SCRIPTING, DATABASES, SYSTEM ARCHITECTURE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SCRIPTING, DATABASES, SYSTEM ARCHITECTURE"

Transcription

1 introduction to SCRIPTING, DATABASES, SYSTEM ARCHITECTURE RECAPITULATION OF PHP Claus Brabrand ((( ))) Associate Professor, Ph.D. ((( Programming, Logic, and Semantics ))) IT University of Copenhagen Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

2 Agenda 1) RECAPITULATION ( of PHP ) 2) EXERCISE (NIM) ( all of PHP ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 2 ] Oct 14, 2011

3 Message from IT dept. Please use SFTP instead of FTP:...it combines SSH (secure protocol) with FTP (File Transfer Protocol) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 3 ] Oct 14, 2011

4 Another Message from IT dept. NB: Hacking!: "Insecure PHP scripts" have been exploited! " Vi har inden for de sidste par uger haft to halvgrimme sager hvor nogle PHP scripts fra DSDS kurset er blevet udnyttet af hackere. Begge sager har involveret studerende fra tidligere semestre [...] Vi er nødt til at opfordre til, at der afsættes lidt af undervisningstiden til yderligere fokus på sikkerhed i PHP og meget gerne hvis I ville bede de studerende om at undlade at udvikle visse typer scripts. Det drejer sig især om opstramning af sikkerheden på scripts der tillader upload og mail. " Attacks exploited lack of validation! So, please make sure you validate your input! Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 4 ] Oct 14, 2011

5 Intended Learning Outcomes After the course, you are expected to be able to : 1) plan and develop medium sized web applications using the scripting language, PHP; 2) design small MySQL databases; 3) construct PHP scripts that interact with databases using SQL; 4) describe the techniques behind DB-driven web applications; 5) describe the fundamental system architectural considerations behind web applications so as to be able to communicate and collaborate with programmers and technologists. Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 5 ] Oct 14, 2011

6 On Assignments Requirement for the exam: You need 10 out of 11 approved! Submit A[1-5]: (by October 28) Approved A[1-5]: (by November 04) Future deadlines: TAs available for help today! (Fridays at 08:29) Your assignment status?: (Talk to your TA!) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 6 ] Oct 14, 2011

7 Web Service Architecture SQL Server PHP Client(s) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 7 ] Oct 14, 2011

8 PHP Web Services e" e" form input e" Web! Service! client www server Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 8 ] Oct 14, 2011

9 PHP PHP is a programming language made specifically for web service programming PHP code runs on the server (i.e., not on your computer) Programming model of PHP: with special PHP tags (<?php?>) that are evaluated and generate (dynamic) PHP PHP static dynamic dynamic Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 9 ] Oct 14, 2011

10 Simple PHP Example <html> <body> <?php $time = date("h:i:s") ; echo Time is <b>$time</b> ;?> </body> Time is 08:29:59 </html> PHP code is written in <?php?> tags inside regular Each PHP command ends with ; (semicolon) echo is a command that prints the argument (in this case it will print Time is 08:29:59 ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 10 ] Oct 14, 2011 PHP static dynamic

11 ...and with Multiple PHP tags <html> <body> <?php $time = date("h:i:s");?> Time is:<b> <?php echo $time ;?> </b> </body> Time is 08:29:59 </html> PHP code is written in <?php?> tags inside regular Each PHP command ends with ; (semicolon) echo is a command that prints the argument (in this case it will print Time is 08:29:59 ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 11 ] Oct 14, 2011 PHP PHP static dynamic dynamic

12 Form Submission 1) The user fills out the form and clicks submit (which sends the data back to the server) 2) The server runs a web service (PHP program) that processes the data and constructs an reply 3) The server sends back the dynamically constructed document (that may depend on the data!): 42 e A B submit e client http request (url) (+data) dynamic html response www server program (e.g., PHP script) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 12 ] Oct 14, 2011

13 Validation of (X) Static vs Dynamic Validation PHP PHP static dynamic dynamic Validate: e input e VALID?!? client dynamic html www server PHP program Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 13 ] Oct 14, 2011

14 What do u need to work with? 1) forms / input fields? 2) variables? 3) operations? 4) if / while / for? 5) functions? 6) arrays? 7) validation / regexps? ) combinations of 1-7)? Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 14 ] Oct 14, 2011

15 Simple Web Service Example ( The BMI Service ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

16 The BMI Web Service () This form submits to the PHP script <html> <body> <h1>bmi calculator</h1> <form action=" Enter your height: <input type="text" name="height" /><br/> Enter your weight: <input type="text" name="weight" /><p/> <input type="submit" value="compute" /> </body> </html> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 16 ] Oct 14, 2011

