說明從ASP.NET MVC 5遷移至ASP.NET Core 2.x會遭遇哪技術上的變更,要如何將既有專案項目移轉到新的ASP.NET Core環境,並做出哪些調整。同時運用ASP.NET Core內建的Dependency Injection相依性注入來註冊你的服務,以達成IoC控制反轉的目的。最後用ASP.NET Core內建的單元測試,包括MStest, NUnit, xUnit來測試專案Function,達到提升品質的目的。在測試的同時,一併介紹如何使用Test Explorer, Live Testing, Code Coverage工具來輔助測試。
碼魔法網站:https://www.codemagic.com.tw/
碼魔法FB : https://www.facebook.com/CodeMagicTw/
ASP.NET Core MVC 2.2 - Development & Unit Testing. How to Choose between NET Core and .NET Framework. Choose between ASP.NET Core 2.1 and ASP.NET Core 2.2.
Au cours des 10 précédentes années, nous avons eu des sessions de Devoxx FR et plusieurs versions dont certaines majeures de Java.
L’objectif de ce talk est de revenir rétrospectivement sur certaines annonces et sur certaines des nombreuses évolutions de Java, notamment récentes afin d’en profiter dans nos applications. Au-delà des évolutions syntaxiques et dans les API, ce sera aussi l’occasion de justifier la migration vers des versions plus récentes de Java.
「我是一個前端工程師,每次要進行頁面套版時,都要等後端工程師寫好 API 才能測試,我覺得很痛苦,但公司的後端我又叫不動,有沒有甚麼方法可以簡單的設計出 RESTful API,讓我可以立即套版使用?我不想每次都苦苦哀求後端工程師快點生出 API 給我!」這是之前某位學生告訴我的一段話,也想必是許多前端工程師的痛,現在,你可以不一樣!
我將在這場分享中講解如何利用 JSON Server 快速建立 RESTful API 服務,讓前端工程師可以在完全沒有後端開發能力的情況下,自行設計出任意格式的 API 讓自己使用。本次直播完全免費,當天還會簡單示範如何在 Angular 使用 Http 服務元件呼叫自製的 API!
Most learning materials for web app pentesting focus on “old school” apps. Maybe they have a little jQuery sprinkled in, but most of the heavy-lifting happens server-side. With the dawn of frontend frameworks like AngularJS, Vue, and React and Single-Page Applications, the way web apps are developed is changing, and pentesters need to keep up. This talk runs through common security issues with and approaches to testing these new apps.
Au cours des 10 précédentes années, nous avons eu des sessions de Devoxx FR et plusieurs versions dont certaines majeures de Java.
L’objectif de ce talk est de revenir rétrospectivement sur certaines annonces et sur certaines des nombreuses évolutions de Java, notamment récentes afin d’en profiter dans nos applications. Au-delà des évolutions syntaxiques et dans les API, ce sera aussi l’occasion de justifier la migration vers des versions plus récentes de Java.
「我是一個前端工程師,每次要進行頁面套版時,都要等後端工程師寫好 API 才能測試,我覺得很痛苦,但公司的後端我又叫不動,有沒有甚麼方法可以簡單的設計出 RESTful API,讓我可以立即套版使用?我不想每次都苦苦哀求後端工程師快點生出 API 給我!」這是之前某位學生告訴我的一段話,也想必是許多前端工程師的痛,現在,你可以不一樣!
我將在這場分享中講解如何利用 JSON Server 快速建立 RESTful API 服務,讓前端工程師可以在完全沒有後端開發能力的情況下,自行設計出任意格式的 API 讓自己使用。本次直播完全免費,當天還會簡單示範如何在 Angular 使用 Http 服務元件呼叫自製的 API!
Most learning materials for web app pentesting focus on “old school” apps. Maybe they have a little jQuery sprinkled in, but most of the heavy-lifting happens server-side. With the dawn of frontend frameworks like AngularJS, Vue, and React and Single-Page Applications, the way web apps are developed is changing, and pentesters need to keep up. This talk runs through common security issues with and approaches to testing these new apps.
透過簡單的攻擊範例,說明四種常見的 SQL Injection (Union Based Injection、Error Based Injection、Boolean Based Blind Injection、Time Based Blind Injection),並介紹一款常用的工具 sqlmap。
Content caching is one of the most effective ways to dramatically improve the performance of a web site. In this webinar, we’ll deep-dive into NGINX’s caching abilities and investigate the architecture used, debugging techniques and advanced configuration. By the end of the webinar, you’ll be well equipped to configure NGINX to cache content exactly as you need.
