Posted on 5:12 AM by Softminer and filed under

In this Post I will show how to create Nuget package:

In this video you can see :

In this video you can see:

Nuget Package explorer is used for publish to feed:

Then you can use this Nuget in your Solution:


Posted on 2:23 AM by Softminer and filed under

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications

This is very good overview of application gateway

for more details view this video:

Posted on 3:03 AM by Softminer and filed under

Training github workshop

Enter your email and tells you if your email is being leacked

Owas top 10 volnerability

Reward to hackers to found bugs

web-dvwa is a docker sample in php which shows volnerabilities
the sample used is
docker pull vulnerables/web-dvwa
docker run --rm -it -p 1080:80 vulnerables/web-dvwa

Gives you xss code that you can use in xss


List of Payload for different payloads

Cheat sheet

OWASP Zed Attack Proxy (ZAP)

continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities

MS Threat Modeling Tool
can be used to draw your software diagram and shows you the threats

List on known Groups per country

Security Check for http headers

Test SSL server certificate

DAST, or Dynamic Application Security Testing
SAST, or Static Application Security Testing
IAST or Interactive Application Security Testing

Burp Suite is a graphical tool for testing Web application security

more functionality than fiddler, to start proxy should set to localhost 8080
Go here and download and install certificate http://localhost:8080/
intercept is to record traffic

List of organization and attacks

check your security headers


Posted on 8:24 AM by Softminer and filed under ,

- Hands on Labs on build real Mobile Application and Backend services based on Azure. We will follow the diagram below in the deployment:

- App Services
- Functions & Logic Apps
- Application Insights – to monitor application that are in production
- Containers – simplify application deployments
- API Management
- SQL Databases
- Mobile DevOps & Xamarin

Also, here (https://github.com/MikeCodesDotNet/Mobile-Cloud-Workshop/tree/master/Walkthrough%20Guide/00_Setup) you will find the prerequisites for the workshop.
Posted on 7:25 AM by Softminer and filed under ,



Posted on 5:21 AM by Softminer and filed under

by default asp.net is setting x-frame-options: SAMEORIGIN which doesnt allow anywebsite to embed your IFRAME to disable that you need to

  System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;

But the make sure to have this value to same origin in web.config

<add name="X-Frame-Options" value="SAMEORIGIN" />

The X-Frame-Options header may contain one of three tokens:

ALLOW-FROM origin 

you can allow a website by

X-Frame-Options: ALLOW-FROM https://yourwebsite.com

but new browser are also taking look at this value on header: 

Content-Security-Policy: frame-ancestors 'self' https://yourwebsite.com

more about it

Posted on 6:42 AM by Softminer and filed under

As of IIS 8 Application Initialization is part of the IIS feature set. For IIS 7 and 7.5 there's a separate download available via Web Platform Installer. Using IIS 8 Application Initialization is an optional install component in Windows or the Windows Server Role Manager:

This is an optional component so make sure you explicitly select it.

IIS Configuration for Application Initialization
Initialization needs to be applied on the Application Pool as well as the IIS Application level. As of IIS 8 these settings can be made through the IIS Administration console.

Start with the Application Pool:

Here you need to set both the Start Automatically which is always set, and the StartMode which should be set to AlwaysRunning. Both have to be set - the Start Automatically flag is set true by default and controls the starting of the application pool itself while Always Running flag is required in order to launch the application. Without the latter flag set the site settings have no effect.

Now on the Site/Application level you can specify whether the site should pre load:

At this point ASP.NET apps should auto-load. This is all that's needed to pre-load the site if all you want is to get your site launched automatically.

If you want a little more control over the load process you can add a few more settings to your web.config file that allow you to show a static page while the App is starting up. This can be useful if startup is really slow, so rather than displaying blank screen while the user is fiddling their thumbs you can display a static HTML page instead:

This allows you to specify a page to execute in a dry run. IIS basically fakes request and pushes it directly into the IIS pipeline without hitting the network. You specify a page and IIS will fake a request to that page in this case ping.ashx which just returns a simple OK string - ie. a fast pipeline request. This request is run immediately after Application Pool restart, and while this request is running and your app is warming up, IIS can display an alternate static page - Startup.htm above. So instead of showing users an empty loading page when clicking a link on your site you can optionally show some sort of static status page that says, "we'll be right back". I'm not sure if that's such a brilliant idea since this can be pretty disruptive in some cases. Personally I think I prefer letting people wait, but at least get the response they were supposed to get back rather than a random page. But it's there if you need it.

Note that the web.config stuff is optional. If you don't provide it IIS hits the default site link (/) and even if there's no matching request at the end of that request it'll still fire the request through the IIS pipeline. Ideally though you want to make sure that an ASP.NET endpoint is hit either with your default page, or by specify the initializationPage to ensure ASP.NET actually gets hit since it's possible for IIS fire unmanaged requests only for static pages (depending how your pipeline is configured).