17 <html> <body> <?php BMI with validation! $h = $_REQUEST['height'] ; $w = $_REQUEST['weight'] ; $regexp_number = '[0-9]+' ; if ( preg_match('/^'. $regexp_number. '$/', $h) ) { echo "Height: $h cm.<br/>" ; echo "Weight: $w kg.<p/>" ; $bmi = $w / (($h / 100) * ($h / 100)) ; echo "Your BMI is: <b>$bmi</b> " ; if ( $bmi < 20.0 ) { echo "which is too low!" ; } elseif ( $bmi > 25.0 ) { echo "which is too high!" ; } else { echo "which is normal." ; } } else { echo "Height was not a number!" ; }?> </body> </html> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 17 ] Oct 14, 2011

18 EXERCISE ( Game of NIM ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

19 <?php function echo_form( $sticks, $turn ) { // function to echo form nicely echo "<form action=''> <input type='hidden' name='turn' value='$turn' /> <input type='hidden' name='sticks' value='$sticks' /> There are <b>$sticks</b> stick(s) left.<p/> <b>player $turn</b>, how many sticks do u wanna take (1-3)? <input type='text' name='take' size='1' maxlength='1'/> <p/> <input type='submit' value='take!' /> </form>" ; } ( ) if (! isset( $_REQUEST['take'] ) ) { // set up game echo "<h1>welcome to the Game of NIM</h1>" ; $turn = 1; // player one always starts $sticks = rand( 10, 15 ) ; // initially (randomly 10-15x) #sticks } else { $turn = 3 - $_REQUEST['turn'] ; // switch players (clever: 1 <--> 2) $sticks = $_REQUEST['sticks'] - $_REQUEST['take'] ; // update #sticks } // if there is only one last stick left, current player looses! if ( $sticks == 1 ) { echo "There is (only) <b>one</b> (last) stick left!" ; echo "<p/>" ; echo "<h3>player $turn loses!</h3>" ; } else { // game still on echo_form( $sticks, $turn ) ; }?> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 19 ] Oct 14, 2011

20 NIM EXERCISES (pick "relevant") 1) Go through the program (NIM web service): 1a) Read through program 1b) Explain it to one another 2) Change input fields (from type='text' to...): 2a) type='radio' 2b) type='submit' 2c) <select>... </select> 3) Add input validation (using type='text' input): 3a) ensure only 1-3 is entered as #sticks (regexp) 3b) ensure #sticks taken isn't more than what remain (PHP) 4) Add player names: 4a) either: " à PHP" or "single page PHP" 4b) ensure info is submitted every time (hint: type='hidden') 5) Add a computer player: 5a) turn player2 into a computer player 5b) make player2 play using a 'winning strategy' for NIM :-) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 20 ] Oct 14, 2011

21 Any questions? Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

22 Control Structures Control Structures: Statements (or Expr s) that affect flow of control : if-else: [syntax] if ( COND ) { STM 1 } else { STM 2 } true COND STM 1 false STM 2 [semantics] If the condition (COND) evaluates to true, statement (STM 1 ) is executed, otherwise statement (STM 2 ) is executed. confluence if: [syntax] if ( COND ) { STM } true STM COND false [semantics] If the condition (COND) evaluates to true, the given statement (STM) is executed, otherwise not. confluence Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 22 ] Oct 14, 2011

23 Control Structures (cont d) while: [syntax] [semantics] for: [syntax] [semantics] while ( COND ) { STM } If the condition (COND) evaluates to false, the given statement (STM) is skipped. Otherwise (if the condition was true), the statement (STM) is executed and afterwards the condition is evaluated again. If it is still true, STM is executed again... This continues until the condition evaluates to false. for (INIT; COND; INCR) { STM } Equivalent to: { INIT; while ( COND ) { STM AFTER; } } true COND STM INIT true STM INCR COND confluence confluence false false Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 23 ] Oct 14, 2011

CREATING WEB FORMS WEB and FORMS FRAMES AND

CREATING WEB FORMS WEB and FORMS FRAMES AND CREATING CREATING WEB FORMS WEB and FORMS FRAMES AND FRAMES USING Using HTML HTML Creating Web Forms and Frames 1. What is a Web Form 2. What is a CGI Script File 3. Initiating the HTML File 4. Composing

More information

PHP Tutorial From beginner to master

PHP Tutorial From beginner to master PHP Tutorial From beginner to master PHP is a powerful tool for making dynamic and interactive Web pages. PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP.

