Software Company Hirachy

Software Company Hirachy

Following are the number of years of experience according to position.

√ Junior engineers are specially fresher and work under software engineers.

√ Software engineers have around 1 to 2 years of experience. Interviewer expects software engineers to be technically at a medium level.

√ Senior Software Engineers have around 2 to 4 years of experience. Interviewer expects them to technically be very strong.

√ Project leads should handle majority technical aspect of project and should have around 4 to 8 years of experience. They are also indirect architect of the project. Interviewer expects them to be technically strong and in terms of architecture to be decent. Interviewer also expects them to have people management skills.

√ Project Manager are expected to be around 40% technically strong and should have experience above 10 years plus. But they are more interviewed from aspect of project management, client interaction, people management, proposal preparation etc.

SQL Server with ASP.NET

SQL Server with ASP.NET

Visual Studio .NET provides Web Forms controls, such as the DataGrid control that you can use to access data from various data sources, such as a SQL server or a Jet database. This chapter introduces you to the Structured Query Language (SQL), which is used to access data stored on a SQL server through Web Forms. You'll also learn how to use ADO Extensions to create and manage different schema objects, such as databases and tables.

Server-side data access is critical to all real-world applications. Therefore, these applications must address server-side data access to implement business solutions. This section introduces you to the SQL server data access through Web Forms.

Microsoft SQL Server is a Relational Database Management System (RDBMS) that is used to store and organize related data — the collection of related data is called a database. Microsoft SQL Server is based on the client/server architecture, in which data is stored on a centralized computer called a server. Other computers, called clients, can access the data stored on the server through a network. The client/server architecture prevents data inconsistency.

You can access data stored on a SQL server through Web Forms. To do so, you can create Web applications that have data access controls. These data access Web controls present the data in a consistent manner irrespective of the actual source, such as Microsoft SQL Server or MS Access. Therefore, while creating a Web application, you do not need to worry about the format of the data. However, before you can access or manipulate data from a SQL server, you need to perform the following steps in the specified sequence:

1. Establish a connection with the SQL Server.
2. Write the actual command to access or manipulate data.
3. Create a result set of the data from the data source with which the application can work. This result set is called the data set and is disconnected from the actual source. The application accesses and updates data in the data set, which is later reconciled with the actual data
source.

To achieve this functionality, you first need to import two namespaces, System.Data and System.Data.SqlClient, into your Web Forms page.

The two namespaces are described as follows:

System.Data: A collection of classes that are based on the ADO.NET architecture. The ADO.NET architecture allows for efficient data management and manipulation from multiple data sources. ADO.NET provides tools to request and update data in a data set, and reconcile data in the actual data source. Some of the classes included in this namespace
are described as follows:

DataSet: Represents the data set cached in memory with which applications work.
DataTable: Represents a table of data in a data set.
DataRow: Represents a row of data in a data table.
DataColumn: Represents a column of data in a data table.

System.Data.SqlClient: A collection of classes that are used to access SQL server data sources. Some of the classes are listed as follows:

SqlConnection: Represents a connection with a SQL server data source. The first step to access data from a SQL server database is to create an object of this class.

SqlDataAdapter: Represents a set of data commands and a database connection that are used to access or manipulate data. After creating a SqlConnection object, you need to create an object of the SqlDataAdapter class to populate the data set and update the data source.

SqlCommand: Represents the SQL command to perform data operations in a SQL server data source.

A SQL database stores data in tables, which consist of rows and columns. A column stores the information regarding properties of an item, while a row stores the complete information of an item. For example, consider a Products table. The columns store information, such as product identification number, product name, and quantity available. The rows store information about different products. Each column stores data of a specific type. Therefore, each column has a specific data type.

Retrieving data from a SQL database

You can retrieve information stored in tables by using the Select statement. The syntax is as follows:

Select Column1, Column2,..., ColumnN From Table

In this statement:

ColumnN: Represents the name of a column in the table from which the information needs to be retrieved. A comma separates the different column names.
Table: Represents the name of the table.
You can also retrieve information from all the columns of a table by using the following statement:

Select * From Table In the preceding statement, * represents all the columns of the table.
If you want to retrieve only specific rows from a table, you need to specify a condition in
the Select statement. You can specify a condition by using the Where clause, as follows:
Select * From Table Where ColumnN="Value"
In this statement, only those rows will be retrieved where the column has a specific value. For example, to retrieve the information from the Products table for a product called "cinnamon," use the following statement:

Select * From Products Where ProductName = "cinnamon"

Inserting, updating, and deleting data in a SQL database

You might need to add a new row to a table in a SQL database. For example, suppose you need to add to the Products table a new row for a new product. To add a row to a table, use the following statement:

Insert Into Table
Values (Column1_Value, Column2_Value, ..., ColumnN_Value)

In this syntax:

Table: Represents the table in which the row needs to be inserted.
Values: Takes the column values for the new row as parameters.
ColumnN_Value: Represents the value to be inserted in the column with name ColumnN.
The values must be supplied in the same order as the columns in the table. Also, if the data type of a column is Char, VarChar, or DateTime, you need to specify values in quotes.

