How to choose a static analysis tool

Tools to improve and control code quality can be a keyΒ success factor in a complex software project implementation. Static analyzers belong to such tools. Nowadays, you can find various static analyzers: from free open-source to cross-functional commercial solutions. On the one hand, it’s great – you can choose from many options. On the other hand – you have to perform advanced research to find the right tool for your team.

Continue reading

Technical support: what it’s for and how to avoid burnout?

Not everyone enjoys working in support. Many people who work there experience burnout. So maybe companies shouldn’t have any support at all? How do they benefit from it? Is there a way to prevent burnout while working in support? Let’s try to find the answers.

Continue reading

Protocol Buffers, a brutal protocol from Google, vs. PVS-Studio, a static code analyzer

Protocol Buffers is a very popular, cool, and high-quality product that is mostly developed by Google. This is a good challenge for the PVS-Studio static code analyzer. Finding at least something is already an achievement. Let’s give it a shot.

Continue reading

XSS: attack, defense – and C# programming

XSS – or cross-site scripting – is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let’s figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we’re at it, we’ll talk about ways you can protect yourself from XSS.

Continue reading

Tutorial: how to port a project from Interop Word API to Open XML SDK

With the .NET5 release further development of some projects was questionable due to the complexity of porting. One can abandon small outdated libraries or find a replacement. But it’s hard to throw away Microsoft.Office.Interop.Word.dll. Microsoft doesn’t plan to add compatibility with .NET Core/5+, so in this article we focus on creating Word files with Open XML SDK.

Continue reading

Pentest Insights: Choosing a Tool for Traffic Analysis and Interception

GUEST POST

Author David Balaban

Traffic analysis is a very important stage of penetration testing. In packets transmitted over the network, you can find many interesting things, for example, passwords for accessing various resources and other valuable data. To intercept and analyze traffic, sniffers are used, which humanity has invented a great many. Today I will talk about several popular sniffers for Windows.

Continue reading

Using Static Analysis Online [Compiler Explorer]

Do you want to try a static analyzer but you don’t feel like installing it and figuring the things out? That’s OK 😊

This video will tell you how to do it online and most importantly for free. By the way, this website allows you to check if your code compiles πŸ˜‰

Code from video.

Have fun watching this video and coding πŸ™‚

Optimization of .NET applications: a big result of small edits

Today we’re going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.

Continue reading