More information

Facebook Twitter YouTube Google Plus Website Email

Facebook Twitter YouTube Google Plus Website Email PHP MySQL COURSE WITH OOP COURSE COVERS: PHP MySQL OBJECT ORIENTED PROGRAMMING WITH PHP SYLLABUS PHP 1. Writing PHP scripts- Writing PHP scripts, learn about PHP code structure, how to write and execute

More information

Chapter 1 Introduction to web development and PHP

Chapter 1 Introduction to web development and PHP Chapter 1 Introduction to web development and PHP Murach's PHP and MySQL, C1 2010, Mike Murach & Associates, Inc. Slide 1 Objectives Applied 1. Use the XAMPP control panel to start or stop Apache or MySQL

More information

MMGD0204 Web Application Technology. Chapter 9 SERVER-SIDE SCRIPTING LANGUAGE

MMGD0204 Web Application Technology. Chapter 9 SERVER-SIDE SCRIPTING LANGUAGE MMGD0204 Web Application Technology Chapter 9 SERVER-SIDE SCRIPTING LANGUAGE Server-Side Scripting Language A web server technology in which a user's request is fulfilled by running a script directly on

More information

Course Number: IAC-SOFT-WDAD Web Design and Application Development

Course Number: IAC-SOFT-WDAD Web Design and Application Development Course Number: IAC-SOFT-WDAD Web Design and Application Development Session 1 (10 Hours) Client Side Scripting Session 2 (10 Hours) Server Side Scripting - I Session 3 (10 hours) Database Session 4 (10

More information

DIPLOMA IN WEBDEVELOPMENT

DIPLOMA IN WEBDEVELOPMENT DIPLOMA IN WEBDEVELOPMENT Prerequisite skills Basic programming knowledge on C Language or Core Java is must. # Module 1 Basics and introduction to HTML Basic HTML training. Different HTML elements, tags

More information

ISI ACADEMY Web applications Programming Diploma using PHP& MySQL

ISI ACADEMY Web applications Programming Diploma using PHP& MySQL ISI ACADEMY for PHP& MySQL web applications Programming ISI ACADEMY Web applications Programming Diploma using PHP& MySQL HTML - CSS - JavaScript PHP - MYSQL What You'll Learn Be able to write, deploy,

More information

HowTo. Planning table online

HowTo. Planning table online HowTo Project: Description: Planning table online Installation Version: 1.0 Date: 04.09.2008 Short description: With this document you will get information how to install the online planning table on your

More information

Web development... the server side (of the force)

Web development... the server side (of the force) Web development... the server side (of the force) Fabien POULARD Document under license Creative Commons Attribution Share Alike 2.5 http://www.creativecommons.org/learnmore Web development... the server

More information

CISC 1600 Introduction to Multi-media Computing

CISC 1600 Introduction to Multi-media Computing CISC 1600 Introduction to Multi-media Computing Spring 2012 Instructor : J. Raphael Email Address: Course Page: Class Hours: raphael@sci.brooklyn.cuny.edu http://www.sci.brooklyn.cuny.edu/~raphael/cisc1600.html

More information

Web Development using PHP (WD_PHP) Duration 1.5 months

Web Development using PHP (WD_PHP) Duration 1.5 months Duration 1.5 months Our program is a practical knowledge oriented program aimed at learning the techniques of web development using PHP, HTML, CSS & JavaScript. It has some unique features which are as

More information

INFORMATION BROCHURE Certificate Course in Web Design Using PHP/MySQL

INFORMATION BROCHURE Certificate Course in Web Design Using PHP/MySQL INFORMATION BROCHURE OF Certificate Course in Web Design Using PHP/MySQL National Institute of Electronics & Information Technology (An Autonomous Scientific Society of Department of Information Technology,

More information

Project 2: Web Security Pitfalls

Project 2: Web Security Pitfalls EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course

More information

COURSE CONTENT FOR WINTER TRAINING ON Web Development using PHP & MySql

COURSE CONTENT FOR WINTER TRAINING ON Web Development using PHP & MySql COURSE CONTENT FOR WINTER TRAINING ON Web Development using PHP & MySql 1 About WEB DEVELOPMENT Among web professionals, "web development" refers to the design aspects of building web sites. Web development

More information

Advanced Web Development SCOPE OF WEB DEVELOPMENT INDUSTRY

Advanced Web Development SCOPE OF WEB DEVELOPMENT INDUSTRY Advanced Web Development Duration: 6 Months SCOPE OF WEB DEVELOPMENT INDUSTRY Web development jobs have taken thе hot seat when it comes to career opportunities and positions as a Web developer, as every

