Protecting Against SQL Injection In .NET Applications

Despite being so well understood, SQL Injection remains one of the most common vulnerabilities in web applications. What is SQL Injection Any SQL which is dynamically created has the potential for having malicious SQL injected into it. For example, the below code receives a querystring and adds it to a SQL select string which will … Continue reading Protecting Against SQL Injection In .NET Applications

Groupon’s Ominous Balance Sheet

In yet another rebuke of Groupon’s (GRPN) accounting methods, Anthony Catanach drew attention to the intangible assets sitting on Groupon’s balance sheet. Whilst he noted the danger of Groupon’s high intangible assets, it is so serious that it warrants a more in-depth analysis. Intangible assets encompass a wide variety of non-physical assets such as patents … Continue reading Groupon’s Ominous Balance Sheet

EBITDA – A Misleading Earnings Measure

This article was originally published on CoreEarnings.com .   What is EBITDA? EBITDA (Earnings before Interest, Tax, Depreciation and Amortization) is a commonly used earnings metric in financial analysis. The central motivation for using EBITDA is that shows a firm’s earnings from its core business activities and it is more of a cash based metric. The … Continue reading EBITDA – A Misleading Earnings Measure

Groupon – A Tech Company With Zero Research and Development

This article was originally published on CoreEarnings.com .   In its offering prospectus Groupon billed itself as a ‘local e-commerce’ company which brings ‘the brick and mortar world of local commerce onto the internet’ which clearly defines it as an online tech business. It is therefore nothing less than astonishing to see no Research & Development expense on … Continue reading Groupon – A Tech Company With Zero Research and Development

Using Cash Flow In Financial Analysis

This article was originally published on CoreEarnings.com    Financial Reporting is primarily focused on providing a detailed view of a firm’s earnings. The accruals concept is applied to both revenues and expenses so that only income/expenses which are earned or occurred in the period are reflected in the accounts irrespective of payments. For example, a … Continue reading Using Cash Flow In Financial Analysis

Primer on Selecting Data Using Entity Framework

This question about selecting data using Entity Framework on StackOverflow got me thinking that a lot of LINQ to Entities code samples show very little consistency in how data is selected. Find(), Single(), SingleOrDefault(), First(), and FirstOrDefault() are often used interchangeably. The first issue to address is using Where() in the data selection statement. Where() … Continue reading Primer on Selecting Data Using Entity Framework

Implementing PRG (POST-Redirect-GET) In ASP.NET MVC

Site visitors are conditioned to believe that hitting the browser’s refresh button will simply refresh the page. In reality the browser re-issues the last Http Request. That’s fine if it was just a GET Request which typically only loads a page, but if the request was a POST Request which typically updates values on the … Continue reading Implementing PRG (POST-Redirect-GET) In ASP.NET MVC

Preventing Parameter Tampering in ASP.NET MVC

Never trust data submitted from a web page is a core security concept for web development. When using an MVC framework, this statement takes on added relevance. MVC frameworks rely heavily on binding querystrings, route values and form values to in-code objects. Take for example the scenario where an authenticated user needs to update their … Continue reading Preventing Parameter Tampering in ASP.NET MVC

Security – Simulating And Protecting Against A DoS Attack

On a recent project, I was created a web service which parsed a set of financial statements into name/value pairs from an XBRL document. The complexity of the XBRL   specification means that parsing an XBRL document takes approximately 90 seconds on mid-spec server. To avoid users having to wait for the 90 seconds for the data, … Continue reading Security – Simulating And Protecting Against A DoS Attack

WebSite Performance Optimisation – Core Concepts

When it comes to performance tuning a site, there are a multitude of possible optimisations so I thought it best to distill these down to several core concepts. Central to most of these concepts is an oveview of how a web page is loaded in a user’s browser. The below ‘waterfall’ diagram shows the loading … Continue reading WebSite Performance Optimisation – Core Concepts