Code Quality using SonarQube

4 min read Code quality, best practices and standards are often the distinction between projects that are maintainable, secure and scale well, and projects that need to be rewritten every year. We were in the latter category unfortunately for quite a long time, despite everyone preaching best practices and within a group of quite smart individuals. The problem is we all had our own idea of what best practices to apply, what standards to follow and how we defined quality. We had to find a way to track and improve, then we discovered SonarQube.

SonarQube is a static code analysis tool.

It uses language-specific analyzers and rules to scan code for mistakes, some patterns that are known to introduce security vulnerabilities, and code smells [According to Wikipedia and Robert C. Martin “Code smell, also known as bad smell, in computer programming code, refers to any symptom in the source code of a program that possibly indicates a deeper problem.] …

Securing a new web server

< 1 min read Ideally you already have a snapshot you maintain and have hardened, and just have to clone it when you need new servers deployed. If you have to build a clean image to use for your future VMs:
it’s usually easier to start with an existing VM you’ve configured, because it already has everything you need installed, but it might also have other stuff installed that you don’t necessarily want on every new VM, so here’s a way I quickly set up a new server image:

1. Install a clean version of Windows on a new VM

2. Set up your networking stack, and run Windows Update and install all the updates available…

Security Headers

3 min read

X-XSS-Protection

This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header are 0, which disables the protection, 1 which enables the protection and 1; mode=block which tells the browser to block the response if it detects an attack rather than sanitising the script.

app.UseXXssProtection(options => options.EnabledWithBlockMode());