Expert PHP and MySQL. Application Desscpi and Development. Apress" Marc Rochkind

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Expert PHP and MySQL. Application Desscpi and Development. Apress" Marc Rochkind"

Transcription

1 Expert PHP and MySQL Application Desscpi and Development Marc Rochkind Apress"

2 Contents About the Author About the Technical Reviewer Acknowledgments Introduction xvii xix xxi xxiii -Chapter 1: Project Organization 1 People Determine Success 1 Who Are the People? 1 How to Satisfy? 2 Projects Have Three Dimensions 3 Requirements 4 The Development Team 4 Hiring the Best 5 The Schedule 6 Scheduling the Unknowable 7 A Scheduling Example 8 Why Projects Fail 9 Poor Requirements 10 Weak Team 10 Failure to Prototype High-Risk Features 10 Bad Design 10 Poor Development Processes 11 Changed Priorities 11 Sabotage 11 vii

3 Managing the Project 11 Dividing the Work 14 Exploiting Database Centricity 14 Assigning Components to People 15 The Workplace 15 Issue Tracking 16 Legal Matters 17 Have a Written Contract 17 Know Who Owns What 18 Watch Out for License Entanglements 18 Involving a Lawyer 19 Getting Paid 19 Invoicing 19 Collecting 20 Chapter Summary 21 ^Chapter 2: Requirements 23 Outline of the Requirements Document 23 Rough First Draft: Scope Without Detail 25 A Closer Look at the Requirements Sections 27 When the Requirements Change 32 Logging Requirements Changes 32 Modifying the Requirements Document 32 Use Cases 38 Requirements War Stories 39 The Runaway Developer 39 The Arzano Ranch 40 Agile Requirements 40 Chapter Summary 43 viii

4 ii Chapter 3: Platforms and Tools 45 Client-Server Architecture 45 Server Platform 47 The LAMP Stack 47 Server Operating System 48 Web Server 48 Database System 49 Server Programming Language 50 Client Platform 51 Client Operating System 51 Browsers 51 Client Programming Languages 53 Development Platform and Tools 54 Development Operating System 54 Installing a Web Server, MySQL, and PHP 54 Editors and IDEs 56 Transferring Files 57 Debugging Tools 58 Testing Tools 58 Version Control 58 Issue Tracker 59 Hosting Alternatives 59 Commercial Shared-Hosting Services 60 Hosting Scalability 60 Users, Groups, and Permissions 61 Cloud Servers 63 Installing New Versions 72 Doing It Wrong 72 Doing It Right 75 Chapter Summary 80 ix

5 Chapter 4: The Database 83 Relational Databases 84 SQL 84 Some History 84 SQL Statements 85 What a Select Statement Does 85 Joining Tables 87 Expressions and Stored Procedures 92 Further Reading About SQL 92 Entity-Relationship Modeling 92 ER Diagrams 92 ER Design Tools and MySQL Workbench 94 The ER Design Process 101 Identifying the Entities 102 Identifying Relationships and Their Semantic Information 103 Defining the Attributes 106 Deciding on Primary Keys 106 Foreign Keys 109 Subtypes 112 Physical Design 112 From ER Diagram to Physical Design 113 NULLS 114 Normalization 117 First Normal Form (1NF) 117 Second and Third Normal Forms (2NF and 3NF) 119 Fourth Normal Form (4NF) 120 Constraints 121 MySQL Constraints 121 Constraints with MySQL Triggers 122 Transactions 130

6 Database Security 132 Backup and Recovery 132 Network Security 133 Access Control 133 Performance Optimization 134 Do You Have a Good Database? 135 Developing an Object-Relational Mapping Layer 135 Chapter Summary 137 Chapter 5: Application Structure 139 Accessing MySQL from PHP 139 Connecting with PDO 140 Database Credentials 143 Executing SQL Statements with PDO 144 Handling Database Inserts and Updates 147 PHP-Browser Interaction 150 How HTTP Works 150 PHP and Forms 153 Integrating Forms and Databases 157 Choosing Between GET and POST 160 PHP Sessions 160 A Page Framework 163 Page Structure 163 Page Framework Usage 165 Page Framework Files 171 Page Framework Implementation 172 Session Transitions and Login Pages 176 Dealing with Relationships 179 Forms with Foreign Keys 179 Handling Many-to-Many Relationships 185 Chapter Summary 189 xi