View full webinar on demand at http://nginx.com/resources/webinars/content-caching-nginx/
Mises à jour logicielles en environnement Linux Embarqué, petit guide et tour...Pierre-jean Texier
Longtemps basées sur des solutions "maison", il existe maintenant grâce à l'évolution du marché de "l'IoT", des solutions open source pour répondre à la complexité qu'est la gestion des mises à jour sur un système Linux Embarqué. Cette conférence commencera par présenter les différentes problématiques liées aux mises à jour dans un tel environnement : - accès physique, - sécurité, - downtime, - les composants à mettre à jour, - les différentes stratégies, - ...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Amazon Web Services
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
Slides from presentation: "Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science" originally released at Black Hat USA 2017 & DEF CON by @danielhbohannon and @Lee_Holmes.
For more information: http://www.danielbohannon.com/presentations/
DerbyCon 2016
Nick Landers @monoxgas
External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.
El objetivo de esta conferencia es la de dar a conocer uno de los ataques más empleados para ganar privilegios de administrador en sistemas Windows 7, 8 y 10, los "bypass UAC attacks", así como la de mostrar un nuevo método basado en uno ya conocido para realizar este tipo de ataques en sistemas Windows 8 y 10.
https://www.youtube.com/watch?v=2B5lB0uJxTE&t=4840s
ce cours vous permettra, de découvrir les fondamentaux du framework angular, ainsi apprendre le framwork par pratique, avec des exemple sur chaque model
Introduce Brainf*ck, another Turing complete programming language. Then, try to implement the following from scratch: Interpreter, Compiler [x86_64 and ARM], and JIT Compiler.
透過簡單的攻擊範例,說明四種常見的 SQL Injection (Union Based Injection、Error Based Injection、Boolean Based Blind Injection、Time Based Blind Injection),並介紹一款常用的工具 sqlmap。
Content caching is one of the most effective ways to dramatically improve the performance of a web site. In this webinar, we’ll deep-dive into NGINX’s caching abilities and investigate the architecture used, debugging techniques and advanced configuration. By the end of the webinar, you’ll be well equipped to configure NGINX to cache content exactly as you need.
View full webinar on demand at http://nginx.com/resources/webinars/content-caching-nginx/
Mises à jour logicielles en environnement Linux Embarqué, petit guide et tour...Pierre-jean Texier
Longtemps basées sur des solutions "maison", il existe maintenant grâce à l'évolution du marché de "l'IoT", des solutions open source pour répondre à la complexité qu'est la gestion des mises à jour sur un système Linux Embarqué. Cette conférence commencera par présenter les différentes problématiques liées aux mises à jour dans un tel environnement : - accès physique, - sécurité, - downtime, - les composants à mettre à jour, - les différentes stratégies, - ...
Deep Dive on Amazon EC2 Instances & Performance Optimization Best Practices (...Amazon Web Services
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
Slides from presentation: "Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science" originally released at Black Hat USA 2017 & DEF CON by @danielhbohannon and @Lee_Holmes.
For more information: http://www.danielbohannon.com/presentations/
DerbyCon 2016
Nick Landers @monoxgas
External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.
El objetivo de esta conferencia es la de dar a conocer uno de los ataques más empleados para ganar privilegios de administrador en sistemas Windows 7, 8 y 10, los "bypass UAC attacks", así como la de mostrar un nuevo método basado en uno ya conocido para realizar este tipo de ataques en sistemas Windows 8 y 10.
https://www.youtube.com/watch?v=2B5lB0uJxTE&t=4840s
ce cours vous permettra, de découvrir les fondamentaux du framework angular, ainsi apprendre le framwork par pratique, avec des exemple sur chaque model
Introduce Brainf*ck, another Turing complete programming language. Then, try to implement the following from scratch: Interpreter, Compiler [x86_64 and ARM], and JIT Compiler.
Introduce twMVC
list text here ASP.NET MVC 可以吃嗎?
