A P P E N D I X  A

Resources

This appendix covers the following topics:

• General Software Development
• .NET Guidelines, Patterns, and Practices
• C# Language
• Testing and Test Frameworks
• Debugging and Problem Solving
• Build Automation
• Continuous Integration
• Static Code Analysis
• Dynamic Code Analysis
• Security
• Research Areas
• Miscellaneous

Each topic contains the following resources:

• Books
• Articles
• Guides and Tutorials
• Tools

General Software Development

Books

• Steve McConnell, Rapid Development (Redmond, WA.: Microsoft Press, 1996).
• Grady Booch, Object Solutions: Managing the Object-Oriented Project (Menlo Park, CA: Addison-Wesley, 1996).
• Kyle Baley, Donald Belcham, Brownfield Application Development in .NET (Greenwich, CT: Manning, 2010).
• Michael C. Feathers, Working Effectively with Legacy Code (Upper Saddle River, NJ: Prentice Hall Professional, 2007).
• Joachim Rossberg, Pro Visual Studio Team System Application Lifecycle Management (New York: Apress, 2008)
• Will Stott, James Newkirk, Visual Studio Team System: Better Software Development for Agile Teams (Upper Saddle River, NJ: Addison-Wesley, 2007)
• Microsoft Corporation, Building Secure Microsoft ASP.NET Applications (Redmond, WA: Microsoft Press, 2003)
• James Avery, Jim Holmes, Windows Developer Power Tools (Sebastopol, CA: O'Reilly Media, Inc., 2006)

Articles

• “The Manifesto for Agile Software Development,” agilemanifesto.org.
• Martin Fowler, “Technical Debt,” http://www.martinfowler.com/bliki/TechnicalDebt.html.
• Martin Fowler, “Technical Debt Quadrant,” http://martinfowler.com/bliki/TechnicalDebtQuadrant.html.
• Jeff Atwood,“Paying Down Your Technical Debt,” www.codinghorror.com/blog/2009/02/paying-down-your-technical-debt.html, February 27, 2009.
• Construx Conversations, “Technical Debt,” forums.construx.com/blogs/stevemcc/archive/2007/11/01/technical-debt-2.aspx.
• AgileManiac, “Reinvigorated Retrospectives,” agilemaniac.com/tag/4ls.
• Microsoft web site, “Microsoft Visual Studio Roadmap,” www.microsoft.com/visualstudio/en-us/roadmap.

Guides

• Available at agilemanifesto.org.
• Code Kata: codekata.pragprog.com.
• For a list of wide-ranging brainstorming techniques see celestinechua.com/blog/25-brainstorming-techniques.
• Ward Cunningham Wiki: c2.com/cgi/wiki.

.NET Guidelines, Patterns and Practices

Books

• Krzysztof Cwalina, Brad Abrams, Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries, 2nd Edition (Upper Saddle River, NJ: Addison-Wesley Professional, 2008). This book contains many best practices for designing reusable libraries for the Microsoft .NET Framework.
• Steve McConnell, Code Complete (Redmond, WA: Microsoft Press, 2004).
• Robert C. Martin, Clean Code: A Handbook of Agile Software Craftsmanship (Upper Saddle River, NJ: Prentice Hall, 2008).
• Kevlin Henney, 97 Things Every Programmer Should Know: Collective Wisdom from the Experts (Sebastopol, CA: O'Reilly Media, Inc., 2010).
• Martin Fowler, Kent Beck, Refactoring: Improving the Design of Existing Code (Reading, MA: Addison-Wesley Professional, 1999).
• Kent Beck, Implementation Patterns (Upper Saddle River, NJ: Addison-Wesley Professional, 2008).
• Adam Freeman, Steven Sanderson, Pro ASP.NET MVC 3 Framework, Third Edition (New York: Apress, 2011).
• Books from Microsoft patterns & practices: msdn.microsoft.com/en-us/practices/hh124092.

