index

A

abstraction boundaries 56 – 57

alert command 156

algorithms

Big-O notation 17 – 18

defined 15 – 18

analyze prompt 239

anti-patterns 93

abstraction boundaries 56 – 57

bad code 83

breaking code 55

changing code 54, 62

classes 76

clean code 64 – 65

code rigidity 54 – 55

comments 88 – 90

enums 76 – 78

erasing and rewriting 61 – 62

example web page 59 – 60

gotos 85 – 88

If/Else constructs 83 – 85

inheritance 74 – 76

inventing 71 – 74

isolating common functionality 57 – 59

leveraging functions 90 – 92

naming 90

repetition 66 – 70

reusing vs. copying 70 – 71

structs 78 – 82

technical debt 60

upgrade scenarios 62 – 64

writing from scratch 61

applicability 224

architectural changes, refactoring 124, 126, 136

arrays 23 – 24

async code 219 – 220

multithreading 219 – 220

sync code and 219

async I/O 193 – 196

async/await semantics 195 – 196

callback functions 194 – 195

compiler warnings and 196

async keyword 217 – 218

Async suffix 217

attributes 173

automated tests 96

await keyword 216 – 218, 220

B

Badge class 180

BDD (behavior-driven development) 105 – 106

BeginRead function 194

benchmarking 172 – 175

Big-O notation 17 – 18

binding redirects 63

Boolean expressions, evaluating 182 – 183

boundary conditionals 109

branch prediction 187

branch prediction, CPUs 187 – 189

breaking code 55

Brooks, Fred 5, 199

bugs 241

debugging 236 – 241

dump diving 237 – 240

printf() debugging 236 – 237

rubber duck debugging 240 – 241

exceptions

crashes and 227 – 229

errors vs. 234 – 235

exception resiliency 229 – 233

overview 225 – 227

triaging 223 – 224

unknown errors 224 – 235

business layer 58

byte data type 184

C

caching

CPUs 185

dictionaries 162 – 163

performance and 196 – 197

call stacks 30

callback functions, async I/O 194 – 195

callback hell 195

Capitalize function 67, 69 – 70

CapitalizeEveryWord function 69

CapitalizeFirstLetter function 69

captcha 161 – 162

catch block 225, 227 – 229, 233

CDNs (content delivery networks) 233

churn 46

class keyword 81

classes, avoiding 76

clean code 64 – 65

clock cycle 177

cloud storage 164 – 165

code coverage 110 – 111

code reviews 95

code rigidity 54 – 55

code, extracting into shareable parts 128 – 129

comments, avoiding 88 – 90

compiled programming languages 31

compiler warnings, async I/O and 196

components, identifying for refactoring 126

composition 74

computer science theory 52

algorithms

Big-O notation 17 – 18

defined 15 – 18

data structures 19 – 30

arrays 23 – 24

call stacks 30

dictionaries 26 – 28

HashSets 29

linked lists 25 – 26

lists 24

queues 26

stacks 29

strings 20 – 23

types 30 – 52

frameworks 37 – 40

nullable or non-nullable 41 – 47

performance 47 – 49

proof of validity 32 – 37

reference types vs. value types 49 – 52

strongly typed and weakly typed 32 – 52

understandability 40 – 41

Concurrent* thread-safe data structure 205

Connection class 215

connection pool 211

Console.WriteLine() function 236

constant time 18

Contains method 181

content delivery networks (CDNs) 233

Content Security Policy (CSP) 159

ContinueWith task method 218

copy-paste programming 66

CopyAsync task object 195

CopyToAsync function 196

Count property 208

CPUs 183 – 185

branch prediction 187 – 189

caching 185

pipelining 185 – 187

SIMD 189 – 191

crashes, exceptions and 227 – 229

CreatedOn struct 44

CSP (Content Security Policy) 159

CSPRNG (cryptographically secure pseudorandom generator) 169

CSRF (cross-site request forgery) 159 – 163

caches 162 – 163

captcha 161 – 162

captcha alternatives 162

floods 161

culture 22

cycle 177

D

data structures 19 – 30

arrays 23 – 24

call stacks 30

dictionaries 26 – 28

HashSets 29

linked lists 25 – 26

lists 24

queues 26

stacks 29

strings 20 – 23

databases

avoiding database connections 211 – 215

NOLOCK hint 209 – 211

ORM 214 – 215

DateTime class 108

DateTimeOffset class 99, 101, 108

DbContext instance 214, 218

deadlocks 202

Debug configuration 102

Debug.Assert method 102 – 103

Debug.WriteLine() function 237

debugging 236 – 241

dump diving 237 – 240

printf() debugging 236 – 237

rubber duck debugging 240 – 241

defer statement 88

dependency 54

dependency inversion principle 74, 130

dependency reception 130

designing with security in mind 146 – 147

destination 126

DI (dependency injection) 130 – 135

dictionaries 26 – 28

dirty data 210

DivRem function 172 – 173, 175, 178

DMA (direct memory access) 193

DoS (denial of service) 161

dotnet command 164

dotnet dump command 237 – 239

double data type 76

DownloadFile method 228

dump diving 237 – 240

E

else statements 84