ASP.NET MVC 的成功案例
什麼是 MVC
MVC 概觀
ASP.NET MVC 對物件導向的潛移默化
View 簡介
View Engine
HTML Helper
Partial View
Razer Helper 小技巧
ASP.NET MVC 就快進入4了,您跟上了嗎? 如何將現有的 MVC3 如何升級到MVC4呢?無痛升級系列。以及ASP.NET MVC4 新增功能介紹。
課程內容:
ASP.NET MVC 3 升級到 ASP.NET MVC4 的示範與常見問題說明
Basic Project & Empty Project Template
從無到有,建置ASP.NET MVC4 Web API應用程式、How to self-host a web API
Display Modes
View Switcher
Bundling and Minification
Task Support for Asynchronous Controllers
Mobile Project Template
9. 跨平台 Windows平台
.NET Core .NET Framework
ASP.NET Core ASP.NET
ASP.NET Core MVC ASP.NET MVC
.NET Core與.NET名詞對比
10. 兩兩種.NET Core開發途徑
Visual Studio 2017 & 2019
CLI + ⽂文字編輯器 ( Visual Studio Code, vim, Atom…)
Visual Studio
2017/2019
Visual Studio
for Mac
Visual Studio
Code
.NET Core
CLI tools
19. Choosing .NET Framework
Your app uses third-party .NET libraries or NuGet
packages not available for .NET Core.
Your app uses .NET technologies that aren't available
for .NET Core.
Your app uses a platform that doesn’t support .NET
Core.
21. 三種ASP.NET Core選擇
ASP.NET Core MVC 2.0 / 2.1 / 2.2 ?
ASP.NET Core 2.0不考慮
jQuery Validation v1.14.0
ASP.NET Core 2.1
Bootstrap 3.3.7 + jQuery
ASP.NET Core 2.2
Bootstrap 4.1.3 + jQuery 3.3.1
22. ASP.NET Core 2.0, 2.1, 2.2
三者看似相同的⼩小改版,怎麼選?
ASP.NET Core 2.0:Execution Performance
Microsoft.AspNetCore.All ( metapackage )
ASP.NET Core 2.1:Build & Execution Performance
ASP.NET Core 2.2:Functional ,APIs Performance
ASP.NET Core 2.1 & 2.2
Shared Framework — Microsoft.AspNetCore.App, *.All
23. Runtime Package Store
ASP.NET Core 2.0
/usr/local/share/dotnet/store/x64/netcoreapp2.0
ASP.NET Core 2.1 & 2.2
/usr/local/share/dotnet/shared/Microsoft.AspNetCore.app/
41. .NET Core內建單元測試框架
dotnet new
dotnet new mstest
Templates Short Name Language Tags
-----------------------------------------------------------------------
Unit Test Project mstest [C#], F#, VB Test/MSTest
NUnit 3 Test Project nunit [C#], F#, VB Test/NUnit
xUnit Test Project xunit [C#], F#, VB Test/xUnit
47. Unit Test — Bad Naming
Public void Test_SqrtValue()
{
//Arrange
Var Calc = new Calc();
//Act
Var sqrtValue = Calc.GetSqrt(4);
//Assert
Assert.Equal(2, sqrtValue);
}
初始化
動作(執⾏行行)
斷⾔言(評估執⾏行行結果預
48. Unit Test — Good Naming
Public void GetSqrt_SingleNumber_ReturnrSqrtValue()
{
//Arrange
Var Calc = new Calc();
//Act
Var sqrtValue = Calc.GetSqrt(4);
//Assert
Assert.Equal(2, sqrtValue);
}
MethodName_TestScenario_ExpectedBehavior
53. 但~相依特定實作是不好的
FubonBankServices service = new FubonBankServices()
EsunBankServices service = new EsunBankServices()
相依特定實作,⼀一旦替換實作,所有類別程式必須修改
在專案中⼀一堆類別程式初始FubonBankServices,若若
FubonBankSevices需要組態,會在專案的各⾓角設定組態
未實作interface介⾯面,導致單元測試難以Mocking或Stubing
60. 註冊服務的三種Lifetime指令
AddScoped⽅方法—Scoped lifetime service
are created once per request
AddTransient⽅方法 — Transient lifetime service
are created each time they're requested
AddSingleton⽅方法 — Singleton lifetime service
are only created at the first request time
64. Better integration with popular Open API (Swagger) libraries including design-time
checks with code analyzers
Introduction of Endpoint Routing with up to 20% improved routing performance in
MVC
Improved URL generation with the LinkGenerator class & support for route
Parameter Transformers (and a post from Scott Hanselman)
New Health Checks API for application health monitoring
Up to 400% improved throughput on IIS due to in-process hosting support
Up to 15% improved MVC model validation performance
Problem Details (RFC 7807) support in MVC for detailed API error results
Preview of HTTP/2 server support in ASP.NET Core
Template updates for Bootstrap 4 and Angular 6
Java client for ASP.NET Core SignalR
Up to 60% improved HTTP Client performance on Linux and 20% on Windows
http://bit.ly/2sn6oWT