Application Security Testing: An Integral Part of DevOps
I have said once that we are living in exciting times; well, we are indeed. With the dawn of the fourth industrial revolution upon us, life just got better! How? With Microsoft's Bot Framework, which is the topic I would like to talk about today.
A bot, or Web robot, is the most common bot system. A Web robot is an application that can run automated tasks. These tasks are usually structurally repetitive and bots can perform these tasks much faster than humans. Because of the speed at which bots can perform tasks, they can also be implemented where response speed is faster than how a human can respond and process information.
The Microsoft Bot Framework
The Microsoft Bot Framework is a communication service that helps connect your bots with different communication channels, such as SMS and email. If you, for example, write a conversational bot that exposes a Microsoft Bot Framework-compatible API on the Internet, the Microsoft Bot Framework Connector will forward messages from your bot to a user, and also send user messages back to your bot.
Getting Started with the Microsoft Bot Framework
To use the Microsoft Bot Framework Connector, you should have the following:
- A Microsoft Account to register your bot.
- An Azure-accessible REST endpoint to expose a callback for the Connector service.
- A Developer account on a communication service where your bot will communicate.
- Visual Studio 2015—Any edition
Bot Building Options Available
- REST API
- Bot Connector REST API
- Direct Line REST API
- Bot Connector C# VS Template
- Bot Connector Node.js
This API can be used to create a bot that is a very straightforward REST (REpresentational State Transfer) interface that is accessible from any language that can form an HTTPS request. The calls to this API need to be secured with an Azure key (Ocp-Apim-Subscription-Key) and pass your AppSecret and AppId via HTTPS as your username and password.
Bot Connector REST API
You can find the Bot Connector REST API here.
Direct Line REST API
Direct Line API is a REST API for connecting to a single bot. This API is intended for developers writing their own Web chat controls, client applications, or mobile apps that will talk to their bot. Credentials for the Direct Line API can be obtained from the Bot Framework developer portal, but will allow the caller only to connect to the bot for which they were generated.
Bot Connector C# VS Template
Download the template. After the download, open your template and you will see that Visual Studio gives you a skeleton to work from.
Figure 1: Bot Template
A nice walkthrough can be found here.
Bot Connector Node.js
The BCS (Bot Connector Service) includes a node module that makes it easy to send bot-originated messages to the service. This module is needed only when a bot wants to initiate a new conversation with the user or wants to send a reply at some point in the future.
You should now at least have a good understanding of what options are available to you when creating a bot. Let's get a bit more technical
Configuring Your Bot
Ultimately, your bot will receive Message objects to communicate. Here is a breakdown of the most common Message types that your bots will use to communicate.
|Message||The most basic way of communication between a user and the bot.|
|Ping||A system request (a normal Ping) to test availability of the service.|
|DeleteUserData||A request from the the user to delete any user data.|
|BotAddedToConversation||Determines whether or not your bot was added to a conversation.|
|BotRemovedFromConversation||Your bot has been removed from a conversation.|
|UserAddedToConversation||A new user has been added to a conversation.|
|UserRemovedFromConversation||A user has been removed from a conversation.|
|EndOfConversation||A message that indicates that a conversation has ended.|
You can configure the following optional features when configuring your Bots:
Listening and Speaking Modes
Here, you can configure:
A message is used to communicate between a user and a bot. When you send a message, there are a number of properties that you can use to control your message and how it is presented to the user when received. These options include:
- Text: The actual text being sent
- Language: The language of the message that gets sent or should be received.
- Markdown: This includes the basic formatting of the message as well as an indication of the paragraph markdowns, which is obviously the paragraph marker.
- Attachments: This is the possible attachment to the message. This also includes the type of content being sent to and fro the user and the bot.
Testing Your Bot
The Bot Framework provides an easy-to-use emulator that lets you test calls to your bot as if it were being called by the Bot Framework cloud service directly. To install the Bot Framework Emulator, download it from this link.
Before ending off this article, I would like to point to the following, which shows you how to create a bot and follow all the steps to get your bot published:
This is only the beginning. I cannot wait to see how the Microsoft Bot Framework will evolve and what it will evolve into in the next few years. I guess we will just have to wait and see. Until next time, cheers!