the proper order to run the scripts. If all the scripts run properly there will be three tables (Individual, Student and Application) and twelve stored procedures (a set of four CRUD stored procedures for each of the tables) in the database.

Automated Unit and Integration Testing with NDbUnit

The sample code from the May 1, 2012 presentation of Automated Unit and Integration Testing with NDbUnit to the CMAP Main Meeting is available on GitHub: https://github.com/ruthlesshelp/Presentations. Please review the requirements for using the code samples in the section below the slides.

The slides are available on SlideShare.

Requirements For The Code Samples

To use the sample code, you need to create the Lender.Slos database. The following are the expectations and requirements needed to create the database.

The sample code assumes you have Microsoft SQL Server Express 2008 R2 installed on your development machine. The server name used throughout is (local)\SQLExpress. Although the sample code will probably work on other/earlier versions of SQL Server, that has not been verified. Also, if you use another server instance then you will need to change the server name in all the connection strings.

The sample code for this presentation is within the NDbUnit folder.

Under the 0_Database folder there are database scripts, which are used to create the database schema. For the sake of simplicity there are a few command files that use MSBuild to run the database scripts, automate the build, and automate running the tests. These batch files assume you defined the following environment variables:

  • MSBuildRoot is the path to MSBuild.exe — For example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319
  • SqlToolsRoot is the path to sqlcmd.exe — For example, C:\Program Files\Microsoft SQL Server\100\Tools\Binn

The DbCreate.SqlExpress.Lender.Slos.bat command file creates the database on the (local)\SQLExpress server.

With the database created and the environment variables set, run the Lender.Slos.CreateScripts.bat command file to execute all the SQL create scripts in the correct order. If you prefer to run the scripts manually then you will find them in the $_Database\Scripts\Create folder. The script_run_order.txt file lists the proper order to run the scripts. If all the scripts run properly there will be three tables (Individual, Student and Application) and twelve stored procedures (a set of four CRUD stored procedures for each of the tables) in the database.

Get 40% off Pro .NET Best Practices!

40% off Pro .NET Best Practices eBook

Apress is currently running a promotion for Pro .NET Best Practices. This is for a limited time.

Until May 31, 2012, you can get 40% off the Pro .NET Best Practices eBook from the Apress website when you apply the promo code CMAP12.

Follow these steps

  1. Go to the Pro .NET Best Practices page at apress.com: http://www.apress.com/9781430240235
  2. Select the “Buy eBook” button
  3. Enter the promo code: CMAP12
  4. Press the “Apply Discount” button
  5. Proceed to checkout

Available eBook formats: EPUB, MOBI, PDF

This discount is only available through apress.com, when you purchase the eBook and apply the promo code CMAP12.

For more information, please visit apress.com