7 # Chapter 6: Security, Forms, and Error Handling 191 PHP Security Overview 191 The Computer Has to Be Secured 191 Password Strength 192 Hashing Passwords 193 Storing Hashed Passwords 194 Two-Factor Authentication 194 SQL Injection 195 Cross-Site Scripting 195 Cross-Site Request Forgery 197 Clickjacking 198 Reversed CSS Attacks 202 Submitting Requests with POST 202 Security Summary 204 Forms 205 Basic Form Class 205 Text Fields, Labels, and Buttons 206 Foreign Keys 207 Check Boxes 209 Radio Buttons and Menus 209 Dates 210 Password-Strength Feedback 212 The User Table and Password Management 213 The User Table 214 User Table Constraints 214 The Security Class 215 Getting Hashes from the Database 220 Checking the Password and Verification Token 221 xii

8 Logging In and Handling Forgotten Passwords 222 Logging In with the Login Form (Phase 1) 224 HTTP Authentication 226 Verifying the Login (Phase 2) 227 Sending an Authentication Code 229 Checking the Verification Code and Completing 2FA Phase Temporary Passwords 231 Changing a Password 234 Using a YubiKey for 2FA Phase Setting the YubiKey Identifier 237 Verifying a YubiKey OTP 238 Comparing SMS/Voice and YubiKey 239 Error Handling 239 Error Message Usability 239 Catching Errors 240 Logging Errors 241 Hiding Errors 242 Translating Errors 242 Chapter Summary 247 Chapter 7: Reports and Other Outputs 249 Queries as Reports 249 Role-Based Access Control 254 RBAC in MySQL 255 RBAC Database Tables 255 Implementing RBAC with the Access Class 259 Hierarchy of Access 261 The Report Class: HTML and CSV Output 262 Report::html Method 262 About Character Sets 263 Report::csv Method 264 xiii

9 Generating PDFs from PHP 265 About PDFs and PDF Libraries 265 A Simple FPDF Example 266 FPDF Drawing Methods 267 FPDF::MultiCell Method 271 Writing Tables with FPDF 272 FPDF Headers and Footers 274 More FPDF 274 The Report Class: PDF Output 275 Using the Report Class to Build Reports 279 A Generalized Reports Page 280 Chapter Summary 282 : Chapter 8: Data Conversion 283 Conversion in the Development Process 283 Convert Early 283 Convert Often 284 Conversion Sources 284 Enumerating Conversion Sources 284 Static vs. Dynamic Sources 285 Connecting Directly to the Source Database 285 Export Formats 285 Generating Conversion Programs Automatically 286 Dates. Times, and Character Conversion 289 Wacky Date Formats 289 Handling Times 291 Character Conversions 291 After Conversion 292 Testing the Converted Data 292 Fixing Bad Data 292 Keeping Unconverted Data 293 xiv

10 Variant Names 294 Consolidate After Conversion 294 Discovering Name Variants 295 Organizing the Database Search 295 Replacing Foreign Keys 301 Finding the Foreign Keys 303 Marking Replaced Rows 305 Chapter Summary 305 Index 307 XV

Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Expert Oracle Application. Express Security. Scott Spendolini. Apress Expert Oracle Application Express Security Scott Spendolini Apress" Contents Foreword About the Author About the Technical Reviewer Acknowledgments Introduction xv xvii xix xxi xxiii BChapter 1: Threat

More information

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals 1 Properties of a Database 1 The Database Management System (DBMS) 2 Layers of Data Abstraction 3 Physical Data Independence 5 Logical

