Agency Oasis Developers

Produce Cleaner Code with Aspects: Encapsulate common support behavior, such as exception handling, into classes that can be applied using .NET attributes. Remove Boilerplate Code: Stop duplicating code in and across systems. Build a support framework that your team can leverage across multiple apps. Focus on What Matters: Reduce system knowledge required across your team by factoring complex issues, such as multithreading, into aspects.

It's a simple website that helps to prepare to Sitecore CMS update by displaying update steps and links to appropriate pages on SDN. You just need to specify source / target versions, and click "Process".

"How To: Prevent Cross-Site Scripting in ASP.NET"

"How To: Protect From Injection Attacks in ASP.NET"

"Know who to hire to help fix PCI compliance issues on a client's website?"

"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."

"Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "

"ViewStateUserKey isn't preventing CSRF?"

"Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks"

OpenCalais Integration module allows you to to automatically discover semantic relations between your content, Create relevant tags in the Sitecore Taxonomy and tag your content with those by integrating the Sitecore Taxonomy Module, WeBlog Module or any Sitecore item based taxonomy seamlessly with OpenCalais service without additional development. The service is open for commercial and non-commercial use and is free if you don't need to tag more than 50,000 documents a day. The service is easy to apply in your project with this module and almost effortless if you're already using the Sitecore's Shared Source Taxonomy Module.

WeBlog is a blog module for Sitecore 6.2+. It is the successor to the EviBlog module. Features Windows Live Writer integration (MetaWeblog API) Page Editor support and custom WebEdit ribbon Wordpress Import CSS-based themes, with custom themes possible (one included) Various blog navigation components Comments (with author notification and optional approval workflow) Comment CAPTCHA through MSCaptcha or reCAPTCHA Gravatar Support Social sharing through ShareThis or AddThis, and other Facebook and Twitter widgets Tagging and tagcloud RSS Feeds (Sitecore Integrated RSS) Multi-server (staged architecture) support Globalized labels and messaging (English, Danish, Dutch, and Japanese translations provided) Most importantly, WeBlog has been architected to allow you to easily integrate it into your existing content and design, and to allow you to customize its templates and layout to your project requirements.

Code syntax highligher

Latest cool prototypes from Sitecore US lab Alex Shyba Solution Architect Sitecore Oct 19, 2011 Noon Pacific, 3:00 PM Eastern, 8:00 PM UK. Alex will be showing some of the latest Shared Source components that he has been working on. Alex Shyba has been with Sitecore for more than 6 years. His primary role is helping implementation partners in North America build successful solutions on Sitecore platform. Whenever he is not reading car magazines, Alex enjoys exploring dark corners of Sitecore by reading kernel code from Reflector and building cool prototypes. Alex maintains one of the oldest Sitecore blogs at http://sitecoreblog.alexshyba.com/ where he shares his ideas about ways to implement Sitecore and provides recommendations on various aspects of the product. You can connect with Alex on Twitter @alexshyba. Video from the presentation

Combine share counter into a single counter

A plugin that makes your plain HTML lists super flexible, searchable, sortable and filterable

This simple plugin helps you to give more life to the boring timelines. Supports horizontal and vertical layouts, and you can specify parameters for most attributes: speed, transparency, etc..

Tangle is a JavaScript library for creating reactive documents. Your readers can interactively explore possibilities, play with parameters, and see the document update immediately. Tangle is super-simple and easy to learn.

Custom notifications, alerts, confirmations