Articles

• Michael Howard, “8 Simple Rules For Developing More Secure Code,” msdn.microsoft.com/en-us/magazine/cc163518.aspx, MSDN Magazine, November 2006.
• John Robbins, “Bad Code? FxCop to the Rescue,” msdn.microsoft.com/en-us/magazine/cc188721.aspx, MSDN Magazine, June 2004.
• Niraj Bhatt, “MVC vs. MVP vs. MVVM,” nirajrules.wordpress.com/2009/07/18/mvc-vs-mvp-vs-mvvm, 2011.
• Martin Fowler, “Inversion of Control Containers and the Dependency Injection pattern,” martinfowler.com/articles/injection.html, 2004.
• Elegant Code, “IoC Libraries Compared,” elegantcode.com/2009/01/07/ioc-libraries-compared, 2009.
• MSDN Library, “Managed Extensibility Framework (MEF) Overview,” msdn.microsoft.com/en-us/library/dd460648.aspx, 2010.
• Ayende@Rahien, “The Managed Extensibility Framework,” ayende.com/blog/3611/the-managed-extensibility-framework, 2008.

Guides and Tutorials

• MSDN Library, “Design Guidelines for Developing Class Libraries,” msdn.microsoft.com/en-us/library/ms229042.aspx.
• Gendarme Rules: www.mono-project.com/Gendarme.
• StyleCop documentation: stylecop.codeplex.com/documentation.
• Microsoft patterns & practices Developer's Guide: msdn.microsoft.com/en-us/library/ff953181(v=PandP.50).aspx.
• Encodo C# Handbook: archive.msdn.microsoft.com/encodocsharphandbook.
• Microsoft All-In-One Code Framework: 1code.codeplex.com.
• Idesign C# Coding Standards: www.idesign.net.
• CAT.NET Rules: www.microsoft.com/security/sdl/adopt/tools.aspx.

C# Language

Books

• Joseph Albahari, Ben Albahari, C# 4.0 in a Nutshell (Sebastopol, CA: O'Reilly Media, Inc., 2010).
• Jon Skeet, C# in Depth, 2nd Edition (Greenwich, CT: Manning, 2008).
• Andrew Troelsen, Pro C# 2010 and the .NET 4 Platform, 5th Edition (New York: Apress, 2010).

Articles

• Developer Journey, “Code Contracts,” http://devjourney.com/blog/code-contracts-part-1-introduction. A very comprehensive treatment of Code Contracts in this 14-part series of blog postings, 2010.

Testing and Test Frameworks

Books

• Roy Osherove, The Art of Unit Testing (Greenwich, CT: Manning, 2009).
• Andy Hunt, Dave Thomas, Matt Hargett, Pragmatic Unit Testing in C# with NUnit (Raleigh, NC: Pragmatic Bookshelf, 2007).
• Cem Kaner, James Bach, Bret Pettichord, Lessons Learned in Software Testing: a Context-Driven Approach (New York: Wiley, 2002).
• James Avery, Jim Holmes, Windows Developer Power Tools, (Sebastopol, CA: O'Reilly Media, Inc., 2007)
• Steve Freeman, Nat Pryce, Growing Object-Oriented Software, Guided by Tests (Upper Saddle River, NJ: Addison-Wesley Professional, 2009)
• David Astels, Test-Driven Development: a Practical Guide (Prentice Hall PTR, 2003).
• Automation
  • James D. McCaffrey, .NET Test Automation Recipes: a Problem-Solution Approach (New York: Apress, 2006).
  • Daniel J. Mosley, Bruce A. Posey, Just Enough Software Test Automation (Upper Saddle River, NJ: Prentice Hall Professional, 2002).
• Web Testing
  • Jeff McWherter, Ben Hall, Testing ASP.NET Web Applications (Indianapolis: John Wiley & Sons, 2011).
  • Alan John Richardson, Selenium Simplified (Compendium Developments, 2010).
  • Gojko Adzic, Test Driven .NET Development with FitNesse, (London: Neuri, 2008).

Articles

• Agile Data, “Introduction to Test Driven Design (TDD),” www.agiledata.org/essays/tdd.html.
• “Arrange Act Assert (3-As) pattern,” c2.com/cgi/wiki?ArrangeActAssert.
• Will Stott and James Newkirk, MSDN Magazine, “Improve the Design and Flexibility of Your Project with Extreme Programming Techniques,” msdn.microsoft.com/en-us/magazine/cc163982.aspx, April 2004.
• Codevanced, “Mocking Frameworks Comparison,” codevanced.net/post/Mocking-frameworks-comparison.aspx.