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Agile Database Techniques: Effective Strategies for the Agile Software Developer HDT822 Four Days

Agile Database Techniques: Effective Strategies for the Agile Software Developer HDT822 Four Days Four Days Prerequisites Students should have experience designing databases and data warehouses. Knowledge of Agile design techniques is helpful. Who Should Attend This course is targeted at database designers,

More information

Design and Implementation

Design and Implementation Pro SQL Server 2012 Relational Database Design and Implementation Louis Davidson with Jessica M. Moss Apress- Contents Foreword About the Author About the Technical Reviewer Acknowledgments Introduction

More information

TABLE OF CONTENTS ABSTRACT ACKNOWLEDGEMENT LIST OF FIGURES LIST OF TABLES

TABLE OF CONTENTS ABSTRACT ACKNOWLEDGEMENT LIST OF FIGURES LIST OF TABLES TABLE OF CONTENTS ABSTRACT ACKNOWLEDGEMENT LIST OF FIGURES LIST OF TABLES ii iii x xiv CHAPTER 1: INTRODUCTION 1 1.0 Background 1 1.1 Research Motivation 4 1.2 Research Objectives 5 1.3 Project Scope 6

More information

MySQL for Beginners Ed 3

MySQL for Beginners Ed 3 Oracle University Contact Us: 1.800.529.0165 MySQL for Beginners Ed 3 Duration: 4 Days What you will learn The MySQL for Beginners course helps you learn about the world's most popular open source database.

More information

Implementing and Administering an Enterprise SharePoint Environment

Implementing and Administering an Enterprise SharePoint Environment Implementing and Administering an Enterprise SharePoint Environment There are numerous planning and management issues that your team needs to address when deploying SharePoint. This process can be simplified

More information

SQL Databases Course. by Applied Technology Research Center. This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases.

SQL Databases Course. by Applied Technology Research Center. This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases. SQL Databases Course by Applied Technology Research Center. 23 September 2015 This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases. Oracle Topics This Oracle Database: SQL

More information

Automatic vs. Manual Code Analysis

Automatic vs. Manual Code Analysis Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy ari.kesaniemi@nixu.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this

More information

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD) USING MYWEBSQL MyWebSQL is a database web administration tool that will be used during LIS 458 & CS 333. This document will provide the basic steps for you to become familiar with the application. 1. To

More information

Annex B - Content Management System (CMS) Qualifying Procedure

Annex B - Content Management System (CMS) Qualifying Procedure Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum

More information

Chapter 1 Web Application (In)security 1

Chapter 1 Web Application (In)security 1 Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is

More information

Data Model ing Essentials

Data Model ing Essentials Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Beginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey

Beginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey Beginning SQL Server 2012 Administration Rob Walters Grant Fritchey Apress Contents at a Glance About the Authors About the Technical Reviewer Acknowledgments Introduction xv xvi xvii xviii Chapter 1:

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

Installing Globodox Web Client on Windows Server 2012

Installing Globodox Web Client on Windows Server 2012 Installing Globodox Web Client on Windows Server 2012 Make sure that the Globodox Desktop Client is installed. Make sure it is not running. Note: Please click on Allow or Continue for all required UAC

More information

Web Application Security

Web Application Security Web Application Security A Beginner's Guide Bryan Sullivan Vincent Liu Mc r New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents

More information

15 Organisation/ICT/02/01/15 Back- up

15 Organisation/ICT/02/01/15 Back- up 15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional

More information

Beginning C# 5.0. Databases. Vidya Vrat Agarwal. Second Edition

Beginning C# 5.0. Databases. Vidya Vrat Agarwal. Second Edition Beginning C# 5.0 Databases Second Edition Vidya Vrat Agarwal Contents J About the Author About the Technical Reviewer Acknowledgments Introduction xviii xix xx xxi Part I: Understanding Tools and Fundamentals

More information

Expert Oracle Enterprise

Expert Oracle Enterprise Expert Oracle Enterprise Manager 12c Kellyn Pot'vin Anand Akela Gokhan Atil Bobby Curtis Alex Gorbachev Niall Litchfield Leighton Nelson Pete Sharman Apress' Contents J About the Authors About the Technical

More information

CSCI110 Exercise 4: Database - MySQL

CSCI110 Exercise 4: Database - MySQL CSCI110 Exercise 4: Database - MySQL The exercise This exercise is to be completed in the laboratory and your completed work is to be shown to the laboratory tutor. The work should be done in week-8 but

More information

ARIS Design Platform Getting Started with BPM

ARIS Design Platform Getting Started with BPM Rob Davis and Eric Brabander ARIS Design Platform Getting Started with BPM 4y Springer Contents Acknowledgements Foreword xvii xix Chapter 1 An Introduction to BPM 1 1.1 Brief History of Business Process

More information

SQL Server. 2012 for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach

SQL Server. 2012 for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach TRAINING & REFERENCE murach's SQL Server 2012 for developers Bryan Syverson Joel Murach Mike Murach & Associates, Inc. 4340 N. Knoll Ave. Fresno, CA 93722 www.murach.com murachbooks@murach.com Expanded

More information

SQL Server Integration Services Design Patterns

SQL Server Integration Services Design Patterns SQL Server Integration Services Design Patterns Second Edition Andy Leonard Tim Mitchell Matt Masson Jessica Moss Michelle Ufford Apress* Contents J First-Edition Foreword About the Authors About the Technical

More information

Lecture 11 Web Application Security (part 1)

Lecture 11 Web Application Security (part 1) Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)

More information

Windows PowerShell Cookbook

Windows PowerShell Cookbook Windows PowerShell Cookbook Lee Holmes O'REILLY' Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo Table of Contents Foreword Preface xvii xxi Part I. Tour A Guided Tour of Windows PowerShell

More information

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices

More information

DIPLOMA IN WEBDEVELOPMENT

DIPLOMA IN WEBDEVELOPMENT DIPLOMA IN WEBDEVELOPMENT Prerequisite skills Basic programming knowledge on C Language or Core Java is must. # Module 1 Basics and introduction to HTML Basic HTML training. Different HTML elements, tags

More information

SQL Server 2012. Integration Services. Design Patterns. Andy Leonard. Matt Masson Tim Mitchell. Jessica M. Moss. Michelle Ufford

SQL Server 2012. Integration Services. Design Patterns. Andy Leonard. Matt Masson Tim Mitchell. Jessica M. Moss. Michelle Ufford SQL Server 2012 Integration Services Design Patterns Andy Leonard Matt Masson Tim Mitchell Jessica M. Moss Michelle Ufford Contents J Foreword About the Authors About the Technical Reviewers Acknowledgments

More information

REDCap General Security Overview

REDCap General Security Overview REDCap General Security Overview Introduction REDCap is a web application for building and managing online surveys and databases, and thus proper security practices must instituted on the network and server(s)

More information

PROJECT MANAGEMENT SYSTEM

PROJECT MANAGEMENT SYSTEM Requirement Analysis Document v.2 14.12.2009 CENG-401 SOFTWARE ENGINEER PROJECT MANAGEMENT SYSTEM (Project Manager) Ahmet Edip SEÇKİN 07010555 (Developer) Erhan ŞEN 07010507 (Developer) Semih Serdar CENGİZOĞLU

More information

SQL Server 2008 Administration

SQL Server 2008 Administration SQL Server 2008 Administration Real World Skills for ITP Certification and Beyond Tom Carpenter WILEY Wiley Publishing, Inc. Contents Introduction xxi Part i Introducing SQL Server 2008 1 Chapter 1 Understanding

More information

Contents RELATIONAL DATABASES

Contents RELATIONAL DATABASES Preface xvii Chapter 1 Introduction 1.1 Database-System Applications 1 1.2 Purpose of Database Systems 3 1.3 View of Data 5 1.4 Database Languages 9 1.5 Relational Databases 11 1.6 Database Design 14 1.7

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

Business Administration of Windchill PDMLink 10.0

Business Administration of Windchill PDMLink 10.0 Business Administration of Windchill PDMLink 10.0 Overview Course Code Course Length TRN-3160-T 3 Days After completing this course, you will be well prepared to set up and manage a basic Windchill PDMLink

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ ^ Boca Raton London New York ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

Integrity 10. Curriculum Guide

Integrity 10. Curriculum Guide Integrity 10 Curriculum Guide Live Classroom Curriculum Guide Integrity 10 Workflows and Documents Administration Training Integrity 10 SCM Administration Training Integrity 10 SCM Basic User Training

More information

Windchill Service Information Manager 10.2. Curriculum Guide

Windchill Service Information Manager 10.2. Curriculum Guide Windchill Service Information Manager 10.2 Curriculum Guide Live Classroom Curriculum Guide Introduction to Windchill Service Information Manager 10.2 Building Information Structures with Windchill Service

More information

Developing ASP.NET MVC 4 Web Applications Online Training

Developing ASP.NET MVC 4 Web Applications Online Training Course Outline Plan the Application Layers Plan data access Plan for separation of concern Appropriate use of models, views, and controllers Choose between client-side and server-side processing Design

More information

Project 2: Web Security Pitfalls

Project 2: Web Security Pitfalls EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course

More information

BIRT: A Field Guide to Reporting

BIRT: A Field Guide to Reporting BIRT: A Field Guide to Reporting x:.-. ^ 11 Diana Peh Alethea Hannemann Nola Hague AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Parts

More information

Office 2010 Workflow;

Office 2010 Workflow; Office 2010 Workflow; Developing Collaborative Solutions MARK J. COLLINS Apress* Contents Preface About the Author About the Technical Reviewers Acknowledgements Introduction xix xxi xxii xxiii xxiv PART

More information

Windchill PDMLink 10.2. Curriculum Guide

Windchill PDMLink 10.2. Curriculum Guide Windchill PDMLink 10.2 Curriculum Guide Live Classroom Curriculum Guide Update to Windchill PDMLink 10.2 from Windchill PDMLink 9.0/9.1 for the End User Introduction to Windchill PDMLink 10.2 for Light

More information

Beginning ASP.NET 4.5

Beginning ASP.NET 4.5 Beginning ASP.NET 4.5 Databases i nwo t'loroon Sandeep Chanda Damien Foggon Apress- Contents About the Author About the Technical Reviewer Acknowledgments Introduction xv xvii xix xxi Chapter 1: ASP.NET

More information

System Administration of Windchill 10.2

System Administration of Windchill 10.2 System Administration of Windchill 10.2 Overview Course Code Course Length TRN-4340-T 3 Days In this course, you will gain an understanding of how to perform routine Windchill system administration tasks,

More information

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction Acknowledgments xv About the Author xvii Introduction xix Part 1 SSH Basics 1 Chapter 1 Overview of SSH 3 Differences between SSH1 and SSH2 4 Various Uses of SSH 5 Security 5 Remote Command Line Execution

More information

Web Development using PHP (WD_PHP) Duration 1.5 months

Web Development using PHP (WD_PHP) Duration 1.5 months Duration 1.5 months Our program is a practical knowledge oriented program aimed at learning the techniques of web development using PHP, HTML, CSS & JavaScript. It has some unique features which are as

More information

Pro SQL Server 2012. Reporting Services. Third Edition. mm m. Brian McDonald. Shawn McGehee. Rodney Landrum. Apress*

Pro SQL Server 2012. Reporting Services. Third Edition. mm m. Brian McDonald. Shawn McGehee. Rodney Landrum. Apress* Pro SQL Server 2012 Reporting Services Third Edition mm m Brian McDonald Shawn McGehee Rodney Landrum Apress* Contents About the Authors About the Technical Reviewers Acknowledgments m Introduction xvn

More information

Oracle Application Express MS Access on Steroids

Oracle Application Express MS Access on Steroids Oracle Application Express MS Access on Steroids Jules Lane Principal Consultant Tactical Database Development options Spreadsheets Encourage data duplication and inconsistency, clog

More information

Pentests more than just using the proper tools

Pentests more than just using the proper tools Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Penetration testing Introduction Evaluation scheme Security Analyses of web applications Internal Security

More information

Elgg 1.8 Social Networking

Elgg 1.8 Social Networking Elgg 1.8 Social Networking Create, customize, and deploy your very networking site with Elgg own social Cash Costello PACKT PUBLISHING open source* community experience distilled - BIRMINGHAM MUMBAI Preface

More information

Development and Management

Development and Management Cloud Database Development and Management Lee Chao CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informa business AN AUERBACH BOOK

More information

Customer Bank Account Management System Technical Specification Document

Customer Bank Account Management System Technical Specification Document Customer Bank Account Management System Technical Specification Document Technical Specification Document Page 1 of 15 Table of Contents Contents 1 Introduction 3 2 Design Overview 4 3 Topology Diagram.6

More information

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Expert Oracle. Database Architecture. Techniques and Solutions. 10gr, and 11g Programming. Oracle Database 9/, Second Edition.

Expert Oracle. Database Architecture. Techniques and Solutions. 10gr, and 11g Programming. Oracle Database 9/, Second Edition. Expert Oracle Database Architecture Oracle Database 9/, Techniques and Solutions 10gr, and 11g Programming Second Edition TECHNiSCHE JNFORMATIONSBIBLIOTHEK UN!VERSITAT BIBLIOTHEK HANNOVER Thomas Kyte Apress

More information

Results CRM 2012 User Manual

Results CRM 2012 User Manual Results CRM 2012 User Manual A Guide to Using Results CRM Standard, Results CRM Plus, & Results CRM Business Suite Table of Contents Installation Instructions... 1 Single User & Evaluation Installation

More information

FHE DEFINITIVE GUIDE. ^phihri^^lv JEFFREY GARBUS. Joe Celko. Alvin Chang. PLAMEN ratchev JONES & BARTLETT LEARN IN G. y ti rvrrtuttnrr i t i r

FHE DEFINITIVE GUIDE. ^phihri^^lv JEFFREY GARBUS. Joe Celko. Alvin Chang. PLAMEN ratchev JONES & BARTLETT LEARN IN G. y ti rvrrtuttnrr i t i r : 1. FHE DEFINITIVE GUIDE fir y ti rvrrtuttnrr i t i r ^phihri^^lv ;\}'\^X$:^u^'! :: ^ : ',!.4 '. JEFFREY GARBUS PLAMEN ratchev Alvin Chang Joe Celko g JONES & BARTLETT LEARN IN G Contents About the Authors

More information

2014 Guide For Testing Your Software. Security and Software Assessment Services (SSAS)

2014 Guide For Testing Your Software. Security and Software Assessment Services (SSAS) 2014 Guide For Testing Your Software Security and Software Assessment Services (SSAS) Usability Testing Sections Installation and Un-Installation Software Documentation Test Cases or Tutorial Graphical

More information

External Network & Web Application Assessment. For The XXX Group LLC October 2012

External Network & Web Application Assessment. For The XXX Group LLC October 2012 External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution

More information

Introduction to Windchill PDMLink 10.0 for Heavy Users

Introduction to Windchill PDMLink 10.0 for Heavy Users Introduction to Windchill PDMLink 10.0 for Heavy Users Overview Course Code Course Length TRN-3146-T 2 Days In this course, you will learn how to complete the day-to-day functions that enable you to create

More information

An Oracle White Paper June 2014. RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

An Oracle White Paper June 2014. RESTful Web Services for the Oracle Database Cloud - Multitenant Edition An Oracle White Paper June 2014 RESTful Web Services for the Oracle Database Cloud - Multitenant Edition 1 Table of Contents Introduction to RESTful Web Services... 3 Architecture of Oracle Database Cloud

More information

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.

More information

Request For Proposal Website Development/Updation @ Saurashtra University,

Request For Proposal Website Development/Updation @ Saurashtra University, Request For Proposal Website Development/Updation @ Saurashtra University, Rajkot RFP to be submitted at: Computer Centre, Saurashtra University, Rajkot. Last date of Submission: January,2015 INTRODUCTION:

More information

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO-6013-09 TABLE OF CONTENTS

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO-6013-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER OCIO-6013-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS

More information

Web Security Testing Cookbook*

Web Security Testing Cookbook* Web Security Testing Cookbook* Systematic Techniques to Find Problems Fast Paco Hope and Ben Walther O'REILLY' Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Foreword Preface xiii xv

More information

Designing and Coding Secure Systems

Designing and Coding Secure Systems Designing and Coding Secure Systems Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class covers secure coding and some design issues from a language neutral approach you can

More information

Training Guide: Configuring Windows8 8

Training Guide: Configuring Windows8 8 Training Guide: Configuring Windows8 8 Scott D. Lowe Derek Schauland Rick W. Vanover Introduction System requirements Practice setup instructions Acknowledgments Errata & book support We want to hear from

More information

Table of Contents. Introduction

Table of Contents. Introduction viii Table of Contents Introduction xvii Chapter 1 All About the Cisco Certified Security Professional 3 How This Book Can Help You Pass the CCSP Cisco Secure VPN Exam 5 Overview of CCSP Certification

More information

Practical Load Balancing

Practical Load Balancing Practical Load Balancing Ride the Performance Tiger Illtil Peter Membrey David Hows Eelco Plugge Apress8 Contents About the Authors About the Technical Reviewers Special Thanks to serverlove Acknowledgments

More information

Web Application Guidelines

Web Application Guidelines Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security

More information

Last update: February 23, 2004

Last update: February 23, 2004 Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to

More information

Microsoft SQL Server 2005 Reporting Services Step by Step

Microsoft SQL Server 2005 Reporting Services Step by Step Microsoft SQL Server 2005 Reporting Services Step by Step Stacia Misner; Hitachi Consulting To learn more about this book, visit Microsoft Learning at http://www.microsoft.com/mspress/books/9153.aspx 9780735622500

More information

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security

More information

Web Application Security

Web Application Security Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching

More information

Contents. Intended Audience for This Book How This Book Is Structured. Acknowledgements

Contents. Intended Audience for This Book How This Book Is Structured. Acknowledgements Preface Intended Audience for This Book How This Book Is Structured xvii xviii xix Acknowledgements xxi 1 Open Source Software: Definitions and History 1 1.1 Definition of Terms 1 1.1.1 What Is Free Software?

More information

Introduction. Acknowledgments Support & Feedback Preparing for the Exam. Chapter 1 Plan and deploy a server infrastructure 1

Introduction. Acknowledgments Support & Feedback Preparing for the Exam. Chapter 1 Plan and deploy a server infrastructure 1 Introduction Acknowledgments Support & Feedback Preparing for the Exam xv xvi xvii xviii Chapter 1 Plan and deploy a server infrastructure 1 Objective 1.1: Design an automated server installation strategy...1

More information

Magento Security and Vulnerabilities. Roman Stepanov

Magento Security and Vulnerabilities. Roman Stepanov Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection

More information

OWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741

OWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741 OWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741 ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN

More information

Dealer Tutorial. Uplink Customer Service 1-888-9UPLINK sales@uplink.com. 2010 Uplink Security, LLC. All rights reserved.

Dealer Tutorial. Uplink Customer Service 1-888-9UPLINK sales@uplink.com. 2010 Uplink Security, LLC. All rights reserved. Welcome to the u-traq Dealer Tutorial Uplink Customer Service 1-888-9UPLINK sales@uplink.com 2010 Uplink Security, LLC. All rights reserved. Table of Contents I. Device Overview Introduction to u-traq

More information

Creating Online Surveys with Qualtrics Survey Tool

Creating Online Surveys with Qualtrics Survey Tool Creating Online Surveys with Qualtrics Survey Tool Copyright 2015, Faculty and Staff Training, West Chester University. A member of the Pennsylvania State System of Higher Education. No portion of this

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

E-Commerce: Designing And Creating An Online Store

E-Commerce: Designing And Creating An Online Store E-Commerce: Designing And Creating An Online Store Introduction About Steve Green Ministries Solo Performance Artist for 19 Years. Released over 26 Records, Several Kids Movies, and Books. My History With

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

Columbia University Web Security Standards and Practices. Objective and Scope

Columbia University Web Security Standards and Practices. Objective and Scope Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements

More information

Bridging the Gap - Security and Software Testing. Roberto Suggi Liverani ANZTB Test Conference - March 2011

Bridging the Gap - Security and Software Testing. Roberto Suggi Liverani ANZTB Test Conference - March 2011 Bridging the Gap - Security and Software Testing Roberto Suggi Liverani ANZTB Test Conference - March 2011 1 Agenda Roberto, what test are you doing? Is this a defect, vulnerability or both? What can we

More information

Microsoft. Microsoft SQL Server. 2012 Integration Services. Wee-Hyong Tok. Rakesh Parida Matt Masson. Xiaoning Ding. Kaarthik Sivashanmugam

Microsoft. Microsoft SQL Server. 2012 Integration Services. Wee-Hyong Tok. Rakesh Parida Matt Masson. Xiaoning Ding. Kaarthik Sivashanmugam Microsoft Microsoft SQL Server 2012 Integration Services Wee-Hyong Tok Rakesh Parida Matt Masson Xiaoning Ding Kaarthik Sivashanmugam Contents Foreword Introduction xxi xxiii PART I OVERVIEW Chapter 1

More information

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8 Pro SQL Server 2008 Pol icy-based Management Ken Simmons Colin Stasiuk Jorge Segarra Apress8 Contents Contents at a Glance Contents About the Authors About the Technical Reviewers Acknowledgments Introduction

More information

REDCap Technical Overview

REDCap Technical Overview REDCap Technical Overview Introduction REDCap is a web application for building and managing online surveys and databases. This document delineates many of the broader technical aspects of REDCap, such

More information

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve. Quick Start Guide DocuSign Retrieve 3.2.2 Published April 2015 Overview DocuSign Retrieve is a windows-based tool that "retrieves" envelopes, documents, and data from DocuSign for use in external systems.

More information

Attachment D System Hardware & Software Overview & Recommendations For IRP System

Attachment D System Hardware & Software Overview & Recommendations For IRP System Attachment D System Hardware & Software Overview & Recommendations For IRP System Submitted by Explore Information Services, LLC Table of Contents Table of Contents...2 Explore IRP Configuration Recommendations...3

More information

Workflow Administration of Windchill 10.2

Workflow Administration of Windchill 10.2 Workflow Administration of Windchill 10.2 Overview Course Code Course Length TRN-4339-T 2 Days In this course, you will learn about Windchill workflow features and how to design, configure, and test workflow

More information

Testing the API behind a mobile app. Tutorial Marc van t Veer

Testing the API behind a mobile app. Tutorial Marc van t Veer Testing the API behind a mobile app Tutorial Marc van t Veer Content What is an API Why use an API How to use an API How-to test an API Exercises Group exercises (learning concepts 7) Individual exercises

More information

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2 Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation

More information

Office 365. Migrating and Managing Your. Business in the Cloud. Matthew Katzer. Don Crawford

Office 365. Migrating and Managing Your. Business in the Cloud. Matthew Katzer. Don Crawford Office 365 Migrating and Managing Your Business in the Cloud Matthew Katzer Don Crawford Contents About the Authors About the Technical Reviewers Acknowledgments Introduction xxi xxiii xxv xxvii Chapter

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information