Application Security Testing: An Integral Part of DevOps
Microsoft .NET is one of the powerful technologies available today for developing robust Windows and Web applications. It consists of several programming languages such as C#, Visual Basic .NET, Visual C++ .NET, Visual J# .NET, and frameworks like ASP.NET. The Microsoft .NET Platform comprises a number of key components, including the following:
- .NET Framework
- .NET Compact Framework for smart devices such as Pocket PC and Mobiles
- Visual Studio .NET
- Microsoft Office 2003 System
- XML Web services
- Enterprise Servers such as Windows Server 2003
Microsoft's .NET Framework is comprised of two main components: the Common Language Runtime (CLR) and the .NET Framework class libraries. The CLR is the real foundation of the .NET Framework. It is the execution engine for all .NET applications. Every target computer requires the CLR to successfully run a .NET application that uses the .NET Framework. The main features of CLR include:
- Automatic Memory Management
- Thread Management
- Code Compilation & Execution
- Code Verification
- High level of security
- Structured Exception Handling
- Interoperability between Managed and Unmanaged code
- Integration with the Microsoft Office System
All .NET applications are compiled into Intermediate Language code (MSIL). When executed on the CLR, MSIL is converted into native machine code specific to the operating platform. This process is done by a Just In Time (JIT) compiler. The code executed by the CLR is called Managed Code. This code is type safe and thoroughly checked by the CLR before being deployed. The .NET runtime also provides a facility to incorporate existing COM components and DLLs into a .NET application. Code that is not controlled by the CLR is called Unmanaged Code.
The .NET Framework is further comprised of the Common Type System (CTS) and Common Language Specification (CLS). The CTS defines the common data types used by .NET programming languages. The CTS tells you how to represent characters and numbers in a program. The CLS represents the guidelines defined by for the .NET Framework. These specifications are normally used by the compiler developers and are available for all languages, which target the .NET Framework.
Another core component of Microsoft's .NET Framework is its built-in powerful class libraries. It is an object-oriented collection of reusable classes or types that you can use to develop applications such as traditional command line, Windows, and Web applications. It contains around 3400 classes, classified logically into so-called Namespaces. You will learn more about namespaces in FAQ 1.4.
Each class contains numerous methods and properties, which you will use for your programming tasks. These libraries are available for any language under the CLR environment (see Figure 1.1.1).
Furthermore, these libraries will be installed automatically at the time you install the .NET Software Development Kit (SDK). An interesting factor about .NET is that if you are familiar with one language, such as C#, it will be easy for you to migrate to other languages such as Visual Basic .NET without spending much time learning new syntaxes and conventions. However, there are some differences between C# and Visual Basic .NET with regard to the applicability of syntaxes. For instance, C# is a case-sensitive language, whereas Visual Basic .NET is not. All statements in C# end with a semicolon (;). If you are averse to semicolons, jump to Visual Basic .NET.
On the Web
A complete list of .NET Framework class libraries can be accessed at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/cpref_start.asp.
One of the interesting points to note is that the CLR itself manages the life of objects. This is the effect of the Automatic Garbage Collection system built into it. When the CLR finds an object that is not being used, it destroys it and thus frees its memory allocation.
The corresponding compilers of any .NET language generate Meta code upon successful compilation. This code is managed and contains a lot of information about types, its members, and references used. You can view the generated Meta code by using a tool called IL Dissembler that ships with the .NET Framework. You will learn more about this tool in a later FAQ.
As explained above, .NET applications can be developed by using a variety of programming languages. Whereas C# and Visual Basic .NET comprise most of the .NET development, there are over 20 other languages that support .NET. These are languages such as Visual C++ .NET, Visual J# .NET, and COBOL .NET. In the future, you can expect even more languages to be available for use with .NET. All these languages have the ability to use the same set of .NET Framework class libraries and hence the learning curve is simplified.
Microsoft packaged all the essential tools for developing, testing, and running a .NET application into a Software Development Kit (SDK). It comes with the CLR as well as command line compilers for C#, Visual Basic .NET, and the runtime engine for ASP.NET. It also includes documentation and sample programs. Microsoft also sells Visual Studio .NET, which is a development tool used for creating applications and components using the .NET Framework. It largely simplifies the work of developers with the help of user-friendly wizards and templates.