Guides and Tutorials

• MSDN Library, “Guidelines for Test-Driven Development,” msdn.microsoft.com/en-us/library/aa730844(v=vs.80).aspx
• Open Source C# Testing Tools: csharpopensource.com/csharptesting.aspx
• Open Source Web Testing Tools: csharpopensource.com/webtesting.aspx

Tools

• Test Runner:
  • Visual Studio Unit Testing Framework (MSTest): msdn.microsoft.com/en-us/library/ms243147.aspx
  • NUnit: www.nunit.org
  • xUnit.net: xunit.codeplex.com
  • MbUnit: mbunit.com
• Mock Object Framework:
  • Moq: code.google.com/p/moq
  • TypeMock: www.typemock.com
  • NMock 2: sourceforge.net/projects/nmock2
  • Rhino-Mocks: github.com/ayende/rhino-mocks
• Browser Automation
  • Coded UI Test (Visual Studio UI Automation Testing): msdn.microsoft.com/en-us/library/dd286681.aspx
  • Lightweight Test Automation Framework: aspnet.codeplex.com
  • Selenium: seleniumhq.org
  • WatiN: watin.org
• NUnit Test Generator: www.kellermansoftware.com/p-30-nunit-test-generator.aspx
• Pex and Moles: research.microsoft.com/en-us/projects/pex/downloads.aspx
• NDbUnit: code.google.com/p/ndbunit
• MvcIntegrationTestFramework: blog.stevensanderson.com/2009/06/11/integration-testing-your-aspnet-mvc-application
• SMTP Server Emulation for Developers: antix.co.uk/Projects/SMTP-Impostor-an-SMTP-server-for-developers

Debugging and Problem Solving

Books

• Darin Dillon, Debugging Strategies For .NET Developers (Berkeley, CA: Apress, 2003).
• Mario Hewardt, Advanced .NET Debugging (Upper Saddle River, NJ: Addison-Wesley Professional, 2010).
• John Robbins, Debugging Microsoft .Net 2.0 Applications (Redmond, WA: Microsoft Press, 2007).
• Dean L. Gano, Apollo Root Cause Analysis: A New Way of Thinking (Richland, WA: Apollonian Publications, 2008).

Articles

• Dean Gano, “Effective Solutions vs the Root Cause Myth,” www.apollorca.com/_public/site/files/Effective%20Solutions%20vs%20Root%20Cause%20Myth.pdf.

Tools

• Debugging Tools Download: www.microsoft.com/download/en/details.aspx?id=10640

Build Automation

Books

• Sayed Ibrahim Hashimi, William Bartholomew, Inside the Microsoft Build Engine: Using MSBuild and Team Foundation Build, (Redmond, WA: Microsoft Press, 2011).
• Sayed Ibrahim Hashimi, Deploying .NET Applications: Learning MSBuild and ClickOnce, (Berkeley, CA: Apress 2006).
• Mike Clark, Pragmatic Project Automation: How to Build, Deploy, and Monitor Java Applications (Raleigh, NC: Pragmatic Bookshelf, 2004).

