June 7, 2010 - 08:25 EDT
about a framework Microsoft has created called Pex for automatically generating unit tests with high test coverage. There is a video of it here: http://channel9.msdn.com/posts/Peli/Getting-started-with-Pex-in-Visual-Studio-2008/
March 10, 2009 - 20:02 EDT
David grabbed the keyboard and jotted down two new examples.
March 10, 2009 - 19:36 EDT
When I came into the office the next day, I immediately started rewriting the application to use prepared statements. An hour later I was done, and called Mr. X to go through it. By lunch time we had co-written the documentation, and code and documentation was sent over to the customer.
January 8, 2009 - 21:20 EST
"As you saw from your implementation, writing your own security routines isn't always a good idea", Mr. X said looking me straight in the eyes.
January 5, 2009 - 22:15 EST
I thought about what Mr. X said for a while.
January 4, 2009 - 15:21 EST
"So let's go back to the input validation", Mr. X said. "How do you want to do the validation of the names now?"
January 4, 2009 - 14:17 EST
"Now remember", Mr. X said, "that we are storing most of our user data in LDAP. But when we are storing orders, we store the name in our SQL database as a part of the shipping address. How do you suggest we handle LDAP injection with your approach?"
January 4, 2009 - 10:17 EST
After finishing the call, Mr. X came back into my office.
January 3, 2009 - 11:39 EST
The next morning I got my first go at a real system for a real customer. One of the company's clients had recently had a successful hacking attempt on one of their systems, and they wanted us to review and fix it.
December 8, 2008 - 21:09 EST
Today was a disaster - I really messed it up.