SQL Server User Group–Edinburgh meet up

20 June, 2011 by Leave a comment

The SQL Server User Group will be meeting at 18:30 (for 19:00) on 29th June at Microsoft’s offices at Waverley Gate.

Agenda

18:30 – 18:50 – Introduction, Networking and Food

18:50 – 19:40 – How to get throughput of over 1GBytes per second for less than 2.5K using commodity kit – Tony Rogerson SQL MVP

In this session Tony will talk about the recent paradigm brought into play through the NoSQL movement for dealing with high performance, high scalability requirements but at a fraction of traditional costs. Tony will demonstrate a box built using commodity kit and will talk about how it may be used to good effect in a Business Intelligence setting. It will be an open discussion.

19:40 – 20:00 – Break

20:00 – 20:50 – SQL Injection Attacks (and how to prevent them) – Colin Angus Mackay

With recent reports of a man convicted of stealing the details of 130million credit cards by use of SQL Injection Attacks, isn’t it time to find out how to defend your systems against them? In this talk Colin Mackay will show you what a SQL Injection Attack is, what they look like, how they work and most importantly how to harden your application and database security in order to defend your systems against them.

Although the technologies used in this talk are SQL Server and the .NET Framework, the general ideas presented apply to any database that uses SQL as a query language, and to any framework that may interact with that database.

Colin Angus Mackay

Colin Angus Mackay is a software developer specialising in Microsoft technologies located in Glasgow, Scotland. A former Microsoft MVP (C#) for four years running, the Treasurer of Scottish Developers, Code Project MVP for five years running, and has co-organised four DDD Scotland events. While not involved in software related pursuits is an amateur photographer (which generally involves wondering why his camera’s autofocus mechanism chooses the potted plant off to the side rather than the main subject).

20:50 – 21:00 – Close

To register for this event visit: http://sqlserverfaq.com/events/262/Scottish-Area-User-Group-Meeting-June.aspx

Filed under Third party events Tagged with , , ,

October Newsletter

19 October, 2009 by Leave a comment

Welcome

First, I’d like to extend an apology to all those that were signed up to our Advanced TDD event which we had to cancel at the last minute. We are looking to re-schedule this event and we’ll publish the details as soon as we have the new date confirmed.

If you are thinking of starting a software or web business Microsoft’s BizSpark or WebsiteSpark programmes may be for you. These programmes offer various software licenses over a 3 year period for eligible start-ups. Information on signing up is available on our site.

If you are simply looking to gain web development skills then Glasgow Caledonian University are now able to offer their Web Systems Development (.NET) postgraduate course, which will run as a part-time evening course starting in February 2010.

If you run a user group, or just know of an event that would be of interest to software developers we’re always keen to hear about it. Let us know by sending an email to support@scottishdevelopers.com

Regards,
Colin Mackay, Chairman, Scottish Developers

Interview with Martin Hinshelwood

Scottish Developers: Martin, you are a Microsoft MVP (Most Valuable Professional) and you recently were re-awarded. Can you tell us something about yourself?

Martin Hinshelwood: I have been a developer since I graduated from university in 2000 and I spent one horrible year using ASP3 before .NET was released in 2001. I primarily program in VB.NET, but as most examples are in C# I need to be able to translate. In 2005 I started working with Visual Studio 2005 Team System, then a fledgling but stable, once you got it installed, product and I have worked with every version since then.

I started a blog in June 2006 and I have blogged on many Microsoft related topics including VSTS, SharePoint, Windows 7, WPF, VB, .NET, WCF as well as non development topics such as Dyslexia.

Being a dyslexic developer I don’t know if having a larger right-hemisphere in my brain and "unusual wiring" has helped me be a better developer, but it has made the ride exiting. The only problem with being a dyslexic is the stigmata attached with it and peoples lack of understanding, the rest… the result of being dyslexic… is actually a benefit in a programmer such as 3-D visualization ability; creative problem solving skills; and intuitive people skills.

SD: When did you first get awarded as an MVP and why?

MH: In October 2008 I was Awarded a Microsoft MVP in Visual Studio Team System (VSTS) which allowed me much more interaction into the product teams. There is a unique element of trust between those on the VSTS Champs list and Microsoft that allows a much closer level of integration and exposure between the VSTS MVP’s and Microsoft.

This has lead to my involvement with VSTS2010 prior to and in between public betas. and some work with the version after that.

Where many MVPs speak at events and do presentations, or work as TFS consultants, I have, so far, stuck to my comfort zone and developed a number of open source application and tools for TFS. Over the past few years I have become a moderator on the Microsoft Answers for Vista forum as well as the new Microsoft Answers for Windows 7. I have participated in the MSDN forums for VB, WPF, WCF and VSTS.