Articles

• MSDN, “Logging in MSBuild,” msdn.microsoft.com/en-us/library/bb651789.aspx.
• MSDN, “Well-known Item Metadata,” msdn.microsoft.com/en-us/library/ms164313(v=VS.100).aspx.
• MSDN, “MSBuild Inline Tasks,” msdn.microsoft.com/en-us/library/dd722601.aspx.
• Vishal Joshi, “Web Packaging: Creating web packages using MSBuild,” vishaljoshi.blogspot.com/2009/02/web-packaging-creating-web-packages.html,2009.
• Andrei Volkov, “How to ‘Package/Publish' Web Site project using VS2010 and MSBuild,” zvolkov.com/blog/post/2010/05/18/How-to-Publish-Web-Site-project-using-VS2010-and-MsBuild.aspx, 2010.
• MSDN, “How to: Transform Web.config When Deploying a Web Application Project,” msdn.microsoft.com/en-us/library/dd465318.aspx.
• Scott Hanselman, “Web Deployment Made Awesome: If You're Using XCopy, You're Doing It Wrong,” www.hanselman.com/blog/WebDeploymentMadeAwesomeIfYoureUsingXCopyYoureDoingItWrong.aspx, 2010.
• “Troubleshooting Common MSDeploy Issues,” blogs.iis.net/kateroh/archive/2009/06/05/troubleshooting-common-msdeploy-issues.aspx, June 5, 2009.
• Kristina Olson, “Code Download and the Web Deployment Tool (MSDeploy) - Remote Management options,”blogs.iis.net/krolson/archive/2010/01/27/code-download-and-the-web-deployment-tool-msdeploy-remote-management-options.aspx, January 27, 2010.
• Sourceforge, “NAnt Fundamentals,” nant.sourceforge.net/release/latest/help/fundamentals.
• Davesquared.net,“Basic .NET builds using Rake,” www.davesquared.net/2009/04/basic-net-builds-using-rake.html.

Guides and Tutorials

• MSBuild team blog: blogs.msdn.com/b/msbuild
• Visual Studio blog: blogs.msdn.com/b/visualstudio/archive/tags/msbuild
• Sayed Ibrahim Hashimi blog: sedodream.com
• Mike Fourie blog: mikefourie.wordpress.com
• MSBuild: By Example: en.csharp-online.net/MSBuild:_By_Example
• 7 Steps to MSBuild: brennan.offwhite.net/blog/2006/11/30/7-steps-to-msbuild
• Buck Hodges blog: blogs.msdn.com/b/buckh

Tools

• Build Tools: see Table 10-2
• MSBuild Extension Pack: msbuildextensionpack.codeplex.com
• Community TFS Build Extensions: tfsbuildextensions.codeplex.com
• MSBuild Community Tasks Project: msbuildtasks.tigris.org
• Web Deploy 2.0: www.iis.net/download/webdeploy
• Windows Installer XML (WiX) Toolset: wix.sourceforge.net

Continuous Integration

Books

• Marcin Kawalerowicz, Craig Berntson, Continuous Integration in .NET (Greenwich, CT: Manning Publications, 2011).
• Paul M. Duvall, Steve Matyas, Andrew Glover, Continuous Integration: Improving Software Quality and Reducing Risk, (Upper Saddle River, NJ: Addison-Wesley, 2007).
• John Ferguson Smart, Jenkins: The Definitive Guide (Sebastopol, CA: O'Reilly Media, Inc., 2011).

Articles

• The original CI article: http://martinfowler.com/articles/originalContinuousIntegration.html.
• Ward Cunningham describes Integration Hell in his wiki: c2.com/cgi/wiki?IntegrationHell.

Guides and Tutorials

• JetBrains provides a getting started guide for TeamCity: http://confluence.jetbrains.net/display/TCD65/Getting+Started.
• CruiseControl.NET provides installation and getting started guides on their project website: http://www.cruisecontrolnet.org/projects/ccnet.
• David Veksler provides a jumpstart for CI with TFS 2010: http://dotmac.rationalmind.net/2011/03/continuous-integration-with-tfs/.
• Patrick Weibel provides a Jenkins jumpstart for .NET development: http://blog.eweibel.net/?p=982.

Tools

• TFS 2010 Power Tools:http://msdn.microsoft.com/en-us/vstudio/bb980963.
• CCNetConfig is a GUI tool to manage CC.NET configuration files: http://ccnetconfig.codeplex.com/.
• Continuous Integration servers: see Table 11-2

Static Code Analysis

Books

• Brian Chess, Jacob West, Secure Programming with Static Analysis (Upper Saddle River, NJ: Addison-Wesley, 2007).
• Donis Marshall, John Bruno, Solid Code: Optimizing the Software Development Life Cycle (Redmond, WA: Microsoft Press, 2009). Chapter 10 provides an overview of code analysis and quality metrics.

