Skip to main content

Home/ Groups/ SoftwareEngineering
Rss Feed
Sort By: Most Recent | Popular Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

FB CMS (DMS) User Stories - Projects - Confluence - 0 views

confluence.vfmltech.com/...FB+CMS+%28DMS%29+User+Stories

shared by kuni katsuya on 25 Feb 13 - No Cached
  • Sequence Diagrams (Upload):
    • kuni katsuya
      kuni katsuya on 25 Feb 13
       
      sequence diagrams for initial, cdms implementation, *not* cube implementation (see only as reference)
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

Logging Cheat Sheet - OWASP - 0 views

www.owasp.org/...Logging_Cheat_Sheet

OWASP logging BestPractices CheatSheet

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Legal and other opt-ins
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      terms & conditions acceptance, license transfers, etc
  • Data changes
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      all changes to domain objects
  • Event attributes
  • ...35 more annotations...
  • Log date and time
  • Event date and time
  • Application identifier
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service type
  • Application address
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service instance
  • User identity
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      ie. subject
  • Type of event
  • Severity of event
  • Description
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. event message text
  • Action
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. action performed on managed resource (eg. 'update' action on resource 'hotel')
  • original intended purpose of the request
  • Object
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. managed resource being accessed
  • affected component
  • Result status
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      boolean was_successful
  • Reason
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      include in event message text
  • Extended details
  • Data to exclude
  • Access tokens
  • Session identification values
  • Sensitive personal data
  • passwords
  • Database connection strings
  • Encryption keys
  • payment
  • Information a user has opted out of collection
  • Synchronize time across all servers and devices
  • Input validation failures
  • Which events to log
  • proportional to the information security risks
  • Always log:
  • Authentication successes and failures
  • Authorization failures
  • Session management failures
  • Application errors and system events
  • Application and related systems start-ups and shut-downs
  • Use of higher-risk functionality
kuni katsuya

Logging JIRA SQL Queries - JIRA Development - 0 views

developer.atlassian.com/...Logging%20JIRA%20SQL%20Queries

jira logging SQL SqlQueries DataModel

shared by kuni katsuya on 21 Feb 13 - No Cached
kuni katsuya

Database Schema - JIRA Development - 0 views

developer.atlassian.com/...Database+Schema

jira database schema

shared by kuni katsuya on 07 Jan 13 - No Cached
  • Database Schema
  • Generating JIRA database schema information
  • Download the attached plugin: jira-schema-diagram-generator-plugin-1.0.jarInstall the plugin in your JIRA instance by following the instructions on Managing JIRA's Plugins.Go to the JIRA administration console and navigate to System > Troubleshooting and Support > Generate Schema Diagram Keyboard shortcut: g + g + start typing generateEnter the tables/columns to omit from the generated schema information, if desired.If you want to generate a pdf, enter the path to the Graphviz executable.Click Generate Schema.The 'Database Schema' page will be displayed with links to the schema file in txt, dot and pdf format.
kuni katsuya

Fiddler Web Debugger - Configuring clients - 1 views

www.fiddler2.com/...hookup.asp

https debug SSL ManInTheMiddle Fiddler proxy

shared by kuni katsuya on 20 Feb 13 - Cached
kuni katsuya

Fiddler Web Debugger - Configuring clients - 0 views

www.fiddler2.com/...hookup.asp

https debug SSL ManInTheMiddle Fiddler proxy

shared by kuni katsuya on 20 Feb 13 - No Cached
  • Debug traffic from another machine (even a device or Unix box)
  • Allow remote clients to connect
  • kuni katsuya on 20 Feb 13
     
