Application Threats and Vulnerabilities Oracle MS SQL Server Sybase Lotus Domino Denial of Service SNMP DoS Malformed RPC Absolute value of numeric DoS Unicode DoS Redirection DoS Request DoS Select All DoS IIOP DoS ID/Password Control Issues Default passwords Default passwords Default passwords Default passwords Brute force easily guessed passwords Brute force easily… Continue reading Application Threats and Vulnerabilities
Tag: ITIL Application Services – SDLC – Web Services
Oracle Database Configuration & Performance Tips
Introduction This guide is aimed at those who wish to configure Oracle 10 – 11 databases to ensure that it can perform under large loads that may be placed upon it. SAP utilizes Oracle database technology to store SAP activity data, in form of transaction. It requires a transactional type Oracle database configuration. Loaders interact… Continue reading Oracle Database Configuration & Performance Tips
Quick overview of HTTP Request messages
OPTIONS Request information about available options GET Retrieve document identified in URL HEAD Retrieve meta information about document identified in URL POST Give information (e.g., annotation) to server PUT Store document under specified URL DELETE Delete specified URL TRACE Loopback request message CONNECT For use by proxies HTTP response codes 1xx Informational Request received, continuing process 2xx Success Action successfully… Continue reading Quick overview of HTTP Request messages
Use Case to Relational Mapping Sample
The following table describes shortly the single relations between the information entities (it’s worth to note that in principle each relationship is a many-to-many relationship): Source Destination Relationship Description Features Vision & Scope Rational A feature is traced back to a goal stated in Vision & Scope, i.e. a justification is that it is… Continue reading Use Case to Relational Mapping Sample
Useful SQL Commands
SQL Commands Begin Statements that make up the block. Built In functions Most SQL data functions are supported within PL/SQL blocks. Code storage Blocks may be stored within an Oracle database as procedures, functions, packages (a group of blocks) and triggers. Composite Datatypes Records allow groups of fields to be defined and manipulated in PL/SQL… Continue reading Useful SQL Commands
SQL Design Considerations
In order to assist us in designing your database, please have your applications and dba review and answer the following questions. SQL: • Has SQL been explained/optimized? • Have ‘bind variables’ been used? ie select * from my.table where name = :b1; Bind variables are not actually substituted until the statement has been successfully parsed.… Continue reading SQL Design Considerations
SQL Security Overview
SQL, maintains it own internal security umbrella including password encryption, password aging, minimum length restrictions on passwords and user account management resources. Integrated security relies on trusted connections, which are only available with both named pipes protocol and MS new RPC based multi-protocol net library. Because SQL Server supports many different network options simultaneously, clients… Continue reading SQL Security Overview
Directx, Java and Activex runtime errors and diagnostics
52 Runtime Error This is a “bad file name or number” error in JavaScript. It means that the script cannot find a file it is looking for (web-page, course component) and is most likely a connectivity problem. Try to clear your temporary internet files which should resolve any further problems… If this does not then… Continue reading Directx, Java and Activex runtime errors and diagnostics
Application Security Related Activities
Security Objectives. Define security objectives and requirements early in the process. Security objectives are goals and constraints that affect the confidentiality, integrity, and availability of your data and application. Design Guidelines for Security. To avoid many of the vulnerabilities introduced by poor design choices, your design activity should use proven design practices, patterns, and principles.… Continue reading Application Security Related Activities
Application Testing
Testing plays a critical role in the development of the web site and its long-term maintenance. While smaller web sites—especially those with more limited budgets—may not need to follow the formal testing procedures that are required for large-scale, commercial web sites, every site needs to be thoroughly tested to ensure that it’s error-free, user-friendly, accessible,… Continue reading Application Testing
OS Jobs Scripts Can Do
Windows Script Host provides objects for manipulation of your scripts. Here are some of the tasks that these objects and services can do for you: Map network drives Connect to printers Modify environment variables e.g. Temp Run basic functions such as CreateObject and GetObject Print a message to a Message Box on screen Modify keys… Continue reading OS Jobs Scripts Can Do
MySQL Installation Notes on Windows 200x and IIS 6 / 7
This document describes the steps necessary to do a basic mySQL database engine installation on a computer running Windows 2000x Server and IIS 6. What you’ll need Windows 200x Server running Internet Information Server (IIS) 6.0 A copy of the mySQL binary distribution for Windows NT / 200X The Steps: Download the mySQL binary for… Continue reading MySQL Installation Notes on Windows 200x and IIS 6 / 7
Basic SQL Parameters
Memory, max size in 2 kb units available to SQL User connections, max number of worker threads that are available for SQL server process, default is 255. Max Worker Threads, the number of worker threads that are available for SQL server processes. Default is 255. SMP concurrency, controls the number of threads SQL server will… Continue reading Basic SQL Parameters
Setting your MySQL Administrator password and creating Guest Passwords
Once MySQL installed & operational, you should immediately set the password for your administrator account (called “root”) and set up at least one guest account, which has limited privileges. Iin the case of the example specified below, the user named “guest” only has SELECT privileges for the database database_name and all tables (specified by the… Continue reading Setting your MySQL Administrator password and creating Guest Passwords
Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA) is an architectural style that supports service orientation. Service orientation is a way of thinking in terms of services and service-based development and the outcomes of services. A service: Is a logical representation of a repeatable business activity that has a specified outcome (e.g., check customer credit; provide weather data, consolidate drilling… Continue reading Service-Oriented Architecture (SOA)
Application Security Testing Concerns / Advice
Cross Site Scripting Cross-site scripting allows hackers to: 1) Execute malicious script in a client’s Web browser 2) Embed <script>, <object>, <applet>, and <embed> tags 3) Steal web session information 4) Modify user’s screen a. Any Dynamic HTML code based on content that users submit is vulnerable SQL Injection 1) Users control the criteria of… Continue reading Application Security Testing Concerns / Advice
Core XML Standards
Introduction to XML The eXtensible Markup Language (XML) is a specification introduced by the World Wide Web Consortium (W3C) for identifying and organizing elements of information in electronic documents. XML is the result of scaling down the Standard Generalised Markup Language or SGML for short an earlier standard for document representation, developed and standardised by… Continue reading Core XML Standards
Rational Unified Process (RUP)
Rational Unified Process (RUP) RUP is a development concept developed by Rational to support development teams with a set of guidelines to successfully implement system applications. Its core principles can be summarised in the following six issues: Iterative development to lessen the risks already in the early phases of the project Effective management of requirements… Continue reading Rational Unified Process (RUP)