Articles

• Scott Hanselman, “Educating Programmers with Placemats - NDepend Static Analysis Poster,” www.hanselman.com/blog/EducatingProgrammersWithPlacematsNDependStaticAnalysisPoster.aspx, June 2, 2007. Scott Hanselman provides a great overview of the NDepend metrics in this blog post.
• MSDN, “Analyzing Managed Code Quality by Using Code Analysis,” msdn.microsoft.com/en-us/library/dd264939.aspx.
• CodePlex, “A Brief History of C# Style,” stylecop.codeplex.com/wikipage?title=A%20Brief%20History%20of%20CSharp%20Style.
• John Robbins, “Bad Code? FxCop to the Rescue,” msdn.microsoft.com/en-us/magazine/cc188721.aspx, MSDN Magazine, June 2004.
• Anoop Madhusudanan, “Top 5 Common programming mistakes .NET developers must avoid !!” www.amazedsaint.com/2010/02/top-5-common-programming-mistakes-net.html, February 8, 2010.
• Jeff Atwood, “Code Smells,” www.codinghorror.com/blog/2006/05/code-smells.html, May 18, 2006.

Guides and Tutorials

• Visual Studio 2010 Code Analysis Rule Set Reference for Managed Code: msdn.microsoft.com/en-us/library/dd264925.aspx
• StyleCop documentation: stylecop.codeplex.com/documentation
• JetBrains Code Inspection wiki: confluence.jetbrains.net/display/ReSharper/Code+Inspection+Wiki

Tools

• StyleCop: stylecop.codeplex.com.
• Gendarme: www.mono-project.com/Gendarme. Gendarme is a rule-based tool to find problems in .NET applications and libraries.
• ReSharper: www.jetbrains.com/resharper/.
• . NET Assembly Browsing and Decompiling (see Table 12-3).
• Differencing: see Table 12-4.
• Duplicate Code Finders: see Table 12-5.
• Architecture and Design: see Table 12-8.

Dynamic Code Analysis

Books

• Michael Sutton, Adam Greene, Pedram Amini, Fuzzing: Brute Force Vulnerability Discovery (Upper Saddle River, NJ: Addison-Wesley, 2007).
• Ian Molyneaux, The Art of Application Performance Testing (Sebastopol, CA: O'Reilly Media, Inc., 2009). Effective automated performance testing is a big part of dynamic code analysis.
• Microsoft Corporation, J. Meier, Performance Testing Guidance for Web Applications (Redmond, WA: Microsoft Press, 2007). This book is available in PDF from Microsoft patterns & practices: http://www.codeplex.com/PerfTestingGuide/Release/ProjectReleases.aspx?ReleaseId=6690.

Articles

• Rahul V. Patil, Boby George, “Tools And Techniques to Identify Concurrency Issues,” http://msdn.microsoft.com/en-us/magazine/cc546569.aspx, MSDN Magazine, June 2008.

Guides and Tutorials

• Terrence Dorsey, “Tools and Techniques for .NET Code Profiling,” http://msdn.microsoft.com/en-us/magazine/hh288073.aspx, MSDN Magazine, July 2011.
• Visual Studio 2010 Ultimate, “Testing Application Performance and Stress,” http://msdn.microsoft.com/en-us/library/dd293540.aspx.
• Visual Studio 2010 Ultimate, “Creating and Editing Load and Web Performance Tests,” http://msdn.microsoft.com/enus/library/ee923687.aspx
• “Visual Studio 2010 Walkthrough: Run Tests and View Code Coverage,” http://msdn.microsoft.com/en-us/library/ms182534.aspx.

Tools

• Performance
  • Microsoft Visual Studio Ultimate and Premium: www.microsoft.com/visualstudio/en-us/products
  • JetBrains dotTrace: www.jetbrains.com/profiler
  • Red Gate Software ANTS Performance Profiler: www.red-gate.com/products/dotnet-development/ants-performance-profiler
  • EQATEC Profiler: eqatec.com/Profiler/Home.aspx
• Code Coverage: see Table 12-10
• Query Profiling: see Table 12-11

Security

Books

• J. D. Meier, Improving Web application security: threats and countermeasures, (Redmond, WA: Microsoft, 2003).
• Frank Swiderski, Window Snyder, Threat Modeling (Redmond, WA: Microsoft Press, 2004.)

