Technology UpdateADVANTAGES OF RAZORThe idea behind Razor is to providean optimized syntax for HTMLgeneration using a code-focusedtemplating approach, with minimaltransition between HTML and code.The design reduces the number ofcharacters and keystrokes, and enables amore fluid coding workflow.n Is not a new language (no majorchanges to learn)n Supports IntelliSense (statementcompletion support)n Unit Testablen Supports "layouts" (an alternative tothe "master page" concept in aspx pages)HTML ENCODINGWhen you display content in a pageusing the @ character, ASP.NETHTML-encodes the output. Thisreplaces reserved HTML characters(such as < and > and &) with codes thatenable the characters to be displayed ascharacters in a web page instead of beinginterpreted as HTML tags or entities.Without HTML encoding, the outputfrom your server code might not displaycorrectly, and could expose a page tosecurity risks.HOW DOES IT WORK?Razor is a simple programming syntaxfor embedding server code in web pages.Razor web pages can be described asHTML pages with two kinds of content:HTML content and Razor code. Whenthe server reads the page, it runs theRazor code first, before it sends theHTML page to the browser. The codethat is executed on the server canperform tasks that cannot be done in thebrowser. Server code can create dynamicHTML content on the fly, before it issent to the browser.MAIN RAZOR SYNTAX RULES FORC#n Razor code blocks are enclosed in @{... }n Inline expressions (variables andfunctions) start with @n Code statements end with semicolonn Variables are declared with the varkeywordn Strings are enclosed with quotationmarksn C# code is case sensitiven C# files have the extension .cshtmland VB files have extension .vbhtml.RE-USABLE CONTENTYou can have reusable blocks ofcontent (content blocks), like headersand footers, in separate files. You canalso define a consistent layout for allyour pages, using a layout template(layout file). Many websites have contentthat is displayed on every page (likeheaders and footers). With Web Pagesyou can use @RenderPage() method toimport content from separate files.Content block can be importedanywhere in a web page and is just likeany regular web page.ASP.NET inserts the content blocks atthe point where the RenderPage()method is called. The merged page isthen sent to browser.Another approach to creating aconsistent look is to use a layout page. Alayout page contains structure, but notthe content, of a web page. When a webpage is linked to a layout page, it will bedisplayed according to the layout page(template). The layout page is just like anormal web page, except from a call tothe @RenderBody() method where thecontent page will be included.ASP.NET HELPERSASP.NET helpers are componentsthat can be accessed by single lines ofRazor code. You can build your ownhelpers using Razor syntax, or use builtinASP.NET helpers. Some useful Razorhelpers:1. Web Grid and Graphics2. Google Analytics3. Facebook & Twitter Integration4. Sending Email5. ValidationNUGET OVERVIEWIf you want to use a library or tool thatsomeone else has developed, youretrieve the package from the repositoryand install it in your Visual Studioproject or solution. Everything necessaryto install a library or tool is bundled intoa package (a .nupkg file).DEVELOPMENT TOOLSWebMatrix is a free tool that integratesa web page editor, a database utility, aweb server for testing pages, and featuresfor publishing your website. It also worksfor just plain HTML pages, as well as forother technologies like PHP. To installWebMatrix, you can use Microsoft’sWeb Platform Installer. You can alsocreate pages by using text editor and testpages by using your existing. You canalso use Visual Studio 2010 or later towork with ASP.NET Web Pages. If youdon't want to use either WebMatrix orVisual Studio, you can install thecomponent products individually usingMicrosoft Web Platform Installer.<strong>October</strong> <strong>2012</strong> | informatics.nic.in | 26
Technology UpdateDISSECTINGA MALWARE ATTACKA malware can sneakinto a system in theguise of a mailattachmentor thesystem can getinfected by simplyvisiting a maliciouswebsite. User is oftentaken off-guard whilethe malware sneaksinto the system andcompromises itsintegrity.RAJ K. RAINATechnical Directorrk.raina@nic.inEdited byMOHAN DASMalware (short formalicious Software) isthe main playerbehind most computersecurity incidents. It is a code/programthat disrupts normal computeroperation or steals information fromcomputer without user’s knowledge.Malware Analysis is one of the keydefenses employed to contain andmitigate the security incidents in cyberspace.Govt. of India has a huge IT userbase handling critical data. Theconstant malware attacks make itimperative to have a generalunderstanding of how the malwareworks. A malware cannot get into asystem by itself and can neitherexecute of its own. It always requiresa user intervention to execute itsmission. The malware attacks can bereduced/ minimized to a large extentby understanding the nature ofmalwares and this is where the“Malware Analysis” plays its role.In the event of an attack, Analysis ofMalwares provides valuableintelligence for gearing up anddeveloping signatures for the securitydevices in place. The signaturesapplied at gateways help to identifyinfected machines and to deter/stopfurther occurrences of similar attacks.And signatures updated in theenterprise security solutions arepercolated to the end-points to removethe infections.MALWARE A CAMOUFLAGEMalware disguises in packages suchas Games, Cool Animations, FAKEAnti-virus, a Pornographicimage/movie on the web. Thesepackages entice the user to unlatch theregular security of his system. Amalware can also sneak into a systemin the guise of a mail-attachment or bysimply visiting a malicious website.User is often taken off-guard while themalware sneaks into the system &compromises its integrity.MALWARE ATTACK – A CASEThe Dissection of a malware willgive you an insight into how amalware peeps into a system and stealsthe information wonderfully.This particular malware attack usedmail as the transport mechanism fortargeting users working at sensitiveplaces in NICNET. The emailappeared to be coming from a knownhigh ranking officer and containedinstructions which would tempt therecipient to open the attachment thatthe mail contained.An e-mail bearing subject“HOLIDAY BLESSINGS” wasreceived by a large number of users<strong>October</strong> <strong>2012</strong> | informatics.nic.in | 27