Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
Do-It-Yourself Script Center Kit
WMI Code Creator
Log Parser 2.2
Portable Script Center
Although Michael Howard has some arguments about comparing software stuff with physical world I will take a chance on that one.
As for me, language is designed to serve as communication channel between the parties, English for two English speakers, C# for developer and machine, body language for all others :)
Now how many times you walked into restaurant and asked for today's specials and in response you heard something that does not even sound like food. Or when talking to a lawyer she throws on you words only advocates understand (or pretend to).
I constantly see the same story with security folks talking XSS, CSRF, Injection, and other beasts.
I found it pretty useful to present security stuff differently to different audiences, here is the breakdown:
RACI chart found here Fast Track – How to Implement the Guidance can be talking point too.
There are some more audiences, but I'll stop here to keep the post brief and readable - applying 4'th tip from 5 Tips for Blogging
I am a big fun of small time savers to be more productive.
JD has the whole category for Effectiveness tag - worth checking on these gems.
So I am looking always how to reuse my practices across disciplines
I am trying to combine my security engineering practice with MS Office productivity tools
This time I will show how I use Excel for Deployment Inspection.
NOTE: It is not ultimate holistic approach for deployment inspection rather some productivity trick. For me at least :)
Imagine I have a strong desire to inspect deployment on some IIS server where Pet Shop Web App is deployed. One thing I'd check if there are only sane files deployed. I will use my friend DIR command
/A:-D means no directories please
/S means subfolder too please
/B means no summaries please
Here is how result looks like, notice source files deployed to production - not the best practices, but we just spotted it - good job!
I've recently reviewed application with 650 dlls... well notepad is handy but not in this case. So let me open the txt file in Excel 2007 (other version are good too for this task) and define formula in B column like =RIGHT(A1, 3) - now I got extensions. "fig" would stand for .config files I presume. Now you have the power of excel spotting sane and insane files
More on files that should be deployed to production are here Bin and Special Directories