Application Security Testing: An Integral Part of DevOps
Ever since Microsoft released the Windows 95 Operating System, customers have made a high demand for more and more reliable products. Taking this into consideration, Microsoft introduced a plethora of new products within a span of six years. The products include a range of operating systems to Office-based applications, programming tools and environments, and so forth. In the meantime, Sun Microsystems' Java language and the Solaris operating system became much more popular among developers. Hence, many of the developers and companies began shifting their platforms to these powerful ranges of products. One more reason for this shift was attributed to the strong stability of Sun's products. In these circumstances, developers at Microsoft began to think of introducing a set of technologies that caters to all needs. In early 2000, Microsoft released its first beta product of its new .NET initiative. The product evoked added response and in 2001 they released Beta 2 of the same; the final release of the whole range of stuff culminated with the VSLive conference in early 2002. In this first article, you will be introduced with this new Microsoft .NET technology.
Microsoft .NET is one of the latest and newest technologies introduced by Microsoft Corporation. We now use them to connect to the Internet using a computer; the remote computer responds via a Web page and a collection of Web pages called Web sites. The concept in .NET is that these Web sites can integrate with other sites and services using standard protocols such as HTTP.
- .NET building block services such as file storage, and calendar under the banner of Passport .NET.
- .NET device software that will run on the latest Internet devices such as mobile phones, pagers, and so on.
- .NET user experience such as integrating this technology to user-created documents (such as XML). For example, if you write a code snippet via XML using a .NET Language like C#, it will automatically create relevant XML documents.
- .NET infrastructure, which includes:
- .NET Framework, which is comprised of the Common Language Runtime (CLR) and .NET Framework class libraries. You will learn more about CLR in Article 3.
- Microsoft Visual Studio.NET, such as Visual Basic .NET, Visual C# .NET, Visual C++ .NET with managed extensions, Visual FoxPro, and so forth.
- Highly reliable servers, called .NET Enterprise Servers and Microsoft Windows NET.
We can build robust, scalable, distributed applications with the help of .NET; the part that helps us to develop these applications is called the .NET Framework. The .NET Framework contains the CLR and the .NET Framework class libraries, also called base-class libraries.
All the .NET languages such as C-Sharp, Visual Basic .NET, and Visual C++ .NET have the .NET Framework class libraries built into them. The .NET class libraries also support file input and output, database operations, XML (eXtensible Markup Language), and SOAP (Simple Object Access Protocol). For example, you can develop XML pages by using C-Sharp language.
When someone talks about .NET development, you should understand that they are talking about the .NET Framework. It includes a runtime environment and a set of class libraries, which is being used by a new language called C-Sharp, abbreviated as C#. C# is more or less similar to C++, Java, and all other .NET languages. If you learn one language, it's easy to grasp others. Simply speaking, C-Sharp is a new language for developing custom solutions for Microsoft's .NET platform.
The runtime component that we discussed just now is also used by Visual Studio .NET. Visual Studio .NET provides us with a visual environment to design and develop .NET applications. Every language in Visual Studio .NET uses this runtime to execute its applications. Moreover, these languages convert their source code into an Intermediate Language (IL) upon compilation. We will discuss more about Intermediate Language in another article. Hence, you can use a module written using C-Sharp in a Visual Basic application. For example, you can design a user interface with Visual Basic .NET and write a DLL function using C-Sharp.
.NET Framework Process in Detail
Every programming language has its own processes for compiling and executing its source code. This article will look into these aspects of C#. You have to be thorough with this process, without which it's not possible to move ahead to other sessions.
The whole process is elaborated below and Figure 1 explains this process in a diagrammatic manner:
- The programmer writes the source code using C# language conventions.
- The source code is compiled using a C# Compiler (csc.exe).
- The compiler converts the source code into an Intermediate Language, much like byte codes in Java. The IL can be either an executable (exe) or a Dynamic Link Library (DLL). Because the IL is generated by the C# compiler, it is called Managed Code. Managed Code can be executed only on a .NET-aware platform.
- The compiled file unit is executed using the C# Interpreter. Upon execution, the code is checked for type safety. Moreover, the Just In Time (JIT) compiler compiles the unit into Managed Native Code and finally Common Language Runtime (CLR) produces the final output.