    "HTTP application to use Fiddler? You can either directly configure the WinHTTP application to point to Fiddler, in code, or you can use the following command at the command prompt to tell WinHTTP to use Fiddler: On XP or below: proxycfg -p http=127.0.0.1:8888;https=127.0.0.1:8888 ...or this one to force WinHTTP to use WinINET's proxy settings: proxycfg -u On Vista or above, use an Elevated (admin) command prompt: netsh winhttp set proxy 127.0.0.1:8888 Note: On Windows 7 and earlier, netsh is bitness specific, so you may want to run the above command twice: first using the 32bit NETSH and then using the 64bit NETSH. This blog has more information. This issue was fixed in Windows 8; you can call either NetSh just once to set the proxy for both 32bit and 64bit WinHTTP hosts. Capture traffic from a different account, like ASP.NET on IIS or from a Windows Service? Trying to capture SOAP calls coming from ASP.NET or some background service process?  By default, Fiddler registers as the proxy only for the current user account (ASP.NET runs in a different user account). To get a background process (like the ASP.NET or IIS process) to use Fiddler, you must configure that process to use Fiddler. Typically, this is done by editing web.config or machine.config for the ASP.NET installation, or the configuration for the code running within the Windows Service. Please see http://msdn.microsoft.com/en-us/magazine/cc300743.aspx#S4 or the section on .NET or WinHTTP, depending on which network stack the service is using. Configure Windows Phone 7 to use Fiddler? Please see http://blogs.msdn.com/b/fiddler/archive/2011/01/09/debugging-windows-phone-7-device-traffic-with-fiddler.aspx for actual device hardware, or http://blogs.msdn.com/b/fiddler/archive/2010/10/15/fiddler-and-the-windows-phone-emulator.aspx for the emulator. Configure Google Nexus 7 (Andoid 4.1 Jellybean) to use Fiddler? Please see this page. Configure Android Emulator to use Fiddler? Please see http://au
kuni katsuya

Fiddler Web Debugger - Decrypting HTTPS traffic with Fiddler2 - 0 views

www.fiddler2.com/...httpsdecryption.asp

https debug SSL ManInTheMiddle Fiddler proxy

shared by kuni katsuya on 20 Feb 13 - No Cached
  • Decrypting HTTPS-protected traffic
  • decryption feature is disabled by default
  • Tools > Fiddler Options > HTTPS and ticking the Decrypt HTTPS Traffic box
  • ...3 more annotations...
  • Enable the traffic decryption
  • Q: Can Fiddler decrypt HTTPS traffic from a different machine?
  • A: Yes, if you've configured Fiddler to proxy traffic from a second computer or device, you can decrypt that traffic, with two caveats:
kuni katsuya

Oracle Learning Library - Creating and Using Contexts and Dependency Injection (CDI) Ev... - 0 views

apex.oracle.com/...f

javaee6 CDI CdiEvents tutorial

shared by kuni katsuya on 20 Feb 13 - No Cached
  • Creating and Using Contexts and Dependency Injection (CDI) Events
kuni katsuya

Batch Applications in Java EE 7 - Undertanding JSR 352 Concepts: TOTD #192 (Arun Gupta,... - 0 views

blogs.oracle.com/...batch_applications_in_java_ee

JSR-352 JavaBatch

shared by kuni katsuya on 20 Feb 13 - No Cached
  • kuni katsuya on 20 Feb 13
     
    "Batch Applications in Java EE 7 - Undertanding JSR 352 Concepts: TOTD #192"
kuni katsuya

Comma-separated values - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Comma-separated_values

CSV CommaSeparatedValue

shared by kuni katsuya on 20 Feb 13 - Cached
  • Comma-separated values
  • line breaks
  • records
  • ...7 more annotations...
  • Basic rules and examples
  • fields
  • separated by some other character
  • Application support
  • but depending on the system's regional settings, it may expect a semicolon as a separator instead of a comma, since in some languages the comma is used as the decimal separator
  • Microsoft Excel will open .csv files,
  • Also, many regional versions of Excel will not be able to deal with Unicode in CSV
kuni katsuya

CSV Comma Separated Value File Format - How To - Creativyst - Explored,Designed,Deliver... - 0 views

www.creativyst.com/...CSV01.htm

CSV CommaSeparatedValue

shared by kuni katsuya on 20 Feb 13 - Cached
  • The Comma Separated Value (CSV) File Format
  • The CSV File Format
  • CSV & Unicode
  • ...8 more annotations...
  • CSV in New Designs
  • Excel vs. Leading Zero & Space
  • Considerations When Exporting CSV
  • The biggest differences are in how these three characters are handled. Embedded double quotes in fields. An escape character is sometimes used to introduce a double quote, or in place of it. Embedded line-feeds in fields. This one is also escaped sometimes. Often like in C ("\n") Embedded commas in fields. Again, an escape character is sometimes used in place of the comma
  • Excel vs. Leading Zero & Space
  • A particular aspect of how Excel uses CSV has become a considerable source of confusion and uncertanty.
  • always remove leading spaces
  • always remove leading zeros from fields before displaying them
« First ‹ Previous 141 - 160 of 1272 Next › Last »
Showing 20 items per page