Entity Framework library 47

enum construct 76

enum parameter 120

enums 76 – 78

Equals() method 34 – 35

Error label 87

error() function 87 – 88

errors

exceptions vs. 234 – 235

unknown errors 224 – 235

everyWord parameter 67, 71

exceptions

crashes and 227 – 229

errors vs. 234 – 235

exception resiliency 229 – 233

overview 225 – 227

ExpectedResult values 104

extension method 99

Extract method 92

F

File.Create method 118

File.OpenRead method 118

File.OpenWrite method 118

filename parameter 68

fixed salts, avoiding 168

float data type 39

floods 161

for/while loops 85

FormatFilename function 71

FormattableString interface 154

FromSqlInterpolated function 154

functions

callback functions 194 – 195

leveraging 90 – 92

G

Garbage Collector 50

gardening activity 62, 64

get method 205

GET request 231

get_ prefix 180

GetBadgeNames() function 181

GetHashCode method 27 – 28, 34

GetHashCode() function 29, 165

GetTrendingTags function 117

GetUserId function 149

gotos 85 – 88

GUIDs (globally unique identifiers) 169

H

happy path 84

HashCode class 28

hashing 27

hashmaps 26

HashSet<T> data structure 181

HashSets 29

heap 49

hot paths 112

Html.Raw statement 158

HtmlString type 158

HTTP POST request 233

HttpClient object 218

I

I/O 191 – 196

async I/O 193 – 196

async/await semantics 195 – 196

callback functions 194 – 195

compiler warnings and 196

speeding up 191 – 193

if statements 68, 108, 110, 187, 234

If/Else constructs, avoiding 83 – 85

IHtmlContent type 158

immutability 21

Immutable* thread-safe data structure 205

impact 224

indexer property 208

inheritance, avoiding 74 – 76

Instance property 206 – 207

int data type 39, 76, 116 – 117, 184, 189

integration tests 96

interpreted programming languages 31

IoC (inversion of control) 130

IsVisible property 179 – 182

J

JavaScript injection 155

JDK (Java Development Kit) 125

K

Kafka, Franz 222

key-value things 26

L

LazyInitializer class 207

leaked data 165

LIFO (Last In First Out) 29, 78

linked lists 25 – 26

List<T>.Contains() function 181

lists

linked lists 25 – 26

overview 24

lock statement 201, 206 – 207

lock-free data structures 204

locking feature 199 – 209

logic layer 58

long data type 76

M

Main method 174, 219, 229

manual testing 95

Math.DivRem() function 172 – 174

MemoryCache class 197

Messages table 60

Metamorphosis (Kafka) 222

microbenchmarking 173

MITM (man-in-the-middle) 148

Mono 125

monolith 220 – 221

MoveResult type 41

multiple inheritance 74

multithreading 30, 193 – 194, 219 – 220

Mythical Man Month, The (Brooks) 5, 199

N

nameof operator 113

naming

naming conventions 90

tests 120 – 121

nested loops 179 – 181

.NET Compact Framework 125

.NET Framework 125

.NET Standard 125

NOLOCK hint 209 – 211

NOLOCK query 210 – 211

Not Invented Here Syndrome 71

nullable value types 42

nulls 41 – 47, 113 – 116

O

object relational mapping (ORM) 134, 214 – 215

ON ERROR GOTO statement 85

onComplete() function 194

onRead handler 194

onRead() function 194

OOP (object-oriented programming) 74

operator overloads 34

optimization 197

benchmarking 172 – 175

caching 196 – 197

CPUs 183 – 185

branch prediction 187 – 189

caching 185

pipelining 185 – 187

SIMD 189 – 191

evaluating Boolean expressions 182 – 183

I/O 191 – 196

async I/O 193 – 196

speeding up 191 – 193

nested loops 179 – 181

performance vs. responsiveness 175 – 176

sluggishness 177 – 178

string-oriented programming 181 – 182

ORM (object relational mapping) 134, 214 – 215

overflow 65535

P

parameterization 152 – 154

parameterized queries 152

parameterized tests 104

Parameters object 152

[Params] attribute 173

Pareto principle 112

password hashing 165 – 166

PBKDF2 (Password-Based Key Derivation Function Two) 166

performance

responsiveness vs. 175 – 176

sluggishness 177 – 178

PID (process identifier) 238

pipelining, CPUs 185 – 187

placid_turn value 150

pointers 49

polymorphism 24

popping 29

POST request 159 – 160, 231

preemption 216

printf() debugging 236 – 237

priority 224

production, testing in 96 – 97

proof of validity 32 – 37

pushing 29

Q

query plan cache pollution 152

queues 26

R

race condition 201

random values, security and 168 – 169

ReadAsync function 195

ReadByte() function 191

record types 46

refactoring 139

architectural changes 124 – 136

composition and 129

dependency injection (DI) 130 – 135

estimating work and risk 127 – 128

extracting code into
shareable parts 128 – 129

final stretch 135 – 136

identifying components 126

purpose of 123 – 124

testing 136 – 137

when not to refactor 138

reference types 49 – 52