The 2 main projects that helped me attain my MVP were TFS Event Handler and TFS Sticky Buddy.

The TFS Event Handler makes it easier to notify users of changes to Work Items in Team Foundation Server. You will no longer need to add individual alerts to users. It is developed in .NET 3.5 SP1 for Team Foundation Server 2008 and is deployed as a system service.

The Alerts that you no longer need users to individually setup are that: a work item is assigned to you; a work item that is assigned to you is reassigned to someone else; and a work item that you created is assigned to someone else.

There is also a framework for creating and deploying your own event handlers that can do pretty much whatever you want. One of the shipped examples updates “Heat ITSM” whenever a work item that contains a Heat Id is changed.

TFS Sticky Buddy makes it easier for all members of the development team to visualise the current state of their project by utilising a graphical view of Work Items. It is developed in VB.NET for .NET 3.5 SP1 and Team System 2008.

Since then I have written other TFS integration pieces such as TFS ELMAH Log which integrates ELMAH with TFS. SQL Server and BIDS Version Check In Policy which adds a policy to Team Explorer that allows an administrator to require a specific version of SQL Server and the Business Intelligence Development Studio (BIDS) be installed on a users computer prior to checking in. And TFS to Heat which will provide a configurable link between Heat ITSM and Team Foundation Server. This will allow calls to be logged by helpdesk in the standard way, while using TFS to manage the development and support work required to fix the problem.

SD: That’s quite a lot of work, isn’t it? Do you have time for any other types of development?

MH: Outwith TFS have have a some other Open Source things going on.

WPF Behaviours allows the easy addition of drag and drop functionality in the same list, to a different list of the same type and to allow linking between different data types in lists.

Command Line Parser is a nice little command line parser based on Ray Hayes Code Project article Automatic Command Line Parsing in C#. I have adapted it to VB.NET and upgraded it to .NET 3.5. An updated command line parser that has a built in commanding architecture. The usage varies depending on what you are trying to achieve, but you can have commands, nested commands and delegate commands.

.NET Service Manager is a series of classes to enable the management of "Services", wither these services are local (instance) or remote. You can have any number of "ServiceManagers" that encompass a set of features (Services) that can be extracted at runtime.

I have currently been working in a framework similar to the CompositeWPF project that used Ninject for dependency injection and uses the MVVM pattern exclusively, and a project to proxy the connections to team foundation server so that it can be used in a composite manor.

SD: Thanks for taking the time to speak with us about your community work.

Our Upcoming Events

28-October-2009 @ 19:00 in Dundee
SQL Injection Attacks and tips on how to prevent them
Registration Required – Cost FREE

10-November-2009 @ 18:30 in Glasgow
Web Application Testing with Selenium
Registration Required – Cost FREE

SMALL PRINT: The opinions of interviewees do not necessarily reflect the opinions of Scottish Developers or its sponsors.

Filed under Newsletter Tagged with , , , , , , , , , , ,

SQL Injection Attacks and Tips on How to Prevent Them

24 September, 2009 by Leave a comment

Wednesday, 28th October 2009 at 19:00 – 21:00
Queen Margaret Building, Dundee University

The Talk

In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.

In this talk Colin Mackay will demonstrate a SQL Injection Attack on an application in a controlled environment*. He’ll show you where the vulnerable code lies and what you can do to harden it.

Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.

* Demonstrating an attack on a real system without the owner’s consent is a breach of the 1990 Misuse of Computers Act, hence the controlled environment.

The Speaker

Colin Angus Mackay is a Software Developer living in Glasgow. He has been programming since the age of 9 starting with a Sinclair ZX Spectrum. He became a professional software developer in 1994, using a Smalltalk based language called Magik. In 1996 he started using C++ commercially and in 2002 migrated to the emerging language of C#.

Colin has received a number of awards including Code Project MVP (for 5 years) and Microsoft MVP (for 3 years). He is a member of the British Computer Society and a Member of the Institution of Analysts and Programmers. He is currently the chairman of Scottish Developers and has organised the last two Developer Day Scotland conferences (with a third in the works).

You can find out more about SQL Injection Attacks on his blog amongst other things.

The Venue

We are meeting in the Queen Mother Building at Dundee University. After the meeting we normally retire to the the bar at Laing’s

The Agenda

18:45 Doors Open
19:00 Welcome
19:10 The Talk (Part 1)
19:55 Break
20:05 The Talk (Part 2)
20:45 Feedback & Prizes
21:00 Repair to the Pub

Registration

Space is limited, we would therefore ask that you sign up.

Filed under Announcements, Events Tagged with , , , ,

Follow

Get every new post delivered to your Inbox.