Articles

• Michael Howard, “A Look Inside the Security Development Lifecycle at Microsoft,” msdn.microsoft.com/en-us/magazine/cc163705.aspx.
• Microsoft Security Development Lifecycle, “Writing Fuzzable Code,” blogs.msdn.com/b/sdl/archive/2010/07/07/writing-fuzzable-code.aspx.
• Microsoft Security Development Lifecycle, “Microsoft Security Development Lifecycle Process Tools,” www.microsoft.com/security/sdl/adopt/tools.aspx.
• Michael Howard, “8 Simple Rules For Developing More Secure Code,” msdn.microsoft.com/en-us/magazine/cc163518.aspx, MSDN Magazine, November 2006,
• MSDN, “Security in the .NET Framework,” msdn.microsoft.com/en-us/library/fkytk30f.aspx.
• Michael Howard, “Threat Models Improve Your Security Process,” msdn.microsoft.com/en-us/magazine/dd148644.aspx, MSDN Magazine, November 2008.
• Marcus Ranum, Fred Avolio, “Seven Tenets of Good Security,” www.avolio.com/papers/7tenets.html.
• Peter Torr, MSDN Blogs, “High-Level Threat Modelling Process,” blogs.msdn.com/b/ptorr/archive/2005/02/08/368881.aspx, February 8, 2005.
• Peter Torr, MSDN Blogs, “Guerrilla Threat Modeling,” blogs.msdn.com/b/ptorr/archive/2005/02/22/guerillathreatmodelling.aspx, February 22, 2005.
• MSDN, “ASP.NET Security,” msdn.microsoft.com/en-us/library/91f66yxt.aspx.

Guides and Tutorials

• Security and Identity: msdn.microsoft.com/en-us/library/ee663293(v=VS.85).aspx
• Secure Coding Guidelines: msdn.microsoft.com/en-us/library/8a3x2b7f.aspx
• MSDN Blogs, Security Tools: blogs.msdn.com/b/securitytools
• Microsoft Security Development Lifecycle Core Training classes: www.microsoft.com/download/en/details.aspx?displaylang=en&id=16420. Microsoft made its four core SDL Training classes available to the public.
• Security How-to Topics: msdn.microsoft.com/en-us/library/ms172378.aspx
• Microsoft Security Development Lifecycle (SDL) – Process Guidance: msdn.microsoft.com/en-us/library/cc307891.aspx

Tools

• Microsoft Web Protection Library: wpl.codeplex.com

Microsoft Research

• Microsoft Research: research.microsoft.com.
• DevLabs: msdn.microsoft.com/en-us/devlabs.
• Spec#: research.microsoft.com/en-us/projects/specsharp
• Automated Test Generation: research.microsoft.com/en-us/projects/atg
• Pex and Moles - Isolation and White box Unit Testing for .NET: research.microsoft.com/en-us/projects/pex
• Holmes: Automated Statistical Debugging for .NET: research.microsoft.com/en-us/projects/holmes
• Code Contracts: research.microsoft.com/en-us/projects/contracts

Miscellaneous

Books

• Stephen R. Covey, Principle Centered Leadership (New York: Summit, 1991).
• Richards J Heuer, Psychology of Intelligence Analysis (Washington, DC: Center for the Study of Intelligence, Central Intelligence Agency, 1999).
• Richard Marcinko, Leadership Secrets of the Rogue Warrior: A Commando's Guide to Success (New York: Simon and Schuster, 2000).
• Stephen M. R. Covey, Rebecca R. Merrill, Stephen R. Covey, The Speed of Trust: The One Thing That Changes Everything (New York, Simon and Schuster, 2008)
• Fergus O'Connell, How to Run Successful Projects III: the Silver Bullet (New York: Addison Wesley, 2001).
• Fergus O'Connell, The Competitive Advantage of Common Sense: Using the Power You Already Have (FT Press, 2003).

Articles

• Joel Spolsky, “A Little Less Conversation,” www.inc.com/magazine/20100201/a-little-less-conversation.html, Inc. Magazine, Feb 2010.
• Wikipedia, “Cognitive bias,” en.wikipedia.org/wiki/Cognitive_bias.
• Wikipedia, “List of cognitive biases,” en.wikipedia.org/wiki/List_of_cognitive_biases.