InnerWorkings Blogs

Today we released our ASP.NET 2.0 Security using Visual C# Practice Set.  This is a particularly important release for us and is the most eagerly awaited Practice Set we?ve published, both because writing secure Web applications is an incredibly important topic, and because it?s our first VS 2005 release.  Amongst the topics covered are Web application attacks, log-in controls, authorisation and roles, and securing & monitoring ASP.NET apps.  You?ll be able to get full information (and purchase it!) in the next few days from out Web site catalogue.  And we’ll be following up with a VB.NET version soon.

I must thank the team of developers and writers for all their work ? we?re breaking new ground both by covering a new topic and by releasing the new .NET 2.0 testing framework.  And we?re continuing to challenge the traditional idea of how a learning system should work ? in this we?re achieving one of the most important things that we set out to do.

Last week we pre-released the Practice Set to our internal staff and a limited number of external users with whom we?ve developed close relationships.  This is a new step that is very worthwhile, and I hope always to be able to do it in the future.  There was a flurry of excitement from the sales crew when they thought we?d released fully nearly a week early ? I guess we need to work on the internal communication a bit!

Add this post to:             

As I sit here at my computer on yet another late night technical adventure, (although not really a late night as far as late nights go, (approx. 1am)), I find myself comtemplating the state of technology and the break-neck pace that things appear to be moving. It seems to me that everyday I come across some new and intriguing technology or some new idea that I am interested in. So, I do some research take some notes, try a few things to get better acquainted with my new found technical treasure and without delay, this new found treasure ends up being added to the pile of cool and interesting things that I “am going to spend time to learn more about“. When in reality, I know that I don’t have nearly enough time to get to the “COOL” stuff, let alone the everyday necessary activities. Although I shall never discard the pile of stuff to learn about, in hopes that someday I will be able to requisition for extra minutes in an hour, extra hours in a day, or maybe even an extra day in my week.

However until I am able to somehow accomplish that colossal task I am going to have to settle for cherry picking the technologies that I think have some good potential and look like they will have some great benefit in the future. So to reflect on that a little, I have come across a few technologies that I really like and plan to spend more time discussing in future posts. For now, I will just introduce!

First, and a fairly obvious choice, though it exist today, is generics. This technology has been needed in the dotnet framwork since the framework was first released. The idea of creating generic collections or datatypes instead of having to worry about casting and boxing and unboxing all the time is very intriguing and I am very pleased that it has made its way into the .NET 2.0 framework. So, I will be discussing that, along with some code, of course!!

Next, and probably one of the things that I am looking most forward to getting more familiar with is LINQ and its iterations. I think that the direction that Microsoft, with the tutelage of Anders, is taking data access and data manipulation in the future is going to make life easier and working with data a lot more attractive. I am really looking forward to having LINQ. For those not aware, LINQ is Language Integrated Query, which in its simplest form is making data access code, SQL and the Like, a first class citizen within a respective language, both VB.NET and C#. So I will be talking about that in the near future as well.

Another technology that I am excited about is ‘Sparkle’ or Microsoft Expression Interactive Designer. Personally I like the name Sparkle better. Although this technology is not a tru developer tool, the promise that it shows for bridging the gap between UI design and Application development, I find very intriguing. So, I will discuss this as well.

So to end, I just want to say that I will be discussing and talking about various things; some technical, some not, some factual, some opinion and some just for fun. There will be many technical discussions, including but definitely not limited to the ones I mentioned here. I plan to rant a lot.

I’ll talk at ya’ later…..

Add this post to:             

Pleasanton, CA - February 23, 2006 - InnerWorkings today announced the general availability of Developer Interface 3.0, the next major release of the company’s client application for .NET developers. The product’s main new features include:

• Extensive Add-In integration with Visual Studio 2003 & 2005
• Immediate access to learning functionality and support within the IDE
• Advanced code search and retrieval capabilities
• Streamlined code judging process

With this release, developers are able to access learning menu and toolbar options from within Visual Studio, featuring everything needed to complete InnerWorkings’ coding challenges. Developer Interface v3.0 introduces new search functionality that allows developers to search across InnerWorkings’ entire catalog of released challenges and all associated code files.

All new and existing InnerWorkings Developer Programs can leverage this tighter integration with Visual Studio through the Developer Interface 3.0.
Existing users will be prompted to update the Developer Interface client application at their next login. The update process is straightforward and fast, and it automatically downloads and configures the new version. All new users will install the Developer Interface 3.0 and begin using the unique features of this practice-based learning environment immediately.

Add this post to:             

I paid a visit to the RSA security conference on Wednesday afternoon, primarily to see what new products and services are easing corporate insecurities. I certainly didn’t need to be convinced that security is top-of-mind for most small, mid-sized, and large companies. If I had any doubts, the sheer volume of vendors (250+ exhibitors) and scale of presentations (Chambers, Gates, McNealy) at this show dispelled them. I don’t have attendance figures, but I’d guess that RSA was certainly on a par with PDC or TechEd. All the major software and hardware vendors were represented handsomely - Cisco, IBM, Microsoft, HP, Sun, CA, Symantec - basking in the luxury of deep pile carpet and 50′ x 50′ booth displays that looked like Italian furniture showrooms. Some vendors even opened a full bar service (beer on draft) towards the end of the conference exhibit hours; they got lots of traffic but nobody paid a blind bit of attention to their products once the suds were flowing!

