Tech Notes

SQL server has plethora of configuration options and mainly can be divided into three levels – Server, Database and Connections. Many options overlap each other and hence will be separated by topics.  This article  doesn't  cover all options but only the most important one in terms of performance. Startup Parameters Flag -T834 »         Enable SQL Server to use larger pages Flag –x »         Disable SQL Server Performance counters and avoid potential overhead Startup Stored Procedures Scan for startup procs »         Mark for automatic execution of stored procedures at SQL Server startup »         Try enabling it when having an expensive query that takes a long time to run at first execution Memory Configurations Dynamic Memory Minimum »         The goal is to have enough memory available so that windows don’t need to swap pages from physical memory to virtual memory support file (pagefile.sys) »         I

Garbage Collection is the integral part of .NET Framework.  The .Net garbage collector automatically allocates and releases the memory for your application.  The garbage collector engine performs a collection based upon the allocation being made reclaim the memory of objects that are no longer being used by application.  It is recommended to use default configuration value always but there might be cases when you might need to change it.  Following are two configuration parameters that can be tweaked for performance gains Configuration Open Source / Free Tools < gcServer > »         Specifies if the CLR runs server garbage collection »         Server GC is optimized for throughput and multi-processor scalability »         In the .NET framework 4 and earlier versions, concurrent garbage collection is not available when server garbage collection is enabled.  Starting with the .NET Framework 4.5, server garbage collection is concurrent and

Configuration Management Security Testing Often analysis of the network infrastructure and web application architecture can reveal good amount of information such as source code, HTTP methods permitted, administrative functionality, authentication methods, infrastructural configurations etc.  In present scenarios, complexity of interconnected and heterogeneous web server infrastructure, which can count hundreds of servers, makes configuration management review and validation a fundamental step in testing.  The application penetration test should include the checking of how infrastructure was deployed and secured.  While the application may be secure, a small aspect of the configuration could still be at a default install stage and vulnerable to exploitation.  Testing for Configuration Management usually includes – »         Usage of strong cipher algorithm and its proper implementation »         Security of DB listener port and component »         web servers, database serve