Sample – Shared Application Development and Testing Environment Project

The availability of a shared application development and testing environment will provide agencies parallel production-like environments without having to maintain and purchase equipment for the department sites. Multiple standard environments can quickly be provisioned into a server partition in less than 15 minutes (based on predefined server builds and the proper tools) and can be tested… Continue reading Sample – Shared Application Development and Testing Environment Project

Application Threats and Vulnerabilities

  Application Threats and Vulnerabilities    Oracle MS SQL Server Sybase Lotus Domino Denial of Service SNMP DoS   Malformed RPC Absolute value of numeric DoS Unicode DoS Redirection DoS   Request DoS   Select All DoS  IIOP DoS ID/Password Control Issues Default passwords Default passwords Default passwords Default passwords Brute force easily guessed passwords Brute force easily… Continue reading Application Threats and Vulnerabilities

Oracle Database Configuration & Performance Tips

Introduction This guide is aimed at those who wish to configure Oracle 10 – 11 databases to ensure that it can perform under large loads that may be placed upon it. SAP utilizes Oracle database technology to store SAP activity data, in form of transaction. It requires a transactional type Oracle database configuration. Loaders interact… Continue reading Oracle Database Configuration & Performance Tips

Quick overview of HTTP Request messages

OPTIONS         Request information about available options GET                Retrieve document identified in URL HEAD              Retrieve meta information about document identified in URL POST              Give information (e.g., annotation) to server PUT                Store document under specified URL DELETE           Delete specified URL TRACE            Loopback request message CONNECT        For use by proxies HTTP response codes 1xx                Informational   Request received, continuing process 2xx                Success           Action successfully… Continue reading Quick overview of HTTP Request messages

Use Case to Relational Mapping Sample

  The following table describes shortly the single relations between the information entities (it’s worth to note that in principle each relationship is a many-to-many relationship): Source Destination Relationship Description Features Vision & Scope Rational A feature is traced back to a goal stated in Vision & Scope, i.e. a justification is that it is… Continue reading Use Case to Relational Mapping Sample

Useful SQL Commands

SQL Commands Begin Statements that make up the block. Built In functions Most SQL data functions are supported within PL/SQL blocks. Code storage Blocks may be stored within an Oracle database as procedures, functions, packages (a group of blocks) and triggers. Composite Datatypes Records allow groups of fields to be defined and manipulated in PL/SQL… Continue reading Useful SQL Commands

SQL Design Considerations

In order to assist us in designing your database, please have your applications and dba review and answer the following questions. SQL: • Has SQL been explained/optimized? • Have ‘bind variables’ been used? ie select * from my.table where name = :b1; Bind variables are not actually substituted until the statement has been successfully parsed.… Continue reading SQL Design Considerations

SQL Security Overview

SQL, maintains it own internal security umbrella including password encryption, password aging, minimum length restrictions on passwords and user account management resources. Integrated security relies on trusted connections, which are only available with both named pipes protocol and MS new RPC based multi-protocol net library. Because SQL Server supports many different network options simultaneously, clients… Continue reading SQL Security Overview

Directx, Java and Activex runtime errors and diagnostics

52 Runtime Error This is a “bad file name or number” error in JavaScript. It means that the script cannot find a file it is looking for (web-page, course component) and is most likely a connectivity problem. Try to clear your temporary internet files which should resolve any further problems… If this does not then… Continue reading Directx, Java and Activex runtime errors and diagnostics

Application Security Related Activities

Security Objectives. Define security objectives and requirements early in the process. Security objectives are goals and constraints that affect the confidentiality, integrity, and availability of your data and application. Design Guidelines for Security. To avoid many of the vulnerabilities introduced by poor design choices, your design activity should use proven design practices, patterns, and principles.… Continue reading Application Security Related Activities

Application Testing

Testing plays a critical role in the development of the web site and its long-term maintenance. While smaller web sites—especially those with more limited budgets—may not need to follow the formal testing procedures that are required for large-scale, commercial web sites, every site needs to be thoroughly tested to ensure that it’s error-free, user-friendly, accessible,… Continue reading Application Testing

OS Jobs Scripts Can Do

Windows Script Host provides objects for manipulation of your scripts. Here are some of the tasks that these objects and services can do for you: Map network drives Connect to printers Modify environment variables e.g. Temp Run basic functions such as CreateObject and GetObject Print a message to a Message Box on screen Modify keys… Continue reading OS Jobs Scripts Can Do

MySQL Installation Notes on Windows 200x and IIS 6 / 7

This document describes the steps necessary to do a basic mySQL database engine installation on a computer running Windows 2000x Server and IIS 6. What you’ll need Windows 200x Server running Internet Information Server (IIS) 6.0 A copy of the mySQL binary distribution for Windows NT / 200X The Steps: Download the mySQL binary for… Continue reading MySQL Installation Notes on Windows 200x and IIS 6 / 7

Basic SQL Parameters

Memory, max size in 2 kb units available to SQL User connections, max number of worker threads that are available for SQL server process, default is 255. Max Worker Threads, the number of worker threads that are available for SQL server processes. Default is 255. SMP concurrency, controls the number of threads SQL server will… Continue reading Basic SQL Parameters

Setting your MySQL Administrator password and creating Guest Passwords

Once MySQL installed & operational, you should immediately set the password for your administrator account (called “root”) and set up at least one guest account, which has limited privileges. Iin the case of the example specified below, the user named “guest” only has SELECT privileges for the database database_name and all tables (specified by the… Continue reading Setting your MySQL Administrator password and creating Guest Passwords

Service-Oriented Architecture (SOA)

Service-Oriented Architecture (SOA) is an architectural style that supports service orientation. Service orientation is a way of thinking in terms of services and service-based development and the outcomes of services. A service: Is a logical representation of a repeatable business activity that has a specified outcome (e.g., check customer credit; provide weather data, consolidate drilling… Continue reading Service-Oriented Architecture (SOA)

Application Security Testing Concerns / Advice

Cross Site Scripting Cross-site scripting allows hackers to: 1)      Execute malicious script in a client’s Web browser 2)      Embed <script>, <object>, <applet>, and <embed> tags 3)      Steal web session information 4)      Modify user’s screen a.       Any Dynamic HTML code based on content that users submit is vulnerable SQL Injection 1)      Users control the criteria of… Continue reading Application Security Testing Concerns / Advice

Core XML Standards

Introduction to XML The eXtensible Markup Language (XML) is a specification introduced by the World Wide Web Consortium (W3C) for identifying and organizing elements of information in electronic documents. XML is the result of scaling down the Standard Generalised Markup Language or SGML for short an earlier standard for document representation, developed and standardised by… Continue reading Core XML Standards

Rational Unified Process (RUP)

Rational Unified Process (RUP) RUP is a development concept developed by Rational to support development teams with a set of guidelines to successfully implement system applications. Its core principles can be summarised in the following six issues: Iterative development to lessen the risks already in the early phases of the project Effective management of requirements… Continue reading Rational Unified Process (RUP)