useful links and tools

VSTS - Release variables

As you compose the tasks for deploying your application into each environment, variables will help you to: Define a more generic deployment process once, and then customize it easily for each environment. For example, a variable can be used to represent the connection string for web deployment, and the value of this variable can be changed from one environment to another. These are custom variables. Use information about the context of the particular release, environment, artifacts, or agent in which the deployment process is being run. For example, your script may need access to the location of the build to download it, or to the working directory on the agent to create temporary files. These are default variables.

How to implement row level security

Microsofts document about how to implement row level security

Safe way to get identity

Implementing identity for multiple threads

newsequentialid

SQL seqential GUID

DataFlow library

Read about data flow

cloudflare

Making the Internet Work the Way It Should for Anything Online Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Our Anycast technology enables our benefits to scale with every server we add to our growing footprint of data centers.

HTTP VS HTTPS

Example of loading data using http vs https Encrypted Websites Protect Our Privacy and are Significantly Faster Compare load times of the unsecure HTTP and encrypted HTTPS versions of this page. Each test loads 360 unique, non-cached images (0.62 MB total). For fastest results, run each test 2-3 times in a private/incognito browsing session.

Lets encrypt

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host. To figure out what method will work best for you, you will need to know whether you have shell access (also known as SSH access) to your web host. If you manage your website entirely through a control panel like cPanel, Plesk, or WordPress, there’s a good chance you don’t have shell access. You can ask your hosting provider to be sure.

GitVersion - VSTS Extenstion

Versioning when using Git, solved. GitVersion looks at your Git history and works out the semantic version of the commit being built. It works with most branching strategies but has been designed mainly around GitFlow and GitHubFlow (pull request workflow). The calculated version numbers can then be accessed through variables such as $(GitVersion_NuGetVersion) and $(GitVersion_SemVer). It is also very configurable to allow it to work with most release workflows!

sqlmap - SQL injection tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Features Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass. Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice. Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.

VSTS Plugin - Package Management

Share code with everyone in your organization by building and sharing packages of reusable components. The Package Management extension enables continuous delivery workflows by hosting your components/packages and making them available to your team, your builds, and your releases. If you're currently storing your NuGet packages on a NuGet server or on a file share that you manage yourself, you can move those packages to Team Services and enjoy deep integration with Team Build and Release Management. Package Management currently supports NuGet packages. Package Management core features Package Management works with your existing investments in Version Control and Team Build by enabling you to seamlessly share components across your engineering process. It also works great with other CI systems like Jenkins. Organize and secure with feeds Package Management lets you organize the components that your project consumes and produces into feeds. You can create as many or as few feeds as you want to match your development process, continuous integration setup, and governance needs. And, you can protect your packages with simple Owner/Contributor/Reader permissions on each feed.

Postman - Api tool

Save requests and organize your APIs into Collections Create and send any HTTP request using the awesome Postman request builder. Write your own test cases to validate response data, response times, and more!

Microsoft - Test & Feedback tool

Now everyone on the team can own quality. Capture findings, create issues, and collaborate with the team, directly from the browser. Test & Feedback - Now everyone on the team can own quality. Capture findings, create issues, and collaborate with the team, directly from the browser. Everyone in the team, be it product owners, developers, testers, UX designers etc., can now test their web-apps and give feedback, all directly from the browser on any platform: Windows, Mac, or Linux. All kinds of teams will now be able to drive quality in 3 easy steps – capture, create & collaborate Capture - Take notes, screenshots with annotations, and screen recordings to capture problems. Automatically include rich data like user actions (as an image action log), page load data, and system information. Create - Create bugs, tasks, and feedback response work items to send feedback or report problems. Create test cases quickly based on the image action log while you explore your app. Automatically attach all your captured information. Collaborate - Work offline in standalone mode, then export your session to share findings with your team. For more integrated experiences with end-to-end traceability, connect to Visual Studio Team Services or to Team Foundation Server 2015 or later. For example, you can explore user stories directly from the board, manage all feedback requests received, and easily track bugs, tasks and other work-items. To view completed exploratory sessions and get insights across all completed sessions, for example, details about sessions and work items that are created, explored, and weren’t explored, plus other data, go to your exploratory testing insights page. You can use the extension for FREE in these modes: Standalone and Connected Standalone Mode: Available to everyone. Any team, large or small, can use standalone mode to capture issues using screenshots with inline annotations and notes and then share the results using a session report. No connection to Visual Studio Team Services or Team Foundation Server required. Connected Mode: Connect to Visual Studio Team Services/Team Foundation Server to drive your exploratory testing and feedback flows. - Users with Basic access: Full capture and create capabilities to submit bugs, tasks and test cases. Includes collaboration capabilities like end-to-end traceability, rich insights across completed exploratory sessions, simplified bug/task tracking & triaging, and so on. - Users with Stakeholder access: Full capture and create capabilities, except for test cases, to submit feedback and respond to feedback requests from your team. Feedback experiences are available in Team Services and TFS "15" or later only. Learn more https://www.visualstudio.com/en-us/docs/test/manual-exploratory-testing/getting-started/perform-exploratory-tests

