XSS: attack, defense – and C# programming

XSS – or cross-site scripting – is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let’s figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we’re at it, we’ll talk about ways you can protect yourself from XSS.

Continue reading

Optimization of .NET applications: a big result of small edits

Today we’re going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.

Continue reading

How to Use Mass Suppression in PVS-Studio for C#?

Have you just run the analyzer and now you have no idea what to do with all this abundance of warnings? ๐Ÿ“œ Nothing to worry about – we made a special mechanism that can help you deal with them ๐Ÿ’ช๐Ÿป

In this video, you’ll learn about the inner workings of mass warnings suppression mechanism in PVS-Studio for ะก#. If you’re interested in other programming language, follow the links bellow ๐Ÿ™‚

Mass Suppression in PVS-Studio for C++

Mass Suppression in PVS-Studio for Java

Conclusion Have fun watching this video and coding ๐Ÿ™‚

Enums in C#: hidden pitfalls

C# has low barriers to entry and forgives a lot. Seriously, you may not understand how things work under the hood but still write code and remain easy-going about this. Though you still have to deal with different nuances over time. Today, we’ll look at one of such subtle aspects – handling enumerations.

Continue reading

How WCF shoots itself in the foot with TraceSource

We don’t often get the chance to write something on parallel programming issues. This time we “got lucky”. The TraceEvent standard method has some implementation peculiarities. They resulted in an error with multiple threads blocking. So we’d like to warn users about this nuance and cover this interesting case from our users support practice. Why was our support involved? Keep reading to find out. Enjoy the reading!

Continue reading

Unity projects analysis: the solution file has two projects named “UnityEngine.UI”

While PVS-Studio analyses a Unity project, one may stumble upon such an error: Error was encountered while trying to open solution file ‘…’: The solution file has two projects named “UnityEngine.UI”. This note discusses the reasons for this error and how to eliminate it.

Continue reading

Hidden reefs in string pool, or another reason to think twice before interning instances of string class in C#

As software developers, we always want our software to work properly. We’ll do everything to improve the software quality. To find the best solution, we are ready to use parallelizing or applying any various optimization techniques. One of these optimization techniques is the so-called string interning. It allows users to reduce memory usage. It also makes string comparison faster. However, everything is good in moderation. Interning at every turn is not worth it. Further, I’ll show you how not to slip up with creating a hidden bottleneck in the form of the String.Intern method for your application.

Continue reading