The final unit can be executed on any system that has Common Language Runtime installed on it. The C# compiler and interpreter will be installed at the time of installing the .NET Framework Software Development Kit (SDK). The SDK can be downloaded from Microsoft's Web site or can be obtained on a CD-ROM. You can find a list of related links at the end of this article.
The above-mentioned steps are applicable to all .NET languages. For instance, Visual Basic .NET also follows the same steps for its source code. It is due to this reason that .NET technology has become popular while still in the beta stage.
The above-mentioned steps are outlined in Figure 1 for better understanding of the topic.
Figure 1—.NET framework Process
Terms Associated with Microsoft .NET
Common language runtime
Common Language Runtime, also called CLR, provides a universal execution engine for developers' code. It generates Simple Object Access Protocol (SOAP) when it makes remote procedure calls. SOAP is a protocol used to access .NET Web Services. CLR is independent and is provided as part of the .NET Framework. The main features of CLR are as follows:
- Managed code
- Automatic application installation
- Effective memory management
- Automatic garbage collection
- Very high level of security while executing the programs
.NET framework class libraries
The .NET Framework class libraries work with any language under the Common Language Runtime environment. These libraries will be automatically installed at the time of running the .NET SDK Setup program. Therefore, if you are familiar with one .NET language, you can easily migrate to other .NET languages without spending much time learning new syntaxes and conventions.
You can develop three kinds of tasks using these class libraries. They are Windows Forms Programming (popularly called WinForms), Web Forms Programming, and Web Service Programming. Windows Forms are used to develop Windows-based graphical user interface applications. They are like standard exe applications in Visual Basic 6.0. All .NET languages use this concept of WinForms for developing Windows-based applications. Web Forms are used to design and develop Web-based applications. WebForms are used to create GUIs for ASP.NET applications. They can perform event handling and Validate Fields; they also can perform a lot of other functions. On the other hand, Web Services are components, which have no user interfaces and are consumed by Web applications. Web Services combine the power of HTTP and XML to generate SOAP, which is termed as a lightweight XML-based protocol. SOAP stands for Simple Object Access Protocol. A complete discussion on Web Services is beyond the scope of this article.
Figure 2 shows an outline of the .NET Framework hierarchy.
Figure 2—.NET framework Hierarchy
At the top level of the hierarchy is the new concept of namespaces. Namespaces are a group of classes; from these classes are Methods. Basically, namespaces are containers for all classes and are classified into several categories, based on their functionalities. For example, if you need to add records to a database, you need to call several classes, methods, and properties of a namespace called System.Data. This is similar to packages in Java, where we use the Java.sql.* statement. Moreover, all C# programs should call the System namespace. This is the root of all other namespaces in the .NET framework.
Simply putting a statement such as System.Data in your source code will not suffice. You have to apply it by following certain conventions. All namespaces should be called in your programs by applying the keyword using. For example, to call the System namespace, you have to use a statement as shown below:
You should end C# statements with a semicolon. Keep in mind that you cannot call Classes along with the using keyword. The using directive applies only to namespaces. Hence, the following code will result in a compilation error:
Console is one of the classes in the System namespace. We will use its WriteLine() method for outputting information to the console. However, you can create an alias, as shown in the following code fragment:
using mysys = System.Console;
Then you have to apply the alias in your program, as shown below:
Common Language Specification (CLS)
CLS is a set of rules that a language compiler must adhere to in order to create .NET applications that run in the CLR. If you are going to create a compiler for .NET, you have to adhere to the rules enumerated in the CLS; this enables us to create a club of CLS-compliant languages.
Each such compiler will have the following features:
- Complete access to the .NET framework hierarchy
- High level of interoperability with other compliant languages such as Visual Basic .NET, Visual C# .NET and, so forth
For example, a Visual Basic class can inherit from a C# Class and vice versa. You should note that the syntaxes and other programming structures differ a little bit from each of these languages. The only difference is that a developer well versed with a language such as C-Sharp can easily program in Visual Basic .NET or Visual C++ .NET without investing a lot or spending too long to learn a new language. Isn't it exiting?
- Microsoft .NET Framework SDK
- Download Link
- SDK on CD-ROM
- Visual Studio Home Page
- More about Microsoft products
About the Author
Anand Narayanaswamy works as a freelance Web/Software developer and technical writer. He runs and maintains learnxpress.com, and provides free technical support to users. His areas of interest include Web development, Software development using Visual Basic, and in the design and preparation of courseware, technical articles, and tutorials. He can be reached at email@example.com.