Stored procedures in SQL SERVER

Stored procedures in SQL SERVER

A stored procedure is a set of SQL statements used to perform specific tasks. A stored procedure resides on the SQL server and can be executed by any user who has the appropriate permissions. Because the stored procedures reside on the SQL server, you do not need to transfer SQL statements to the server each time you want to perform a task on the server. This reduces the network traffic. When you want to execute a procedure, you only need to transfer the name of the procedure. However, if the procedure takes any parameters, you also need to transfer the parameters along with the procedure name.

You can create a stored procedure by using the Create Procedure statement as
follows:

Create Procedure ProcName
As
SQL statements
Return

In this statement:

ProcName: Represents the name of the stored procedure.
SQL statements: Represents the set of SQL statements in the stored procedure.
Return: Represents the end of the procedure. Each stored procedure must end with a Return statement. After the stored procedure is created, the SQL server scrutinizes it for any errors. The procedure can be executed by using the Execute or Exec keyword, as follows:

Execute ProcName

You can also pass parameters or arguments to a stored procedure to perform a specific task based on the parameter. For example, consider the following procedure that displays the price of a product whose ID is passed as a parameter:

Create Procedure ProductPrice (@id char (4))
As
Select UnitPrice
From Products Where ProductID=@id
Return

This procedure takes a parameter, @id, at the time of execution. To display the price of the product whose ID is "P001", execute this procedure using the following code:

Execute ProductPrice "P001"

Implementing T-SQL in Web Applications

Many situations require Web applications to retrieve, add, modify, and delete data stored in a database on a server. For example, consider a Web application that enables users to register as customers. When a customer fills out the Registration form and submits it, the customer registration information must be stored in a database on a server so as to maintain the registered customer's records. After the registration, the customer might need to change their customer details, such as telephone number or address. Later, the customer might want to discontinue purchasing from the same store. In such a situation, the Web application must take care of addition, modification, and deletion of data in the respective database on a server.

In this section, you'll create a Web application to retrieve, add, modify, and delete data in a table stored on a SQL server. You can choose to use either Visual Basic or C# to do so. In the following example, you'll create a Visual Basic Web application project.

Accessing data

After designing the forms, you'll add the desired functionality to them. First, you'll add the functionality to the Order form. The form should enable customers to view the complete product list by clicking the View Product List button. Also, the form should enable customers to view the details of a specific product by clicking the View Product Details button.

To implement this functionality, open the code behind file (with .vb extension) of the Order form. At the top of the Order form, import the two namespaces as follows:

Imports System.Data
Imports System.Data.SqlClient


Modifying and deleting data

The DataGrid control enables users to modify and delete records. To allow rows to be edited, the EditItemIndex property of the DataGrid control is used. By default, this property is set to -1, indicating that no rows are editable.

The DataGrid control has a property called Columns that you can use to add buttons to allow user interaction with individual data rows. To add a button column, follow these steps:

1. Open the Property Window of the DataGrid control.
2. Click the ellipsis in the Columns property to open the Properties dialog box.

The DataGrid control can have three types of button columns, described as follows:

The Select button column renders a Select link button used to access a specific row.

The Edit, Update, Cancel button column renders three link buttons: Edit, Update, and Cancel. The Edit button is used to display the row in Edit mode. After the row switches to Edit mode,
the column displays Update and Cancel buttons, which are used to update or cancel the changes made to the row.

The Delete button column renders a Delete button that enables users to delete a specific row.
To add the update functionality, add the Edit, Update, Cancel button column to your DataGrid control. When the Edit button is clicked, the EditCommand method of the DataGrid control is called. The UpdateCommand method is called when the Update button is clicked. And, when the Cancel button is clicked, the CancelCommand method is called. Therefore, you need to write appropriate code in these methods to implement the desired functionality.

In the EditCommand method of the DataGrid control, set the EditItemIndex property as follows:
Public Sub MyDataGrid_EditCommand(ByVal source As Object,
ByVale As System.Web.UI.WebControls.DataGridCommandEventArgs)
Handles MyDataGrid.EditCommand
'Setting the EditItemIndex property of the DataGrid
control to indicate the row to be edited
MyDataGrid.EditItemIndex = e.Item.ItemIndex

ASP.NET Security

ASP.NET Security

The reasons to secure a Web site are well known and thus do not require a detailed discussion. A few of the reasons for securing a Web site include transfer of sensitive data over the Internet, exchange of sensitive data between Web applications, and risks of hack attacks.

