Monday, December 27, 2010
Friday, November 12, 2010
17 Useful Htaccess Tricks and Tips
17 Useful Htaccess Tricks and Tips
I have collected 17 htaccess methods in this article which I have used or tested it before, and I think some of them are essential tricks and tips to protect your webserver against malicious attacks and other would able to perform simple tasks efficiently such as redirection and web server optimization.
Read it full here
I have collected 17 htaccess methods in this article which I have used or tested it before, and I think some of them are essential tricks and tips to protect your webserver against malicious attacks and other would able to perform simple tasks efficiently such as redirection and web server optimization.
Read it full here
Thursday, October 21, 2010
SQL Server: How to insert million numbers to table fast?
SQL Server: How to insert million numbers to table fast?
The problem is: how to get one million numbers to table with less time? We can solve this problem using different approaches but not all of them are quick. Let’s go now step by step and see how different approaches perform.
Read the full article here
The problem is: how to get one million numbers to table with less time? We can solve this problem using different approaches but not all of them are quick. Let’s go now step by step and see how different approaches perform.
Read the full article here
Tuesday, October 19, 2010
Common Security Mistakes in Web Applications
Common Security Mistakes in Web Applications
1. Cross-site scripting (XSS)
Cross-site scripting is an attack in which a user is tricked into executing code from an attacker’s site (say evil.com) in the context of our website (let’s call it www.mybiz.com).
2. Cross-site request forgery (CSRF)
CSRF (sometimes abbreviated as XSRF) is an attack where a malicious site tricks our visitors into carrying out an action on our site.
3. Click-jacking
4. SQL injection
In this kind of an attack, the attacker exploits insufficient input validation to gain shell access on your database server
5. Shell injection
Similar to SQL injection, the attacker tries to craft an input string to gain shell access to your web server. Once they have shell access, they could potentially do a lot more. Depending on access privileges, they could add JavaScript to your HTML pages, or gain access to other internal systems on your network
6. Phishing
Phishing is the process where an attacker tricks your users into handing over their login credentials. The attacker may create a page that looks exactly like your login page, and ask the user to log in there by sending them a link via e-mail, IM, Facebook, or something similar.
Click here to read the whole article
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.
http://www.owasp.org/index.php/Main_Page
1. Cross-site scripting (XSS)
Cross-site scripting is an attack in which a user is tricked into executing code from an attacker’s site (say evil.com) in the context of our website (let’s call it www.mybiz.com).
2. Cross-site request forgery (CSRF)
CSRF (sometimes abbreviated as XSRF) is an attack where a malicious site tricks our visitors into carrying out an action on our site.
3. Click-jacking
4. SQL injection
In this kind of an attack, the attacker exploits insufficient input validation to gain shell access on your database server
5. Shell injection
Similar to SQL injection, the attacker tries to craft an input string to gain shell access to your web server. Once they have shell access, they could potentially do a lot more. Depending on access privileges, they could add JavaScript to your HTML pages, or gain access to other internal systems on your network
6. Phishing
Phishing is the process where an attacker tricks your users into handing over their login credentials. The attacker may create a page that looks exactly like your login page, and ask the user to log in there by sending them a link via e-mail, IM, Facebook, or something similar.
Click here to read the whole article
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.
http://www.owasp.org/index.php/Main_Page
Tuesday, October 5, 2010
Importance of Validations in Each Layer
This is defense in depth. Consider UI input validation the otter most wall. In many ways this is a convenience for the users who are using your application as intended. Validations in the business layer are another wall. Validations in the data access layer are another wall. Validations in the database schema are a final wall. Each wall is important, and each wall should not negate the need to do validations on the next.
Logging failed input validations becomes a critical part of intrusion detection. Seeing that someone attempted a SQL injection attack gives you advance warning that someone is probing your system for vulnerabilities. Logging such details and keeping track of these logs may reassure you that your validations are working. It may also give you an indication of where future attacks may originate from. Every piece of information can be helpful.
Read Full Here
Logging failed input validations becomes a critical part of intrusion detection. Seeing that someone attempted a SQL injection attack gives you advance warning that someone is probing your system for vulnerabilities. Logging such details and keeping track of these logs may reassure you that your validations are working. It may also give you an indication of where future attacks may originate from. Every piece of information can be helpful.
Read Full Here
Monday, October 4, 2010
Ten caching mistakes that break your app
Ten caching mistakes that break your app
By Omar Al Zabir 3 Oct 2010
Here are the top 10 mistakes I have seen:
1.Relying on .NET’s default serializer.
2.Storing large objects in a single cache item.
3.Using cache to share objects between threads.
4.Assuming items will be in cache immediately after storing it.
5.Storing entire collection with nested objects.
6.Storing parent-child objects together and also separately.
7.Caching Configuration settings.
8.Caching Live Objects that has open handle to stream, file, registry, or network.
9.Storing same item using multiple keys.
10.Not updating or deleting items in cache after updating or deleting them on persistent storage.
Let’s see what they are and how to avoid them.
Keep Reading
By Omar Al Zabir 3 Oct 2010
Here are the top 10 mistakes I have seen:
1.Relying on .NET’s default serializer.
2.Storing large objects in a single cache item.
3.Using cache to share objects between threads.
4.Assuming items will be in cache immediately after storing it.
5.Storing entire collection with nested objects.
6.Storing parent-child objects together and also separately.
7.Caching Configuration settings.
8.Caching Live Objects that has open handle to stream, file, registry, or network.
9.Storing same item using multiple keys.
10.Not updating or deleting items in cache after updating or deleting them on persistent storage.
Let’s see what they are and how to avoid them.
Keep Reading
Monday, September 27, 2010
Best Practices for ASP.NET MVC
Rate This
ASPNETUE 17 Sep 2010 4:14 PM
[This post is based on a document authored by Ben Grover (a senior developer at Microsoft). It is our intention to integrate this information into the MVC 3 documentation on MSDN. We hope to hear from you and welcome any suggestions you might have.]
This document presents a set of coding guidelines aimed at helping the ASP.NET MVC developer create solid applications. Of course, it's up to you as the developer to decide which of these guidelines are appropriate for your application.
Model Recommendations
The model is where the domain-specific objects are defined. These definitions should include business logic (how objects behave and relate), validation logic (what is a valid value for a given object), data logic (how data objects are persisted) and session logic (tracking user state for the application).
REad here full article
Rate This
ASPNETUE 17 Sep 2010 4:14 PM
[This post is based on a document authored by Ben Grover (a senior developer at Microsoft). It is our intention to integrate this information into the MVC 3 documentation on MSDN. We hope to hear from you and welcome any suggestions you might have.]
This document presents a set of coding guidelines aimed at helping the ASP.NET MVC developer create solid applications. Of course, it's up to you as the developer to decide which of these guidelines are appropriate for your application.
Model Recommendations
The model is where the domain-specific objects are defined. These definitions should include business logic (how objects behave and relate), validation logic (what is a valid value for a given object), data logic (how data objects are persisted) and session logic (tracking user state for the application).
REad here full article
Friday, September 24, 2010
Your Software Can Learn A Lot From ATMs
So, what can our software learn from an ATM? Well, let's break down the process:
Perform task.
Verify task.
If verification failed, quit and retry.
Read the full article here
Perform task.
Verify task.
If verification failed, quit and retry.
Read the full article here
Subscribe to:
Posts (Atom)