Here are two great sources of free training material, one from Microsoft and the other from SharePoint consulting company Point8020.

1) Develop on SharePoint - from Microsoft

Develop on SharePoint


This is a SharePoint Developer portal site with the navigation based around the main topics of interest to developers, such as: Web Parts, Data Lists, Event Handlers Workflow, Silverlight, Page Navigation, Page Branding, Web Services, Custom Content Types and User Management.

This site has a really cool interface. However, with the browser back navigation button disabled, the custom "Go Back" navigation button that appears at the top of each display panel needs to be highlighted a little better.

Each of the topic panels presents a comprehensive set of resources including, virtual labs, webcasts, white papers and more.

2) Free SharePoint Developer Training - from Point8020

Free SharePoint Developer Training


Get 12 hours of free developer training webcasts from SharePoint Consultants, Point8020. I've watched just over an hour of this so far and am very impressed with the content and presentation. There are accompanying slide decks with each episode.

Module 1 - Developing Solutions on the SharePoint Platform

Module 2 - Web Parts

Module 3 - Page Navigation

Module 4 - Page Branding

Module 5 - Data Lists

Module 6 - Web Services

Module 7 - Event Handlers

Module 8
- Content Types and Site Columns

Module 9 - Workflow

Module 10 - User Management

Module 11 - Silverlight

Module 12 - Deployment

Two new discussion forums have been announced by the CIGS team.



Using CAT.NET Code Analysis Tool

by agrace 22. February 2009 09:52

The Code Analysis Tool (CAT.NET) v1 CTP came out last December and I have been meaning to try it out. There is a 32-bit Visual Studio plug-in version available, although there appears to be some issues with it at this point in time. If you are running a 64-bit machine then you can grab a 64-bit command line version - this version does not suffer from the same limitations as the 32-bit version.

CAT.NET is a static, as opposed to runtime tool. It looks at the assemblies in your project and traces the information flow from start to finish. You then get a report of what it finds in XML and HTML format. I ran it on an application I developed and located two potential XSS vulnerabilities in a library I obtained from another vendor.

CAT.NET Code Analysis Tool


This is an incredibly simple tool to use and I cannot think of any excuse not to take a few moments to run it on an application prior to going live. Think of it as one extra layer of safety.

CAT.NET Code Analysis Tool Result


Currently, it check for the following vulnerabilities:

* Cross Site Scripting
* SQL Injection
* Process Command Injection
* File Canonicalization
* Exception Information
* LDAP Injection
* XPATH Injection
* Redirection to User Controlled Site

This tool and others, such as the Anti-Cross Site Scripting Library, are developed by the Connected Information Security Group (CIGS) at Microsoft. It's definitely worth your while to check out the CIGS Team blog.

Helpful Resources:

* Cross-Site Request Forgeries and You
* How to Prevent Cross-Site Scripting in ASP.NET
* How to Protect from Injection Attacks in ASP.NET