Despite the big corporate largesse, I have to say that most of the interesting stuff was happening with the smaller software companies that were announcing some great innovations and impressive product releases. Amidst the mill of encryption, smart card, virus protection, and firewall technologies, there were a few gems to be found. SPI Dynamics  ran a tiny booth in the Microsoft Partner Pavilion, but I continue to be really impressed by what they are doing for Web application security. Having talked to their product team at VSLive, I spent some more time looking at a demo of their DevInspect product for Visual Studio developers. It’s a very clever tool that finds security threats and vulnerabilities in your ASP.NET applications, fixes them in some instances, runs scripts to prevent malicious input, and hands off to a number of key security resources and best practices for ongoing support. I’d like to know more about SPI’s team of security researchers, but I’m told they work around the clock identifying new threats and updating their knowledge repository. If I wanted to be picky, I’d say that SPI needs to invest in providing more learning support and case studies that highlight best practices for writing secure code. It’s good to identify and fix problems after they’ve been written into a mission-critical web application, but it’s also important to instill a culture of best practices for writing secure code across your development organization. Maybe InnerWorkings could help with that, guys…

Late in the afternoon, I sat through one of the best product demos I’ve seen in a long time by a company called Verdasys. One of their product managers gave a very compelling walk-through of their Digital Guardian platform, which basically protects an organization’s data assets. I began to realize just how much visibility an organization can have into all activities across their commercial systems. The presenter used the example of a rogue employee at a large financial services institution who was trying to steal credit card information from the system. Shocking premise, I know. It tracked his every move from attempting to copy personal data between applications, hide it on the network, save it to an external drive, and process a false transaction to a friend’s account. The tracking, logging, and reporting tools were all web-based, beautifully designed, and really powerful at identifying and isolating this type of security breach. I particularly like the “Forensic Reports” that the management console produced - great name for an efficient and no-nonsense product! I’d feel a lot safer knowing that my bank (and all its anonymous subsidiary holding companies) had this kind of data tracking and protection system in place.

I also spent some time with Microsoft’s application development lifecycle folks and got a good overview of their internal security practices. They walked through the use of threat models, code scanning tools, code reviews, and security testing. I even walked away with a copy of the “19 Deadly Sins of Software Security”. I’m told this book is the security bible for every developer working at Microsoft (I’m sure the authors would agree). As impressive as the lifecycle model looks, and despite the obvious strides that have been made in OS and application security, I still feel there’s a lack of formal learning and ongoing support underpinning the lifecycle model - everything else in the model looks solid, but that’s a pretty significant omission in my humble opinion.

On a final note, I discovered that the hardest thing to secure in downtown San Jose is a simple parking spot. I spent about 30 minutes being waved from one monolithic concrete parking lot entrance to another, dodging hundreds of distracted pedestrians with orange access cards dangling from their necks. I eventually parked in another zip code and got some fresh air walking to and from the show. Yet another sign that security is big business in this part of the world…

Add this post to:             

We are one week away from the general availability of our enhanced Developer Interface 3.0.  Launch date is set for February 15th.   We have put this new release in the  hands of a number of early release customers and we have already gotten great feedback on the enhancements this new release offers!

Those of you who have had issues with proxy servers at work, will find this new release has a robust support for proxy servers.  You will also want to give the new SEARCH capability a try.  It allows you to easily find code snippets from our challenges that provide you with quick and easy reference for your every day job needs.

Of course the biggest new feature that we are so excited about is our integration with Visual Studio.   The Developer Interface now is an add-in for VS2003 or VS2005.  You have access to all of the key functionality of our learning environment right inside of Visual Studio — no more flipping back and forth between applications.

We look forward to hearing from more of you once our new DI3.0 is released.    Again, that date is February 15th!  Let us know what you think.

Add this post to:             

This will be our third year attending VSLive in San Francisco, a noteworthy event in the development community calander. On my way to the conference yesterday, I thought about the past three years and how quickly they have come and gone! It doesn’t seem all that long ago since we setup our very first booth and started telling anyone who’d listen about the great things that InnerWorkings was going to do for software developers. Three years later and I can talk in the present tense - we are releasing new products, we’re supporting VS 2005, and we’re running coding contests for developers. So now there’s much more to talk about and there’s a lot more people listening!

My first impressions of VSLive 2006 are somewhat mixed - attendance is down from last year and there’s certainly far fewer exhibitors at the conference. I have to say that I didn’t get the same buzz at this event as previous years - too many empty hallways and vacant escalators for my liking. Maybe things will pickup today with the breakout sessions and midnight madness event. A little energy and excitement certainly wouldn’t go amiss. It’s difficult because Microsoft hasn’t really got any major product announcement for this show, just more of the same but better, faster, stronger. Last year the buzz was ripe around VS 2005 and VSTS and your head would spin just looking at all the breakout themes.

I’m still a big fan of VSLive, however - where else can you get all flavors of VB and C# developers looking at your latest product release, asking probing questions, and arguing over the merits of your coding contest prizes? The feedback doesn’t get any more real or immediate, that’s for sure. Now if I could just find a free coffee station, Mr. Fawcette…

Add this post to: