Systems Integration
May 09 2010
Basic Javascript to JQuery examples
Most of my experience with scripting has been with straight javascript. For a variety of reasons, I've been looking at some other tools, including jQuery. Below is a list of basic functions that I've used in javascript and the corresponding jQuery syntax to help you get started.
|
Retrieve element |
js: document.getElementById('orderId').value |
May 05 2010
Secure Development - Web Application Sandbox Tools
It's been a while since I've had the chance to put up a blog entry, mainly due to travel during the last few weeks. This post will take a quick break from the Top 10 series and introduce some useful tools you can use to get hands-on experience with web application vulnerabilities in a sandbox environment.
Traditionally, you would first have to spend a decent amount of time setting up a server, installing/configuring the applications (or worse, writing your own), generating fake data, and generally performing lots of sysadmin work that is really not related to IT security. These tools (along with many others), make this process much easier by providing ready-made environments where you can explore secure coding concepts and "get your hands dirty" on other people's programming mistakes (both intentional and unintentional).
Apr 26 2010
Many of my clients have been through several iterations of improvements and refinements to their enterprise portal / corporate intranet environments to include portal personalization and customization, improved content management integration and content authoring, and basic search. In fact these features are now considered to be “Phase One” items on new implementations as well.
What is emerging now is the expansion of these portals / intranets to include a truly integrated enterprise search. Vendors such as Vivisimo (Velocity), Google (Google Search Appliance), and Microsoft (FAST) provide search engines that provide an extended reach beyond portal and content managed information to include data from enterprise systems such as PeopleSoft, SAP, and Cognos, etc. These systems can be searched via vendor specific connector technologies, which is typically accomplished through a customized API and an extension to an organization's services tier. These search vendors also provide information optimization capabilities such as faceted results (categories), user tagging, and relevance rating, etc.
Apr 09 2010
Secure Development - Authentication
In the last two posts, we've talked about access control (authorization) and session management. Today we'll look at the final component that ties these two together into a coherent web application security approach: authentication. After all, it's nearly pointless to have strong access control and session management when there is insufficient authentication taking place to ensure users are who they claim to be.
Authentication is required for all non-public parts of an organization's website. In some cases it may only be used to make a simple yes/no decision: for example, many subscription services really only care that you're on the list of subscribers. In other cases, there may be complex application and/or business logic associated with the access rules and user roles within the application. Authentication is not only important for access control purposes, but also for logging and non-repudiation in the future.
Apr 06 2010
The need arose at my client recently to add a checkbox to an existing JSP. The checkbox had to be defaulted to checked. Actually I had asked whether the checkbox should be defaulted to checked. This was a proud moment for me. It is not often that I have been presented with such an easy request, with good requirements around it. A checkbox is a single line of HTML code:
<input type="checkbox" name="vehicle" value="Bike" />
and to default the box to checked it can look something like this:
<input type="checkbox" name="vehicle" value="true" checked="true"/>