Application Security Testing: An Integral Part of DevOps
This article was contributed by Karl Moore.
Environment: Visual Basic, Internet, Web Services
Amazon.com calls itself the world's largest bookstore, and it's probably right. Stocking millions of titles from writers around the globe, it's a great source of information, and I openly admit to being a frequent customer.
In a style similar to Google, the Amazon.com service starts by having you request a "token," which is essentially a developer ID you use in code to access the service. You can nab this by heading down to https://associates.amazon.com/exec/panama/associates/join/developer/application.html. You can also download the official developer documentation at http://associates.amazon.com/exec/panama/associates/join/developer/kit.html if you're feeling frisky.
Got your token? Then you're ready to begin developing. Open up the application in which you wish to consume this Web service. From the menu, select Project -> Add Web Reference and type in the URL of the Amazon .WSDL file—http://soap.amazon/com/schemas2/AmazonWebServices.wsdl per the documentation—then press Return. Click on Add Reference when the button becomes available.
And now? You're ready to start writing code. Here's a little sample code I've put together that takes a known ASIN (an Amazon standard identification number, which is the ISBN for book products) and returns a little information:
' Create new search service object Dim objSearch As New _ com.amazon.soap.AmazonSearchService() ' Define properties for a new ASIN request Dim objASIN As New com.amazon.soap.AsinRequest() With objASIN .asin = "159059021X" .devtag = "developer-key-goes-here" .type = "lite" .tag = "your-assoc-id" End With ' Perform ASIN search request and return ProductInfo object Dim objProductInfo As New com.amazon.soap.ProductInfo() objProductInfo = objSearch.AsinSearchRequest(objASIN) ' Retrieve various details Dim strNamePrice As String = _ objProductInfo.Details(0).ProductName & _ " costs " & objProductInfo.Details(0).OurPrice Dim strLink As String = objProductInfo.Details(0).Url Dim strImageURL As String = objProductInfo.Details(0).ImageUrlSmall ' Join together array of authors Dim strAuthors As String = Join( _ objProductInfo.Details(0).Authors, ", ") MessageBox.Show(strAuthors)
Here, we set the properties of an AsinRequest object, specifying the ASIN, our token (the .devtag property), the type of search ("lite" or "heavy," depending on how much information you want returned), and the tag (replace this with your associate ID, if you have one—it'll place your ID into all links that you retrieve from the Web service to ensure you get your commission). Next, we use the AmazonSearchService object to execute our search and return a ProductInfo object. Here, we look at the first object (zero) in the Details property of the ProductInfo object and retrieve information about the product found during our search.
But, of course, we don't always know the ISBN before searching. Sometimes, we want to search book titles. And, that's my cue for another snippet of code, this time to search by keyword:
' Create new search service object Dim objSearch As New _ com.amazon.soap.AmazonSearchService() ' Define properties for a new keyword request Dim objKeyword As New com.amazon.soap.KeywordRequest() With objKeyword .keyword = "Karl Moore" .devtag = "developer-key-goes-here" .mode = "books" .type = "heavy" .tag = "your-assoc-id" .page = "1" End With ' Perform keyword search request and return ProductInfo object Dim objProductInfo As New com.amazon.soap.ProductInfo() objProductInfo = objSearch.KeywordSearchRequest(objKeyword) ' Cycle through results Dim shtCount As Short For shtCount = 0 To objProductInfo.Details.Length - 1 MessageBox.Show(objProductInfo.Details(shtCount).ProductName & _ " - " & objProductInfo.Details(shtCount).Url) Next
Let's look at what's going on here. First, we fill out the properties of a KeywordRequest object. Special properties to note here include the keyword, the mode (here we have "books," but you could specify "classical" to search classical music—see Step 5 of the downloadable documentation for more information), and page (each page returns ten results, and we're retrieving the first page). Then, we run the request, returning a list of matching ProductInfo items, and then we cycle through the bundle, displaying details of each in a message box. (Yes, this is a Windows application example!)
It's powerful stuff, but, as with most Web services, you learn much about how it works during development. And, following a week of working with this service, I also have a few top tips to share.
First off, it doesn't stop here. You can search Amazon.com by author, artist, category ("node"), product similarity, manufacturer, and more. The code is always similar to the stuff we have above: You create a ...Request object, pass it to the ...SearchRequest function of the AmazonSearchService, and then analyze the returned ProductInfo object.
Watch out, however; with many of those ...Request objects, you have to fill out all of the properties. If you don't, you'll receive an error.
Also, despite its popularity, the Amazon.com Web service is still officially in beta, and, unlike the eternally stable Google, it shows. During the writing of this article, the service definition changed once, was often slow and regularly timed out. As you can see from some of my notes, the service isn't too user friendly, and the documentation completely lacks any sample .NET code.
Still, the service is immensely useful for developers creating everything from commission book links on their sites to those writing market research programs, and it will improve. To help you through, Amazon.com has a resources page at http://associates.amazon.com/exec/panama/associates/join/developer/resources.html. You'll also find a link for the support forums here, where you'll be able to obtain support from fellow .NET gurus. Good luck!
Top Tip ASP.NET developers will be pleased to hear that Dan Wahlin has encapsulated many of the Amazon.com Web service features into a neat user control that includes more advanced features such as the ability to add items direct to the shopping basket. Find out more by visiting http://www.xmlforasp.net/codeSection.aspx?csID=76.
Figure: Our small application taps into Amazon.com, with a few lines of code.
About the Author
Karl Moore (MCSD, MVP) is an experience author living in Yorkshire, England. He is author of numerous technology books, including the new Ultimate VB .NET and ASP.NET Code Book (ISBN 1-59059-106-2, $49.99), plus regularly features at industry conferences and on BBC radio. Moore also runs his own creative consultancy, White Cliff Computing Ltd. Visit his official Web site at www.karlmoore.com.