Flexbox

The Flexbox Layout (Flexible Box) module (currently a W3C Last Call Working Draft) aims at providing a more efficient way to lay out, align and distribute space among items in a container, even when their size is unknown and/or dynamic (thus the word "flex"). The main idea behind the flex layout is to give the container the ability to alter its items' width/height (and order) to best fill the available space (mostly to accommodate to all kind of display devices and screen sizes). A flex container expands items to fill available free space, or shrinks them to prevent overflow. Most importantly, the flexbox layout is direction-agnostic as opposed to the regular layouts (block which is vertically-based and inline which is horizontally-based). While those work well for pages, they lack flexibility (no pun intended) to support large or complex applications (especially when it comes to orientation changing, resizing, stretching, shrinking, etc.). Note: Flexbox layout is most appropriate to the components of an application, and small-scale layouts, while the Grid layout is intended for larger scale layouts.

Metasploit - penetration testing software Put your network's defenses to the test

Metasploit Newbies New to Metasploit? This is the place to start. Get access to information, free tools, tutorials and more. Get an intro to penetration testing Learn about Metasploit Install Metasploit (Windows | Linux) Troubleshoot Installation Issues Get started (Pro | Community) View all documentation (PDF | HTML) Get community support Framework Users Been using MSF for years? Check out the latest development and tap into the community. Get community support Compare with Metasploit Pro Setting up a development environment Read Rapid7's open source commitment Meterpreter documentation Contribute to Metasploit Exploit Developers Want to write exploits or submit open source code? Get access to the tools and docs. Download source code Join Metasploit IRC channel Access developer docs Setting up a development environment Read Rapid7's open source commitment

arachni - web application security scanner framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating systems (MS Windows, Mac OS X and Linux) and distributed via portable packages which allow for instant deployment. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration is a cinch. Finally, due to its integrated browser environment, it can support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.

Image Optimizer

Uses industry standard tools to optimize any JPEG, PNG and Gifs - including animated Gifs. It can do both lossy and lossless optimization. Features Adds a right-click menu to any folder and image in Solution Explorer that let's you automatically optimize all PNG, GIF and JPEG files in that folder. Optimizes PNGs (uses Zopfli compression) Optimizes GIFs Optimizes animated GIFs Optimizes JPGs (uses MozJPEG) Works on single images files or entire folders Copy any image as base64 dataURI to clipboard Optimize images Simply right-click any file or folder containing images and click one of the image optimization buttons.

VS Bundler & Minifier

Features Bundles CSS, JavaScript or HTML files into a single output file Saving a source file triggers re-bundling automatically Support for globbing patterns MSBuild support for CI scenarios supported Minify individual or bundled CSS, JavaScript and HTML files Minification options for each language is customizable Shows a watermark when opening a generated file Task Runner Explorer integration Command line support Shortcut to update all bundles in solution Suppress output file generation Convert to Gulp

dbForge SQL Complete, v5.5 Express

Express is a free edition that provides basic code completion functionality. To see advantages of dbForge SQL Complete over Microsoft SQL Server Management Studio 2016 (SSMS), please refer to the

Varnish cache

Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture..

Tool allows you to record a selected area of your screen and save it as a Gif

Features: Record your screen and save directly to a gif looped animation or a video. Pause and continue to record or start over by discard the recording. Move the window around to record what you want, it stays on top. You can add Text, Subtitles, Title Frames, Borders, Watermarks, Drawings, etc. Crop and Resize. Remove frames that you don't want. Select a folder to save the file automatically or select one before encoding. Add the system cursor to your recording. Very small sized and portable (uses a settings file under the AppData folder) executable. ♦ Requires .Net Framework 4.6.1.

AutoFixture

AutoFixture is an open source library for .NET designed to minimize the 'Arrange' phase of your unit tests in order to maximize maintainability. Its primary goal is to allow developers to focus on what is being tested rather than how to setup the test scenario, by making it easier to create object graphs containing test data.

ChartJS

Plugin to make charts beautiful

Prism JS - code syntaxt higlighting

allows user to display code in html with highlighting for your language

Search trees

n LINQ, expression trees are used to represent structured queries that target sources of data that implement IQueryable<T>. For example, the LINQ provider implements the IQueryable<T> interface for querying relational data stores. The C# compiler compiles queries that target such data sources into code that builds an expression tree at runtime. The query provider can then traverse the expression tree data structure and translate it into a query language appropriate for the data source. Expression trees are also used in LINQ to represent lambda expressions that are assigned to variables of type Expression<TDelegate>.

Search extensions

IQueryable Searching The IQueryable extension methods build expression trees based on your command chain and then sends this request to the data provider when required. This means that your data provider is restricting the records that are brought into memory instead of having all records brought into, and filtered, in memory. Methods Search methods available to IQueryable data are: Containing - target property contains search term or terms IsEqual - target property equals search term or terms StartsWith - target property starts with search term or terms

Dapper

.NET data access

Standards for .net

https://docs.microsoft.com/en-us/dotnet/articles/standard/library

Package search - Where is the method now

Allows user to search packages
}
Blog
Products
Error pages
Links and tools