Posts

At my current workplace, All Applications are expected to adhere to PCI DSS standards meant for Data protection, Access Regulation and so on. Dedicated SOC Team,consisting of Security analyst who are continously on the prawl to identify breach, conduct periodic auditing of Applications, hardening of Servers.

While all our .NET applications adhere to below guidelines,

• ASP.NET Security Overview
• Secure Coding Guidelines
• Security Guidelines by OWASP

We also use tools like Snyk to perform code vulnerability analysis as part of Jenkins driven CI/CD pipeline. In spite of above, we do come across vulnerabilities identified by SOC Team which we needs to be addressed quickly. SOC team uses tools such as Burp Suite.

Over the last many years, de-facto language of the Web (specifically front-end) has been Javascript (and variants like Typescript, ECMAScript versions and so on). The Web development has been revolving around HTML+CSS+Javascript trio. It all started with support for Javascript in browsers, followed by addition of XMLHTTP API, Rich DOM Manipulation Support in Javascript. To induce order and apply patterns to Javascript’s usage in browsers, numerous frameworks and libraries were introduced like React and Vue among others. To begin with, The target used to be browsers on Large Devices like Desktop & Laptops. However, soon all sorts of devices were targetted with advent of Responsive and Progressive CSS+Javascript libraries eg. Bootstrap. Offline Support soon came in ref: Electron and Progressive Web Applications.

Background

The source code of tracfee.com is hosted on Github Private.

At a High level, Tracfee’s Architecture involves,

• Single Page Application using VueJS, deployed on Netlify
• API in Go, deployed on Oracle Cloud

So far, API testing has been automated and we were looking at ways to automate deployment of both UI and API. Steps required to deploy API are less since we are using Docker to run it on VM. However, in case of Netlify, it is required to build and then upload the output folder on Netlify.

Background

Recently, we had requirement wherein a process should,

• Periodically (Poll) or Asynchronously (Pub-sub) listen on incoming requests/messages. The whole process is expected to be long running.
• Should also implement clean disposal of in-flight requests and subsequent cleanup using something similar to Cancelble Context in Go

The first of the objective is somewhat dependent on mechanism (Pub/sub, Listener), protocol (TCP, HTTP etc.). For the second one, .NET framework (and .NET Core) offers CancellationToken. It is maint for co-operative cancellation between threads and Task Objects. So Armed with this, is it possible to come up with a template that allows cancellation of long running task while also being deployed as Windows Service (or using systemd in Linux) ?

Background

Oftentimes, we come across situation where code does not perform as per expectation. What is typically approch to address it,

• Performance Testing - Visual Studio Load Tests or Third party tools like Locust, Vegeta, Gatling etc.
• Visual Studio Diagnostics Tools Or
• Use tools like Perfview/dotTrace/dotMemory to diagnose bottlenecks

What if it is possible to Benchmark code for,

• Set of varying parameter(s)
• Different runtimes (.NET Framework versions, .NET core, Mono etc.) with option to Benchmark it
• Observe Memory Allocations for diagnostics
• Get Detailed report on execution timeline
• Have it as part of test suite so that it can be easily executed with every iteration involving optimized code to get immediate feedback

Enter BenchmarkDotNet, a Powerful .NET library for benchmarking. It is used by DotNET Team, Roslyn, ASP.NET Core and many other projects.

Background

A Web Application, developed in ASP.NET Core (Runtime Version 3.1.100) using Razor Pages and Web API, is expected to be launched from within third-party Web Application in iframe, with complete HTML being rendered.

During the Development, a mock HTML Page was developed to simulate launching of ASP.NET core based Web Application in iframe. Note that this page as well as Application was hosted on same IIS Server and it worked fine. Subsequently, Web Application was deployed on Test Server and URL was shared for integration with third party Application and then it happened Boom…. i.e. Application when launched in iframe rendered HTML but none of the post request would work (returning HTTP Error 400). Careful inspection showed that,

Background

Recently, i got involved in assignment where in an application was facing issues with throughput. Expectation is to support more than 500 transactions per second while load testing results were indicating system was experiencing high latency beyond 100+ transactions per second.

This application is developed in .NET Framework + .NET Core and primarily uses Relational Database for persistence and has point to point integration (mainly over HTTP) with internal & external application(s).

Background

One of the key project(s) at my current organization is developed on .NET 4.6.1. It is developed as Modular Monolith. As part of it’s functionality, it supports different channels like Mobiles, Terminals and Web. For the Web channel, there was need to develop a Web application with,

• High availability
• Lightweight, High throughput (Need to support few thousand(s) active users)

Accordingly, we have been exploring developing this Web Application in .NET core 3.1. However, it also means that we will have to use class libraries, targeted at .NET framework 4.6.1, in .NET core and vice-versa. How can this be done?

Even Eric Evans explicitly states that DDD isn’t suitable for problems when there’s substantial technical complexity, but little business domain complexity. Using DDD is most beneficial when the complexity of the domain makes it challenging for the domain experts to communicate their needs to the software developers. By investing your time and effort into modeling the domain and coming up with a set of terminology that’s understood for each subdomain, the process of understanding and solving the problem becomes much simpler and smoother