SQL Server: How to insert million numbers to table fast?
The problem is: how to get one million numbers to table with less time? We can solve this problem using different approaches but not all of them are quick. Let’s go now step by step and see how different approaches perform.
Read the full article here
Thursday, October 21, 2010
Tuesday, October 19, 2010
Common Security Mistakes in Web Applications
Common Security Mistakes in Web Applications
1. Cross-site scripting (XSS)
Cross-site scripting is an attack in which a user is tricked into executing code from an attacker’s site (say evil.com) in the context of our website (let’s call it www.mybiz.com).
2. Cross-site request forgery (CSRF)
CSRF (sometimes abbreviated as XSRF) is an attack where a malicious site tricks our visitors into carrying out an action on our site.
3. Click-jacking
4. SQL injection
In this kind of an attack, the attacker exploits insufficient input validation to gain shell access on your database server
5. Shell injection
Similar to SQL injection, the attacker tries to craft an input string to gain shell access to your web server. Once they have shell access, they could potentially do a lot more. Depending on access privileges, they could add JavaScript to your HTML pages, or gain access to other internal systems on your network
6. Phishing
Phishing is the process where an attacker tricks your users into handing over their login credentials. The attacker may create a page that looks exactly like your login page, and ask the user to log in there by sending them a link via e-mail, IM, Facebook, or something similar.
Click here to read the whole article
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.
http://www.owasp.org/index.php/Main_Page
1. Cross-site scripting (XSS)
Cross-site scripting is an attack in which a user is tricked into executing code from an attacker’s site (say evil.com) in the context of our website (let’s call it www.mybiz.com).
2. Cross-site request forgery (CSRF)
CSRF (sometimes abbreviated as XSRF) is an attack where a malicious site tricks our visitors into carrying out an action on our site.
3. Click-jacking
4. SQL injection
In this kind of an attack, the attacker exploits insufficient input validation to gain shell access on your database server
5. Shell injection
Similar to SQL injection, the attacker tries to craft an input string to gain shell access to your web server. Once they have shell access, they could potentially do a lot more. Depending on access privileges, they could add JavaScript to your HTML pages, or gain access to other internal systems on your network
6. Phishing
Phishing is the process where an attacker tricks your users into handing over their login credentials. The attacker may create a page that looks exactly like your login page, and ask the user to log in there by sending them a link via e-mail, IM, Facebook, or something similar.
Click here to read the whole article
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.
http://www.owasp.org/index.php/Main_Page
Tuesday, October 5, 2010
Importance of Validations in Each Layer
This is defense in depth. Consider UI input validation the otter most wall. In many ways this is a convenience for the users who are using your application as intended. Validations in the business layer are another wall. Validations in the data access layer are another wall. Validations in the database schema are a final wall. Each wall is important, and each wall should not negate the need to do validations on the next.
Logging failed input validations becomes a critical part of intrusion detection. Seeing that someone attempted a SQL injection attack gives you advance warning that someone is probing your system for vulnerabilities. Logging such details and keeping track of these logs may reassure you that your validations are working. It may also give you an indication of where future attacks may originate from. Every piece of information can be helpful.
Read Full Here
Logging failed input validations becomes a critical part of intrusion detection. Seeing that someone attempted a SQL injection attack gives you advance warning that someone is probing your system for vulnerabilities. Logging such details and keeping track of these logs may reassure you that your validations are working. It may also give you an indication of where future attacks may originate from. Every piece of information can be helpful.
Read Full Here
Monday, October 4, 2010
Ten caching mistakes that break your app
Ten caching mistakes that break your app
By Omar Al Zabir 3 Oct 2010
Here are the top 10 mistakes I have seen:
1.Relying on .NET’s default serializer.
2.Storing large objects in a single cache item.
3.Using cache to share objects between threads.
4.Assuming items will be in cache immediately after storing it.
5.Storing entire collection with nested objects.
6.Storing parent-child objects together and also separately.
7.Caching Configuration settings.
8.Caching Live Objects that has open handle to stream, file, registry, or network.
9.Storing same item using multiple keys.
10.Not updating or deleting items in cache after updating or deleting them on persistent storage.
Let’s see what they are and how to avoid them.
Keep Reading
By Omar Al Zabir 3 Oct 2010
Here are the top 10 mistakes I have seen:
1.Relying on .NET’s default serializer.
2.Storing large objects in a single cache item.
3.Using cache to share objects between threads.
4.Assuming items will be in cache immediately after storing it.
5.Storing entire collection with nested objects.
6.Storing parent-child objects together and also separately.
7.Caching Configuration settings.
8.Caching Live Objects that has open handle to stream, file, registry, or network.
9.Storing same item using multiple keys.
10.Not updating or deleting items in cache after updating or deleting them on persistent storage.
Let’s see what they are and how to avoid them.
Keep Reading
Subscribe to:
Posts (Atom)