Application Security Testing: An Integral Part of DevOps
Despite the considerable time and resources Microsoft and the .NET community have invested in open source initiatives in recent years, it's surprising how often the two camps are treated as antithetical to one another. Yet the reality is that reliance upon open source development tools within the Microsoft community is significant and growing. In this article we'll shed some insight into this widespread practice, introducing seven open source solutions embraced by millions of .NET developers around the globe.
AJAX Control Toolkit
The MVC architecture plays a central role in the modern website development, with solutions such as Ruby on Rails and the Zend Framework using MVC as the fundamental basis for framework-driven development. Thanks to the ASP.NET MVC Framework, .NET developers also have a powerful open source framework solution at their disposal. Supporting MVC tier separation, test-driven development, and a series of best practices typically summarized as the "convention over configuration" paradigm, the ASP.NET MVC Framework offers .NET developers a powerful solution for building complex websites. Further, because it's .NET-based, developers can continue taking advantage of other ASP.NET features such as data caching and forms authentication. You'll also find a number of other projects created to further enhance the ASP.NET MVC Framework's capabilities, including notably MvcContrib, which extends the ASP.NET MVC framework to include features such as UI helpers and model binders.
The ASP.NET MVC Framework website provides newcomers with an impressive array of learning resources, including a video-based tutorial series which guides viewers through the creation of a sample web application.
The complex nature of today's software has required the software development community to reconsider the development process, introducing practices which both reduce development time and increase quality. This reevaluation has led to numerous best practices which have become widespread within enterprise environments, notably test-driven development and continuous integration. The latter practice attempts to minimize the time and effort involved in integrating a complex project's many pieces by regularly and rigorously integrating the project's components throughout the entire development process. This allows the developers to detect and resolve integration issues quickly rather than allow the problem's complexity to grow over time.
Put into more concrete terms, continuous integration involves automating many parts of the development process, including regularly running tests and rebuilding the project every time a developer commits code to the project repository. Because this level of automation involves numerous moving parts, several solutions which facilitate the creation of a custom continuous integration process have popped up in recent years, including the open source project CruiseControl. Offering tools for automating the build process, browsing the build results, and producing build reports, CruiseControl has become such a popular continuous integration solution that a large extension ecosystem has emerged. Among the dozens of available third-party tools you'll find JCCTray, a utility which runs in your desktop application tray providing instant access to your build server status, and BigVisibleCruise, an "information radiator" which uses visual cues to display the status of all projects managed on the build server.
With businesses busy migrating all aspects of their operations online, the need for powerful web-based content management tools stretches far beyond those used to update a website's marketing copy. Indeed, today's website is often a conduit for not only selling a business' products and services, but also managing sales leads and other contacts, maintaining documentation, and serving multimedia such as pictures and video. The most effective way to manage and organize these myriad types of content is through a centralized content management tool. One of the most popular such solutions is DotNetNuke, a powerful .NET-driven content management platform used by hundreds of thousands of small businesses and Fortune 500 corporations alike around the globe.
Although available in several editions, the open source Community Edition offers hundreds of useful features allowing an organization to easily manage company announcements and facilitate forum interaction without requiring any programming knowledge of the staff. Organizations in need of custom features can easily extend the solution as necessary.
The 2002 release of .NET Framework 1.0 represented a watershed in the history of software development, as among other features it provided developers with the ability to create applications using any language which supported the .NET Common Language Runtime. Not surprisingly, Microsoft understandably targeted the Windows operating system as the sole platform for running .NET applications, leaving those running Linux or OS X in the dark. Yet because .NET was based on a series of published standards, a group of enterprising developers created the Mono project which brought .NET capabilities to non-Microsoft platforms.
Now fostered by Novell, Mono has grown in size and ambition over the years to not only allow .NET applications to run on alternative platforms, but also support Silverlight on Linux (known as Moonlight), and even build iPhone applications using C# programming (known as MonoTouch).
Be sure to check ut the Mono project website for more information, in addition to links to developer resources such as Mono-specific tools for Microsoft Visual Studio.
Even novice Java and .NET developers are well acquainted with the code and compile development cycle, a process which becomes increasingly time consuming and tedious as the project grows in size and complexity. Tired of dealing with a growing jumble of build difficulties, developer James Davidson created Ant, a build tool for Java projects which subsequently became the most diffuse build solution for the Java community. A subsequent tool named NAnt brings similar capabilities to the .NET community.
Using NAnt you can create build scripts which automate all aspects of your .NET project's build process, ranging from executing tests to creating documentation. See this list for a complete breakdown of natively supported tasks.
Despite the ubiquitous use of relational databases within all sectors of software development, the relationship between developer and database is often a rocky one. The friction arises due to the difficulties involved in effectively transforming data passed between the application and database into formats supported by the respective components. Developers have gone to great lengths to create solutions which do much of the heavy transformative lifting for them, notably within object-relational mapping (ORM) frameworks such as Hibernate.
.NET developers have long had a powerful ORM tool at their disposal in NHibernate, a popular open source project which has been actively developed since its initial 2005 release. Capable of removing many of the difficult data-oriented tasks from a .NET developer's
TODO list, NHibernate is not only useful for mapping an application's models to corresponding database tables, but can also generate the table schemas for you based on the application's defined domain models.
If you're a
.NET developer and aren't already taking advantage of the large and growing open source ecosystem, what's holding you back? Take some time to learn more about the aforementioned projects; I guarantee that you'll see an immediate boost in productivity and who knows, perhaps it will even lead to making your own open source project contributions. Are you using a .NET open source project not listed here? Tell us about it in the comments!