Microsoft Enterprise Library: Data Access Application Block

| 0 comments

For those of you who have been using the Enterprise Library from Microsoft then I tip my hat to you. I admit that I have not used this library for a number of years and in most cases the reason is because I have honestly not been in a position to do so. It is a long story so don’t ask. There are a number of reason why you should seriously consider the use of the Enterprise Library and I cannot think of any better reason than those provided directly from Microsoft. The goals of Enterprise Library are the following: Consistency. All Enterprise Library application blocks feature consistent design patterns and implementation approaches. Extensibility. All application blocks include defined extensibility points that allow developers to customize the behavior of the application blocks by adding their own code. Ease of use. Enterprise Library offers numerous usability improvements, including a graphical configuration tool, a simpler installation procedure, and clearer and more complete documentation and samples. Integration. Enterprise Library application blocks are designed to work well together or individually. Now that the groundwork has been laid let us get started. Introduction to the Data Access Library The Data Access Application Block includes a …

Continue reading

Secure Web Browsing Using Lightweight Portable Security

| 0 comments

Stop for a moment and ask yourself just how safe to do feel when logging into your favorite social network site and at some point in time logging into online banking for example. I am not advocating that social networks fall short in the area of security but the reality is the internet is a dangerous place. Today’s threats are increasing with each passing day and I would go so far to say that many individuals do not understand nor take the time to properly address security. In fact the Software Engineering Institute at Carnegie Mellon states: Many users have a tendency to click on links without considering the risks of their actions. Web page addresses can be disguised or take you to an unexpected site. Many web browsers are configured to provide increased functionality at the cost of decreased security. New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer. Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked. Third-party software may not have a mechanism for receiving security updates. Many web sites require that users enable certain features or …

Continue reading

Learning BackTrack 5: The Art Of Penetration Testing

| 0 comments

BackTrack is an absolutely amazing Linux based penetration testing environment that is entirely dedicated to hacking. I must say that you should use common sense when you begin digging into the security tools provided because the last thing you want to do is break the law and find yourself in trouble. Now to say that there are many security tools available in BackTrack would be an understatement. In fact there is so many available that I would never start to list theme here. If you wish to see for yourself, simply execute the following within your terminal instance: dpkg –list To be honest I have just recently begun experimenting with BackTrack and I have a great deal of learning ahead of me. For that reason I felt compelled to share the following video tutorials, books, and how-to guides that I could locate. Should you have any tips or resources please leave a comment. Video Tutorials Guides BackTrack User Guide from Braton Groupe sarl.

Free and Commercial Wireframe and Mockup Applications

| 0 comments

If you work in a small team, you may find it useful to involve the whole team in this process. If you’re designing the app for a client, their inclusion may help to communicate and improve design decisions. A wireframe is a visual illustration of one Web page. It is meant to show all of the items that are included on a particular page, without defining the look and feel (or graphic design). It’s simply meant to illustrate the features, content and links that need to appear on a page so that your design team can mock up a visual interface and your programmers understand the page features and how they are supposed to work. Pencil Project for Firefox The popular and fairly powerful Pencil Project is a free and opensource Firefox addon tool for making diagrams and GUI prototyping with a multitude of features. With its built-in stencils for diagramming and prototyping, the option for multi-page documents with background pages, its on-screen text editing with rich-text support and with its new cababiltity of exporting to HTML, PNG or Openoffice formats, makes this addon essential for any developer or designer. [snap url=”http://pencil.evolus.vn/en-US/Home.aspx” alt=”Pencil Project” w=”600″ h=”300″] Mockingbird Mockingbird is an …

Continue reading

Secure Development Series: Input Validation

| 0 comments

Many websites today collect data from the user community which includes but not limited to an email address, address, or even a phone number. The single golden rule everyone must follow is never trust the data input. In order to mitigate the risk to ensure that the data received and processed by your application is acceptable you must first define what data your application should accept, what its syntax should be and the minimum and maximum lengths. This information will allow you to define a set of “acceptable” values for every entry data point that is captured. Foundation of Security Authentication: Addresses the question: who are you? It is the process of uniquely identifying the clients of your applications and services. Authorization: Addresses the question: what can you do? It is the process that governs the resources and operations that the authenticated client is permitted to access. Auditing:Effective auditing and logging is the key to non-repudiation. Non-repudiation guarantees that a user cannot deny performing an operation or initiating a transaction. Confidentiality: Referred to as privacy, is the process of making sure that data remains private and confidential, and that it cannot be viewed by unauthorized users or eavesdroppers who monitor the flow of traffic across a network. …

Continue reading