Security is a critical issue for both Web application developers and administrators alike. It is undoubtedly one of the most confusing areas, and hence requires careful planning and designing. Web site developers and administrators must have a clear understanding of the various options, such as authentication, for securing their sites.

Security, in the context of an ASP.NET application, involves three fundamental operations. These operations are carried out during the lifetime of each secure ASP.NET Web application and are described as follows:

Authentication:

This is the process of validating the identity of a user, to allow or deny a request. Typically, authentication is a process of accepting the username and password from a user, and validating the username/password combination in a security database. In addition to this typical case, the authentication process can be more sophisticated. After the identity is verified and validated, the user is considered to be legitimate, and the resource request is fulfilled. Future requests from the same user, ideally, are not subject to the authentication process, until the user logs out
of the Web application.

Authorization:

This is the process of ensuring that users with valid identity are allowed to access only those resources for which they have been assigned access rights. In other words, authorization is a check that is performed at every stage of the request-processing cycle on the Web server. This check ensures that access is given only to the allowed resources.

Impersonation: This process enables an application to assume the identity of the caller, and in turn make requests to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. If the identity being impersonated has permissions to a resource, the application that impersonates the identity will also have the access permission to that resource.

Before delving deeper into the security system that is available with ASP.NET, let us review the security system that is made available to the Web sites by the underlying Web server. For the ASP.NET applications, the underlying Web server is Microsoft Internet Information Services (IIS). Therefore, every ASP.NET Web application can continue to leverage the security options provided by the IIS server. Let us now look at the security provided by the IIS server.

IIS security

Securing a Web application involves different aspects. The best place to start securing a Web application is by looking at the security methods provided by the Web server that hosts the Web application. The IIS server has built-in support for authentication and authorization of user requests.

Authentication

The IIS server has built-in support for authenticating clients who request the Web content stored in an IIS Web site. Three different types of authentication can be implemented by using the IIS server:

Anonymous Authentication: Allows all users to browse the Web site without prompting for a username and password. The access to the Web site resources is impersonated by the IIS server by using the IUSR_machinename account.
Basic Authentication: Requires the users to enter a username/password combination for accessing the Web site. The major downside to this method of authentication is that the password is sent over the network in an unencrypted form, making it possible for unauthorized users to snoop the network packets and retrieve the password information easily.
Integrated Windows Authentication: Requires the users to be valid Windows users in addition to fulfilling the basic authentication. In this mode, IIS will verify the username and password with a Windows Domain Controller. The access to the Web site is allowed only if the domain controller validates the username and password.

Digest Authentication: Is similar to the basic authentication.

However, this authentication uses a different way of transmitting the authentication credentials. This authentication sends a hash value over the network rather than the password. The hash value cannot be decrypted and hence the original text cannot be deciphered.

Authorization

The IIS server can be configured to control the resources that can be accessed by users. You can control the access permissions on an IIS Web site by marking the allowed operations on the Web site. The different permission levels include the following:

Read: Allows users to retrieve and read the content stored in the virtual directory. This permission is assigned to most virtual directories.
Write: Allows users to retrieve and modify the content stored in the virtual directory. If a Web site is open to receiving content over the HTTP protocol, the virtual directory used to store the received files must have the write permission. A typical example of this would be a virtual directory that stores the files that are uploaded as attachments to e-mail messages.

Script source access: Allows users to view the source code of any server-side program.
Directory browsing: Allows users to view the contents of the entire virtual directory. This is similar to viewing an FTP folder.

Log visits: Keeps track of the number of users who visit the site, and records information about various details, such as the IP address of the client and the resources that are requested for.
Index: Uses Microsoft Index Server to index the virtual directory. The contents of the directory can be retrieved in a search result using the Index Server.

ASP.NET Security

ASP.NET Security part two

In addition to the IIS permission levels, NTFS permissions can also be used to secure the files and directories on a Web server. The following are the different access permissions that can be assigned to users and groups for the files and directories on the server:

Full Control: Allows users to have complete control on files and/or directories.

Modify: Allows users to modify the contents of files and/or directories. However, users will not be able to delete files and/or directories.

Read & Execute: Allows users to read the contents of the existing files and/or directories and execute any application stored in that folder. However, users will not be able to modify the contents of the files and/or directories.

List Folder Contents: Allows users to view the contents of the folder. However, users will neither be able to read the contents of any file in the folder nor modify any contents.

Write: Allows users to make changes to files and/or directories.

No Access: Does not allow any access to files and/or directories. Authentication in Web applications Various ways exist to authenticate user access to Web applications. In intranet
applications, it is possible to use Integrated Windows Authentication to authenticate user access and implement access control. But, in most of the Internet applications, it is not possible to use Windows authentication as it puts various restrictions. The following are two of these restrictions:

Number of user accounts: Although Windows Active Directory can scale up to a large number of user accounts, managing all the user accounts for Internet applications (that involve millions of user accounts) can be a big management challenge, if not a nightmare. Therefore, most Web administrators and developers prefer an authentication mechanism that is based on databases, such as SQL databases.

Licensing issues: If millions of users were to be authenticated against an Active Directory database, the Web site would need to procure user licenses for all the users. Thus, to say the least, it can prove to be an expensive proposition.

In classic ASP, authentication issues were addressed by security implementations that relied on cookies or client IP. This approach, typically, meant writing a lot of code and proved to be an unnecessary overhead for developers. The approach is very different from implementing security in Windows applications. In Windows, applications are developed in a way that maximizes the leverage on the services provided by the operating system. With ASP.NET, however, the days of writing tedious user validation code are gone. Developers can rely on the underlying Microsoft .NET Framework to provide security. They just need to focus on solving business problems and implementing the functionality in the Web site. Let us now explore the various authentication models that are supported by ASP.NET.

ASP.NET authentication options

The security section of the Web.config file contains the information related to the level and type of authentication services that would be provided for a Web application. The Web.config file is an XML file and is located in the root directory of a Web application.Various configuration options for an ASP.NET Web application can be controlled and configured from this XML file.

The system.web section of the Web.config file is used to control the various aspects of security that are provided to the Web application. An ASP.NET Web application can be provided with one of the following types of security:

Windows: The application is secured by using Integrated Windows Authentication. In this method, access to a Web application is allowed only to those users who are able to verify their Windows credentials.

Credentials can be verified against the Windows authentication database (SAM) or against Active Directory.

Passport: The application is secured by using Microsoft Passport authentication. Passport is a single-sign-on technology developed by Microsoft for use on the Web.

Forms: The application is secured by using a custom authentication model with cookie support.
None: The application is not secured; access to the application does not require authentication.

Forms-based Authentication

ASP.NET includes a built-in feature, called forms-based authentication, which can be used to implement customized logic for authenticating users and authentication handlers without having to worry about session management using cookies. In forms-based authentication, when a user is determined to be unauthenticated, the user is automatically redirected to the login page. Some of the benefits of the forms-based authentication are the following:

Developers can configure forms-based authentication for various parts of the Web site differently, because the Web.config file is a hierarchical XML document.
Administrators and developers can change the authentication scheme quickly and easily in the Web.config file.
Administration is centralized because all the authentication entries are in one place — the Web.config file. You can enable forms-based authentication for a Web application by setting the
Authentication mode property to "Forms" in the Web.config file.

Resume preparation for software jobs

Resume preparation for software jobs

Use plain text when you are sending resumes through email.

√ Attach a covering letter it really impresses and makes you look traditionally formal.

Yes, even if you are sending your CV through email send a covering letter.

Check list

Start with an objective or summary, for instance, “Working as a Senior Database administrator for more than 4 years. Implemented quality web based application.

Follow the industry’s best practices and adhered and implemented processes, which enhanced the quality of technical delivery. Pledge to deliver the best technical solutions to the industry.”

√ Specify your Core strengths at the start of the resume by which the interviewer can make a quick decision are you eligible for the position.

This is also a good position to specify your objective or position which makes it clear to the interviewer that should he call you for an interview. For instance, if you are looking for senior position specify it explicitly ‘looking for this job profile’. Any kind of certification like MCP, MCSD etc you can make it visible in this section.


Once you have specified briefly your goals and what you have done its time to specify what type of technology you have worked with. For instance RDBMS, TOOLS, Languages, Web servers, process (Six sigma, CMMI).

√ After that you can make a run through of your experience company wise that is what company you have worked with, year / month joining and year / month left.

This will give an overview to the interviewer what type of companies you have associated your self.


PROJECT DETAILS:

Project Name / Client name

√ Number of team members.

√ Time span of the project.

√ Tools, language, RDBMS and technology used to complete the project.

√ Brief summary of the project.


SUMMARY:

Finally comes your education and personal details.

√ Trying for onsite, do not forget to mention your passport number.

√ Some guys tend to make there CV large and huge. I think an optimal size should be not more than 4 to 5 pages.

√ Do not mention your salary in CV. You can talk about it during interview with HR or the interviewer.

√ When you are writing your summary for project make it effective by using verbs like managed a team of 5 members, architected the project from start to finish etc. It brings huge weight.

This is essential very essential take 4 to 5 Xerox copies of your resume you will need it now and then.

√ Just in case take at least 2 passport photos with you. You can escape it but many times you will need it.

√ Carry all your current office documents specially your salary slips and joining letter.