abstraction boundaries 56 – 57
alert command 156
analyze prompt 239
anti-patterns 93
abstraction boundaries 56 – 57
bad code 83
breaking code 55
classes 76
isolating common functionality 57 – 59
naming 90
technical debt 60
writing from scratch 61
applicability 224
architectural changes, refactoring 124, 126, 136
sync code and 219
async/await semantics 195 – 196
compiler warnings and 196
Async suffix 217
attributes 173
automated tests 96
Badge class 180
BDD (behavior-driven development) 105 – 106
BeginRead function 194
binding redirects 63
Boolean expressions, evaluating 182 – 183
boundary conditionals 109
branch prediction 187
branch prediction, CPUs 187 – 189
breaking code 55
bugs 241
rubber duck debugging 240 – 241
exception resiliency 229 – 233
business layer 58
byte data type 184
CPUs 185
call stacks 30
callback functions, async I/O 194 – 195
callback hell 195
Capitalize function 67, 69 – 70
CapitalizeEveryWord function 69
CapitalizeFirstLetter function 69
catch block 225, 227 – 229, 233
CDNs (content delivery networks) 233
churn 46
class keyword 81
classes, avoiding 76
clock cycle 177
code reviews 95
code, extracting into shareable parts 128 – 129
compiled programming languages 31
compiler warnings, async I/O and 196
components, identifying for refactoring 126
composition 74
computer science theory 52
call stacks 30
HashSets 29
lists 24
queues 26
stacks 29
nullable or non-nullable 41 – 47
reference types vs. value types 49 – 52
strongly typed and weakly typed 32 – 52
Concurrent* thread-safe data structure 205
Connection class 215
connection pool 211
Console.WriteLine() function 236
constant time 18
Contains method 181
content delivery networks (CDNs) 233
Content Security Policy (CSP) 159
ContinueWith task method 218
copy-paste programming 66
CopyAsync task object 195
CopyToAsync function 196
Count property 208
caching 185
crashes, exceptions and 227 – 229
CreatedOn struct 44
CSP (Content Security Policy) 159
CSPRNG (cryptographically secure pseudorandom generator) 169
CSRF (cross-site request forgery) 159 – 163
captcha alternatives 162
floods 161
culture 22
cycle 177
call stacks 30
HashSets 29
lists 24
queues 26
stacks 29
avoiding database connections 211 – 215
DateTime class 108
DateTimeOffset class 99, 101, 108
deadlocks 202
Debug configuration 102
Debug.WriteLine() function 237
rubber duck debugging 240 – 241
defer statement 88
dependency 54
dependency inversion principle 74, 130
dependency reception 130
designing with security in mind 146 – 147
destination 126
DI (dependency injection) 130 – 135
dirty data 210
DivRem function 172 – 173, 175, 178
DMA (direct memory access) 193
DoS (denial of service) 161
dotnet command 164
double data type 76
DownloadFile method 228
else statements 84
Entity Framework library 47
enum construct 76
enum parameter 120
Error label 87
exception resiliency 229 – 233
ExpectedResult values 104
extension method 99
Extract method 92
File.Create method 118
File.OpenRead method 118
File.OpenWrite method 118
filename parameter 68
fixed salts, avoiding 168
float data type 39
floods 161
for/while loops 85
FormatFilename function 71
FormattableString interface 154
FromSqlInterpolated function 154
Garbage Collector 50
get method 205
GET request 231
get_ prefix 180
GetBadgeNames() function 181
GetHashCode method 27 – 28, 34
GetHashCode() function 29, 165
GetTrendingTags function 117
GetUserId function 149
GUIDs (globally unique identifiers) 169
happy path 84
HashCode class 28
hashing 27
hashmaps 26
HashSet<T> data structure 181
HashSets 29
heap 49
hot paths 112
Html.Raw statement 158
HtmlString type 158
HTTP POST request 233
HttpClient object 218
async/await semantics 195 – 196
compiler warnings and 196
if statements 68, 108, 110, 187, 234
If/Else constructs, avoiding 83 – 85
IHtmlContent type 158
immutability 21
Immutable* thread-safe data structure 205
impact 224
indexer property 208
int data type 39, 76, 116 – 117, 184, 189
integration tests 96
interpreted programming languages 31
IoC (inversion of control) 130
JavaScript injection 155
JDK (Java Development Kit) 125
Kafka, Franz 222
key-value things 26
LazyInitializer class 207
leaked data 165
LIFO (Last In First Out) 29, 78
List<T>.Contains() function 181
overview 24
lock-free data structures 204
logic layer 58
long data type 76
manual testing 95
Math.DivRem() function 172 – 174
MemoryCache class 197
