Codeguru Update eNewsletter - March 7th, 2006


Application Security Testing: An Integral Part of DevOps

CodeGuru Newsletter
March 7, 2006


This newsletter is part of the Developer.com, EarthWeb, and internet.com networks.
Jupitermedia Corporation

___________________________ Sponsors ________________________________


--> Editorial - "OOP is so ten minutes ago..."

--> Recently Published Books

--> New Articles on CodeGuru:
       ==> Algorithms (C++)
              - Computing a MS-CHAPv2 Client Response
       ==> COM (C++)
              - A Pure C++ Implementation of a COM Smart Pointer
       ==> DHTML
              - Using Gradient Shading in Web Pages
       ==> DirectX (C++)
              - Intercept Calls to DirectX with a Proxy DLL
       ==> Multimedia (VB)
              - VB and Voice Recognition: Part 4
       ==> Security (C++)
              - Inject Your Code to a Portable Executable File
       ==> System (C++)
              - A C++ Wrapper and Extension of Windows FileSystemObject Objects
       ==> Visual Studio Tools (C++)
              - Get to Know the VSTS Native C/C++ Code Analyzer

--> Discussion Groups -- HOT Threads
       - Iterate through std::vector?
       - C Char Array
       - Date validation check code (VB)

--> Highlighted new articles on Developer.com 
       1. Capitalizing on SOA 
       2. Ten of the Biggest Mistakes Developers Make With Databases 
       3. Ten Aspects of Security to Improve Application Strength 
       4. Programming the Eclipse Workbench

Jupiterimages - your search ends here
Jupiterimages offers online subscriptions and single image
downloads for clipart, Web graphics, photos, footage and music
(including flash versions) via a comprehensive network of
design-oriented Web sites for industry professionals and
individual consumers.
See what you're missing.
Go to:

Comments from the Editor

OOP is so ten minutes ago, SOA is the "cool" thing, and SaaS is where it is all headed.

It is interesting to talk with people at large software companies about what is important to developers. It is also interesting to talk to developers about what they consider important. Equally interesting are discussions about the evolving role of the developer.

Over the past few years, the infrastructure for developing has been changing. Competing standards have been normalizing, programming languages are becoming more sophisticated, and the expected role of the key developers is expanding to require even more business and process understandings.

With the changes, however, one thing remains the same. The use of buzz terms and acronyms to obfuscate what otherwise could be simple concepts into something that sounds overly complex by creating "corporate speak." This is the implementation of fancy terms to make something sound like it is more than it really is to help sell the concept. Worse, when such terms are presented to the public, it seems that the selling points are non-descriptive. Consider the following five benefits that were presented as selling points for a current technology:

1 - Faster response to changing business needs
2 - Increase productivity through improved access to information
3 - Less time and cost required to integrate information source
4 - Faster return on investment
5 - Lower application development, maintenance costs

What are these five benefits describing?

If you guessed Dictionarification of Developer resources, you are correct! This is the process by which you put a paper dictionary on every developer's desk as well as a link on their computer desktop to a glossary site such as Webopedia.com. Your developers will become much more able to answer what terms mean (thus respond faster because the link and information are right there). They will have better access to information. They will be able to respond quickly with information on terms, spellings, definitions, and more; thus, you should see a quick return on investment because the development costs of Dictionarification is cheap and easy. Maintenance costs are low. You simply need a process to replace outdated dictionaries as time passes.

Okay, Dictionarification may sound silly, but the point is that a lot of hype is used to describe otherwise simple concepts to make them seem new again. Today, we have terms such as SOA, AJAX, SaaS, and more that fall into this category. The above five bullets could be used as selling points for any of these technologies. These technologies, however, are not holy grails presenting new things. Rather, they are simply an evolution of existing technologies.

So what is the point?

Look beyond the hype. New technologies are great, but often they are simply an evolution of existing technologies. There are a lot of technologies that provide the selling points mentioned above. Before investing money in new gadgets, make sure you aren't buying the same old gadgets you already own that simply have a new coat of paint on them. SOA, AJAX, and SaaS are cool terms and fantastic technologies, but if you dig into them, you'll find that you have what it takes to use them already.

Don't get caught up in the hype!

Until next week...

Bradley L. Jones

Recently Published Books

For those of you keeping up by reading books. The following are just a few of the new books that have been recently released. If you've read any of these, feel free to write a review to be posted on CodeGuru. See the submission guidelines at:


--> SQL Server 2005 Express Edition Starter Kit
      By Rajesh George and Lance Delano for WROX
      320 for $29.99 with CD
      Includes a CD with Visual Visual Basic 2005 Express Edition. I assume it also has SQL Server 2005 Express Edition as well.