regression 54

repetition 66 – 70

return statement 84 – 86, 218

return/break/continue statements 85

rubber duck debugging 240 – 241

S

scalability

databases

avoiding database connections 211 – 215

NOLOCK hint 209 – 211

ORM (object relational mapping) 214 – 215

locking and 199 – 209

monolith 220 – 221

overview 199

threads 215 – 220

security 170

cross-site scripting 155 – 159

common pitfalls 157 – 158

CSP 159

preventing 156 – 157

SQL injection and 155 – 156

CSRF 159 – 163

caches 162 – 163

captcha 161 – 162

captcha alternatives 162

floods 161

dangers of implementing your own 148 – 149

designing with security in mind 146 – 147

exploiting vulnerabilities 141 – 142

security by obscurity 147 – 148

SQL injection attacks

overview 149 – 152

parameterization 152 – 154

storing secrets in source code 163 – 169

cloud storage 164 – 165

comparing strings 166 – 168

fixed salts 168

leaked data 165

minimizing unnecessary data collection 165

password hashing 165 – 166

random values 168 – 169

UUIDs (universally unique identifiers) 169

threat modeling

overview 142 – 146

pocket-sized threat models 144 – 146

writing secure web apps 146 – 159

security by obscurity 147 – 148

SELECT query 210

setthread command 239

severity 224

SIMD (single instruction, multiple data) 189 – 191

sluggishness 177 – 178

smoke testing 113

software development 13

overview of book

themes 12

what this book isn't 12

problems of 7 – 12

black boxes 10

focus on own stack 11

paradigm-driven 9 – 10

stigma against menial work 11 – 12

too many technologies 8 – 9

underestimating overhead 11

street coders

defined 3 – 4

qualities of 4 – 7

what matters in 2 – 3

source code and security

cloud storage 164 – 165

comparing strings 166 – 168

fixed salts 168

leaked data 165

minimizing unnecessary data collection 165

password hashing 165 – 166

random values 168 – 169

UUIDs 169

space complexity 18

SQL injection attacks

overview 149 – 152

parameterization 152 – 154

SqlCommand class 150

stack pointer 30

stacks 29 – 30

StatsController class 59

Stream class 196

street coders

defined 3 – 4

qualities of 4 – 7

embracing complexity and ambiguity 6 – 7

high-throughput 6

questioning 5

results-driven 5 – 6

string data type 39

string-oriented programming 181 – 182

String.Concat() function 22

strings 20 – 23

StringValue class 113

strongly typed 31 – 32

structs 51, 78 – 82

submit action 85

Submit function 91

suite class 174

Sum() function 231

switch expression 235

System.Diagnostics namespace 102

System.Runtime.Caching package 197

System.Uri class 112

T

Task.Wait() function 219

TDD (test-driven development 101, 105 – 106

technical debt 60

TestCase attributes 104

testing 121

avoiding writing tests 112 – 113

choosing tests wisely 112 – 113

nonexistent code 112

deciding what to test 107 – 111

code coverage 110 – 111

respecting boundaries 107 – 110

letting compiler test code 113 – 120

eliminating null checks 113 – 116

eliminating range checks 116 – 118

eliminating valid value checks 118 – 120

naming tests 120 – 121

refactoring 136 – 137

sample test 99 – 105

TDD and BDD 105 – 106

types of 95 – 98

automated tests 96

choosing methodology 97 – 98

manual testing 95

production, testing in 96 – 97

writing tests 106 – 107

thread-safe 199

threads 215 – 220

async code 219 – 220

multithreading 219 – 220

overview 219

sync code and 219

threads command 239

threat modeling

overview 142 – 146

pocket-sized threat models 144 – 146

tight coupling 74

time complexity 18

TimeSpan function 109

ToLower function 68

ToString() function 35

ToUpper function 68

Trace.WriteLine() function 237

triaging 223

try block 225, 227

try/catch block 228 – 229, 234

Turing machine 223

types 30 – 52

frameworks 37 – 40

nullable or non-nullable 41 – 47

performance 47 – 49

proof of validity 32 – 37

reference types vs. value types 49 – 52

strongly typed and weakly typed 32 – 52

understandability 40 – 41

U

uint integers 16

unit tests 96

unknown errors 224 – 235

unknown state 226

UPDATE operation 232

upgrade scenarios 62 – 64

Username class 115, 158

UUIDs (universally unique identifiers) 169

V

ValidateAntiForgeryToken attribute 160

value types 49 – 52

Vector type 189 – 190

Vector<T> instance 190

ViewModel class 158

virtual calls 24

virtual memory 49

void return type 217

W

weakly typed 31 – 32

WebClient instance 228

WriteAsync function 195

writing secure web apps 146 – 159

X

XSS (cross-site scripting) 155 – 159

common pitfalls 157 – 158

CSP 159

preventing 156 – 157

SQL injection and 155 – 156

Z

zombie processes 30

zone 98