How can you help the Stack Exchange Beta site for Sitecore

A month ago Mark Cassidy took the initiative to start a Stack Exchange beta site. In doing so we got the community together and got them to commit to the cause. The community rose to the occasion was were quickly in beta. It was the fastest path to beta and other users were questioning how […]

Read More

Microsoft Extensions Dependency Injection (DI) with Sitecore 8.2 Sample Project

Sitecore 8.2 was released with Microsoft Dependency Injection. I wanted to try to setup a sample project which utilizes the DI. First and foremost, I thank Kam for writing the ServiceCollectionExtensions and making my life easier. As with everything we start with a fresh install of Sitecore 8.2 (sc82rev160729). Following which setup a base visual studio project. […]

Read More

IoC Container Benchmark comparison 2016 including Microsoft.Extensions.DependencyInjection

As most of you know, my favorite is SimpleInjector. I use it in all my projects. Since Sitecore 8.2 was released yesterday (August 30th 2016), I decided to do a performance benchmark against Microsoft Extensions DependencyInjection which is used as part of Sitecore to provide DependencyInjection. Kam has written a blog post: Dependency Injection in […]

Read More

Secure Sitecore : Secure Headers XSS Protection

We have been going through XSS vulnerability in the past two posts. I am going to end this series with one last post about Secure Headers. We will go through a few headers that we can implement. Environment testing was done on two Windows 10 machines with Sitecore 8.1 update 3. Browsers use were Chrome (), Firefox […]

Read More

Secure Sitecore : Cross Site Scripting (XSS) Vulnerability Prevention

In the last Cross Site Scripting (XSS) post: Secure Sitecore : Cross Site Scripting (XSS) Vulnerability Findings , we looked at how these attacks might look based on the browser the user is using. The interesting factor is that a potential attacker might not use a browser at all. You do not need a browser to […]

Read More

Secure Sitecore : Cross Site Scripting (XSS) Vulnerability Findings

Lately I have been focussed on OWASP Top 10 security guidelines and locking down sites. The next one on the list is Cross Site Scripting (XSS). According to OWASP: Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when […]

Read More

Secure Sitecore : Headers are a headache but nothing we cannot solve!

Lately I have been focussed on OWASP Top 10 security guidelines and locking down sites. The next one on the list is Response Headers. For reach page request, the server sends over the headers containing information about the server and ASP.NET. Some call it chatty headers and less we send back the better it is […]

Read More

Secure Sitecore : Why use a custom 500 error page?

Enable custom errors to restrict users from seeing sensitive information such as the paths, stack trace and .NET version information. A potential hacker can get a lot of information on your environment just by looking at the default error page. There are several things you could do to secure your Sitecore instance, namely the Sitecore […]

Read More

TIHIDI: Hardcode Constants vs. Sitecore Configuration Factory

This blog post will go through how I setup my solution to be able to read everything I need from configuration rather than hardcoding it as part of code. During a project, you might have the need to store Id’s or strings in your project. What ever you do, DONOT store them as part of […]

Read More

TIHIDI: Implement a simple controller rendering in Sitecore MVC

This blog post will go through how I setup a basic Controller rendering using Glass Mapper Model. Visit http://www.glass.lu/mapper/sc for more information on Glass Mapper for Sitecore. TIHIDI: Stands for This Is How I Do It. I am going to write a series of blog posts going through how I do Sitecore related work. Hope it […]

Read More