--> Professional SQL Server 2005 Reporting Services
      By Turley, Bryant, Counihan, and DuVarney for WROX
      700 pages for $39.99
      Covers topics such as reporting service architecture, report design, data access design, report server administration, report management, using Transact SQL, migrating access reports, integrating report services into your apps, and much more.

--> Beginning SQL Server 2005 for Developers
      From Novice to Professional
      By Robin Dewson for Apress
      520 pages for $49.99
      Covers topics such as database design, security, tables, indexes, backup and recovery, views, stored procedures, Transact SQL, triggers, and more.

New & Updated Articles on CodeGuru

Following are short descriptions of new articles on CodeGuru. If you are interested in submitting your own article for inclusion on the site, then you will find guidelines located at


This week's posted CodeGuru articles:

==> Algorithms (C++)

- Computing a MS-CHAPv2 Client Response
    By Eugene Prigorodov
Learn about a RFC2759-compliant implementation of the MS-CHAPv2 response calculation algorithm.


==> COM (C++)

- A Pure C++ Implementation of a COM Smart Pointer
    By Skeeter Xu
CComPtr wraps any interface pointer and will call AddRef() and Release() properly. You don't need to worry about controlling the lifetime of your interface pointer.



- Using Gradient Shading in Web Pages
    By Paul Kimmel
Cascading Style Sheets have all kinds of filters that add neat effects to your Web pages. Learn how the gradient filter adds gradient coloring.


==> DirectX (C++)

- Intercept Calls to DirectX with a Proxy DLL
    By miko93
Learn to intercept calls to DirectX (D3D) by using a proxy DLL ("stub-dll"). The concept is used to show information on top of a DirectX full screen game, without touching the game's source.


==> Multimedia (VB)

- VB and Voice Recognition: Part 4
    By Richard Newcombe
Although many use text to speech, this covers most of the controls, properties, and how to add it to a diction application.


==> Security (C++)

- Inject Your Code to a Portable Executable File
   By Ashkbiz Danehkar
Learn the five steps needed to inject your code in a portable executable (EXE, DLL, OCX,...) file without recompiling the source code.


==> System (C++)

- A C++ Wrapper and Extension of Windows FileSystemObject Objects
    By Skeeter Xu
Learn about a C++ implementation of Windows FileSystemObject objects. It wraps and extends standard FileSystemObject interfaces (methods/properties).


==> Visual Studio Tools (C++)

- Get to Know the VSTS Native C/C++ Code Analyzer
    By Nick Wienholt
The Static Code Analyzer that ships with Visual Studio Team System, Developer Edition can detect common security issues in native C/C++ code.


Discussion Groups

Check out the CodeGuru discussion forums at:


Forums include Visual C++, General C++, Visual Basic, Java, General Technology, C#, ASP.NET, XML, Help Wanted, and much, much, more!


Some of the current threads with the most activity are:

==> Iterate through std::vector?

==> C Char Array

==> Date validation check code (VB)

New Articles on Developer.com

Below are some of the new articles that have been posted to Developer.com (http://www.developer.com).

1. Capitalizing on SOA 
    By Arulazi Dhesiaseelan
Service Oriented Architecture (SOA) is another strategic milestone in the enterprise architecture world.


2. Ten of the Biggest Mistakes Developers Make With Databases 
    By Mike Gunderloy
You are probably still pumping data in and out of a database, just as we all did a decade or more ago. That makes it all the more surprising that mistakes are still being made that date back to the good old days of Windows 95 and before.


3. Ten Aspects of Security to Improve Application Strength 
    By Chad Cook
Making mistakes when trying to build secure applications can lead to critical flaws and vulnerabilities. Learn how to strengthen an application and avoid costly mistakes.


4. Programming the Eclipse Workbench 
    By Peter Nehrer
What makes Eclipse applications most easily recognizable is the Workbench. Explore the Eclipse Workbench parts in detail -- specifically the views and editors that make up most Workbench applications.



About the Author

Bradley L. Jones



  • There are no comments yet. Be the first to comment!

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Discover the best practices from HPE’s IT Advisory Consulting Services for migrating and transforming applications in Hybrid IT by capitalizing on innovative platforms, modern application architectures, agile development tools and proven methodologies. There are a number of challenges our customers face when migrating and transforming applications for a Hybrid IT environment. This guide provide proven strategies and application approaches that can help them understand and reduce risks and complexity.

  • The modern business IT ecosystem is extremely complex, with a myriad of connected devices, networks, and core business applications. Delivering a seamless and incident-free experience has never been more difficult — or more important — as every employee in an organization relies on a whole stack of technology to complete everyday tasks. A service management software-as-a-service (SaaS) solution can help businesses modernize and streamline their IT management operations. Read this Forrester Total …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.