In this two-part series, I will show you how to create a secure form that submits using Ajax. In part one of this series, we will create an HTML form and secure it from XSS and SQL Injection by validating user input through client-side and server-side validation.
Most modern websites have a need to take in information from a user. This is commonly done through HTML forms; the user enters information into form fields and the website submits an HTTP POST request to the server. The server can then use this information and/or store it to meet a wide variety of business needs. However, allowing any information from any source can prove disastrous for a system and is commonly the point of attack for malicious parties. SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) are common ways a malicious…
I work on many APIs with clients, and a trend I have noticed is that very few of the tools available are being used. What do I mean by this? It means that all the requests are GETs or POSTs, or all the responses are 200s, 400s, or 500s. If that means nothing to you, then I’m not really surprised, and I will clarify as this carries on.
Let’s start with API request “verbs.” These are the GETs and POSTs I mentioned above. Believe it or not, there are more than just those two. Basically, what I have discovered is a mentality that if the request has/needs body content, it’s a POST, else GET. Please, please, if you follow this pattern, forget it and read on, but there is a chance all your requests will still be GETs or POSTs.
Alright, let’s discuss…
A couple of weeks ago, Tallan attended its first ALM LegalWeek conference in New York City. With over 4,000 attorneys, c-suite executives, marketing and business development staff, exhibitors, and vendors registered, our team was looking forward to networking and the educational panels we had the opportunity to attend.
The event was divided into three separate ‘conferences,’ Legal CIO, Legal Tech, and Legal Business Strategy. We divided and conquered, and after day 1, one thing became clear: LegalTech has become mainstream. Firms are looking for out-of-the-box products and platforms to enhance processes, time-keep for ease of billing, foster eDiscovery, and generally optimize operations. There are vendors for nearly every ‘LegalTech’ you could imagine or need.
For the most part, they are internal. Save time by digitizing records, but if a firm cannot bill that time saved (not that attorneys perform administrative tasks anyway), then how…
What is a Directive?
Now we know how to make custom validators, which can significantly enhance user experience with more specific error messages that can pop up before submission. However, sometimes the answer that the user inputted is not quite what you are expecting, but not necessarily wrong. In these cases, you need to decide if it is better to leave the result as is, display a (hopefully descriptive) error message, or adjust the response. In this blog post, we’re going to focus on the third option, utilizing Angular directives to change the user response slightly as a gentle alert to the user that we will be saving their response in a different format than what they had originally inputted.
What exactly is a directive? Attribute directives, which is what we will be working with, are responsible for changing the appearance or…
What are Angular Forms?
Angular has become a powerful tool in application development over the years. Companies in every field utilize this framework to create powerful websites that provide a clear and fast user experience. In many cases, there is a need to collect information from the user, for everything from gauging user experience to collecting vital documents and information when a claim is being filed. Angular has two different types of forms that are optimized for effective data collection from the user. Template-driven forms are asynchronous in nature and known for having most of their logic driven by the template. Reactive driven forms are known for being mostly synchronous and having logic that primarily resides in the component. In this blog, we will be tackling reactive forms, and more specifically, how to make your life easier with more readable validators.
Cloud services do a great job relieving the burden of managing and maintaining various IT infrastructure elements. However, the responsibility still belongs to the developer to determine how to integrate these cloud services into an application. This blog series will focus on Microsoft Azure Services, providing guidance and examples on how to integrate services into your application, starting with Azure Cache for Redis.
What is Azure Cache for Redis?
Azure Cache for Redis is Microsoft’s cloud caching solution based on the software Redis. You are provided with an instance of a Redis cache that is hosted within Azure and can use it to improve the performance and scalability of your application. A common circumstance where a Redis cache improves performance is when the same data is accessed frequently. The cache provides a temporary location close to the application for data to be…
I often work with clients that are transitioning their legacy MVC or WebForms web applications over to using Angular and Web API instead. After the initial ramp-up period with the framework, I’ve often had developers on these teams tell me how much easier it is to debug logic in Angular versus “how it used to be.” Writing logic with Angular and TypeScript provides these developers with a level of code organization on the front-end that they’ve previously only seen in their back-end .NET code. As a result, I think the framework especially appeals to developers who have previously shied away from front-end development.
With that said, there is an “Angular bug” I’m often asked to help remedy that I’d like to share in this article. The “bug” often comes up when new Angular developers begin sharing data between components. As you…
During a recent client engagement, my team and I were given an unusual task: give the user the ability to write, compile, and run Visual Basic .NET code in a web app environment. This presented us with a great learning opportunity since no one on the team had experienced anything like this before. Our first choice was to use the System.CodeDom namespace to compile the source code and generate a dll to be run on-demand in other components of our web app. However, we quickly discovered that while CodeDom is available for .NET Core 2 (after installing it via NuGet), calls to the CompileAssembly methods would throw a System.PlatformNotSupportedException. We knew that we would need to change our approach. This led us on a path to Roslyn. Roslyn is a .NET compiler framework written in .NET. It contains code analysis…
Before you start reading, write down (or mentally note) two things: 1) what is one of the pains you face on a daily, weekly, monthly, or some recurring basis? And 2) what is a pain point that your BOSS (or your boss’s boss) faces in the same way?
(No, seriously – write it down… 😉)
Alright – now it’s our turn. Here are some pain points that we’ve encountered with our partners in the mortgage lending space:
Pre-approved buyers no-showing up to appointments
Documents are often hard copy and must be tended to in person
Too much time passes by between interactions with customers
Your online customer-facing resources leave much to be desired
Your internal go-to-market activities are too slow
Customers have a hard time identifying the right loan/product for them
Closing processes take too much time (for both you and your customers)
Non-commissioned internal resources lack the incentive…
If you aren’t familiar, Entity Framework is a powerful open-source object-relational mapping (ORM) framework. Its initial release was back in 2008, so it has grown and evolved quite a bit. I have been using it now, very regularly, for about four years and just wanted to bring to light some tips and the missteps that I have encountered during that time.
I think the most important thing when using EF(Entity Framework) is to be aware of the work it is doing on your behalf. The best way to see what EF is doing is to simply log it, and for me, that means the output window in Visual Studio, not the database, as you will see, EF does a lot. So, that being said, it is actually much easier to do than you might expect, and in my mind, there are…