Messages table 60
Metamorphosis (Kafka) 222
microbenchmarking 173
MITM (man-in-the-middle) 148
Mono 125
MoveResult type 41
multiple inheritance 74
multithreading 30, 193 – 194, 219 – 220
Mythical Man Month, The (Brooks) 5, 199
nameof operator 113
naming conventions 90
.NET Compact Framework 125
.NET Framework 125
.NET Standard 125
Not Invented Here Syndrome 71
nullable value types 42
object relational mapping (ORM) 134, 214 – 215
ON ERROR GOTO statement 85
onComplete() function 194
onRead handler 194
onRead() function 194
OOP (object-oriented programming) 74
operator overloads 34
optimization 197
caching 185
evaluating Boolean expressions 182 – 183
performance vs. responsiveness 175 – 176
string-oriented programming 181 – 182
ORM (object relational mapping) 134, 214 – 215
overflow 65535
parameterized queries 152
parameterized tests 104
Parameters object 152
[Params] attribute 173
Pareto principle 112
PBKDF2 (Password-Based Key Derivation Function Two) 166
PID (process identifier) 238
placid_turn value 150
pointers 49
polymorphism 24
popping 29
preemption 216
priority 224
production, testing in 96 – 97
pushing 29
query plan cache pollution 152
queues 26
race condition 201
random values, security and 168 – 169
ReadAsync function 195
ReadByte() function 191
record types 46
refactoring 139
architectural changes 124 – 136
composition and 129
dependency injection (DI) 130 – 135
estimating work and risk 127 – 128
extracting code into
shareable parts 128 – 129
identifying components 126
when not to refactor 138
regression 54
return/break/continue statements 85
rubber duck debugging 240 – 241
avoiding database connections 211 – 215
ORM (object relational mapping) 214 – 215
overview 199
security 170
cross-site scripting 155 – 159
CSP 159
captcha alternatives 162
floods 161
dangers of implementing your own 148 – 149
designing with security in mind 146 – 147
exploiting vulnerabilities 141 – 142
security by obscurity 147 – 148
storing secrets in source code 163 – 169
fixed salts 168
leaked data 165
minimizing unnecessary data collection 165
UUIDs (universally unique identifiers) 169
pocket-sized threat models 144 – 146
writing secure web apps 146 – 159
security by obscurity 147 – 148
SELECT query 210
setthread command 239
severity 224
SIMD (single instruction, multiple data) 189 – 191
smoke testing 113
software development 13
themes 12
what this book isn't 12
black boxes 10
focus on own stack 11
stigma against menial work 11 – 12
underestimating overhead 11
fixed salts 168
leaked data 165
minimizing unnecessary data collection 165
UUIDs 169
space complexity 18
SqlCommand class 150
stack pointer 30
StatsController class 59
Stream class 196
embracing complexity and ambiguity 6 – 7
high-throughput 6
questioning 5
string data type 39
string-oriented programming 181 – 182
String.Concat() function 22
StringValue class 113
submit action 85
Submit function 91
suite class 174
Sum() function 231
switch expression 235
System.Diagnostics namespace 102
System.Runtime.Caching package 197
System.Uri class 112
Task.Wait() function 219
TDD (test-driven development 101, 105 – 106
technical debt 60
TestCase attributes 104
testing 121
avoiding writing tests 112 – 113
choosing tests wisely 112 – 113
nonexistent code 112
deciding what to test 107 – 111
respecting boundaries 107 – 110
letting compiler test code 113 – 120
eliminating null checks 113 – 116
eliminating range checks 116 – 118
eliminating valid value checks 118 – 120
automated tests 96
manual testing 95
production, testing in 96 – 97
thread-safe 199
overview 219
sync code and 219
threads command 239
pocket-sized threat models 144 – 146
tight coupling 74
time complexity 18
TimeSpan function 109
ToLower function 68
ToString() function 35
ToUpper function 68
Trace.WriteLine() function 237
triaging 223
try/catch block 228 – 229, 234
Turing machine 223
nullable or non-nullable 41 – 47
reference types vs. value types 49 – 52
strongly typed and weakly typed 32 – 52
uint integers 16
unit tests 96
unknown state 226
UPDATE operation 232
UUIDs (universally unique identifiers) 169
ValidateAntiForgeryToken attribute 160
Vector<T> instance 190
ViewModel class 158
virtual calls 24
virtual memory 49
void return type 217
WebClient instance 228
WriteAsync function 195
writing secure web apps 146 – 159
XSS (cross-site scripting) 155 – 159
CSP 159
zombie processes 30
zone 98
3.147.85.175