More information

LAMP [Linux. Apache. MySQL. PHP] Industrial Implementations Module Description

LAMP [Linux. Apache. MySQL. PHP] Industrial Implementations Module Description LAMP [Linux. Apache. MySQL. PHP] Industrial Implementations Module Description Mastering LINUX Vikas Debnath Linux Administrator, Red Hat Professional Instructor : Vikas Debnath Contact

More information

COURSE SYLLABUS EDG 6931: Designing Integrated Media Environments 2 Educational Technology Program University of Florida

COURSE SYLLABUS EDG 6931: Designing Integrated Media Environments 2 Educational Technology Program University of Florida COURSE SYLLABUS EDG 6931: Designing Integrated Media Environments 2 Educational Technology Program University of Florida CREDIT HOURS 3 credits hours PREREQUISITE Completion of EME 6208 with a passing

More information

Internet Technologies

Internet Technologies QAFQAZ UNIVERSITY Computer Engineering Department Internet Technologies HTML Forms Dr. Abzetdin ADAMOV Chair of Computer Engineering Department aadamov@qu.edu.az http://ce.qu.edu.az/~aadamov What are forms?

More information

Questionnaire #1: The Patient (Spørgeskema, må gerne besvares på dansk)

Questionnaire #1: The Patient (Spørgeskema, må gerne besvares på dansk) Table of Contents Questionnaire #1: The Patient... 2 Questionnaire #2: The Medical Staff... 4 Questionnaire #3: The Visitors... 6 Questionnaire #4: The Non-Medical Staff... 7 Page1 Questionnaire #1: The

More information

Dynamic Web-Enabled Data Collection

Dynamic Web-Enabled Data Collection Dynamic Web-Enabled Data Collection S. David Riba, Introduction Web-based Data Collection Forms Error Trapping Server Side Validation Client Side Validation Dynamic generation of web pages with Scripting

More information

Multimedia im Netz Online Multimedia Winter semester 2015/16. Tutorial 02 Minor Subject

Multimedia im Netz Online Multimedia Winter semester 2015/16. Tutorial 02 Minor Subject Multimedia im Netz Online Multimedia Winter semester 2015/16 Tutorial 02 Minor Subject Ludwig- Maximilians- Universität München Online Multimedia WS 2015/16 - Tutorial 02 for minor subject students 1 Today

More information

1. Please login to the Own Web Now Support Portal (https://support.ownwebnow.com) with your email address and a password.

1. Please login to the Own Web Now Support Portal (https://support.ownwebnow.com) with your email address and a password. Web Hosting Introduction The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one powered by Linux / PHP and the other powered

More information

Advanced PostgreSQL SQL Injection and Filter Bypass Techniques

Advanced PostgreSQL SQL Injection and Filter Bypass Techniques Advanced PostgreSQL SQL Injection and Filter Bypass Techniques INFIGO-TD TD-200 2009-04 2009-06 06-17 Leon Juranić leon.juranic@infigo.hr INFIGO IS. All rights reserved. This document contains information

More information

Claus B. Jensen IT Auditor, CISA, CIA

Claus B. Jensen IT Auditor, CISA, CIA Claus B. Jensen IT Auditor, CISA, CIA I am employed in Rigsrevisionen, Denmark. (Danish National Audit Office) I have worked within IT Audit since 1995, both as internal and external auditor and now in

More information

SCRIPTING, DATABASES, SYSTEM ARCHITECTURE

SCRIPTING, DATABASES, SYSTEM ARCHITECTURE introduction to SCRIPTING, DATABASES, SYSTEM ARCHITECTURE MORE WEB SERVICE EXAMPLES Claus Brabrand ((( brabrand@itu.dk ))) Associate Professor, Ph.D. ((( Programming, Logic, and Semantics ))) IT University

More information

Certified PHP Developer VS-1054

Certified PHP Developer VS-1054 Certified PHP Developer VS-1054 Certification Code VS-1054 Certified PHP Developer Vskills certification for PHP Developers assesses the candidate for developing PHP based applications. The certification

More information

Rensselaer Union Club Webhosting CPanel Guide

Rensselaer Union Club Webhosting CPanel Guide Rensselaer Union Club Webhosting CPanel Guide Introduction: One of the many services the Systems Administrators offer Union recognized clubs is website hosting with a union.rpi.edu subdomain. The service

More information

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology. CCM 4350 Week 11 Security Architecture and Engineering Guest Lecturer: Mr Louis Slabbert School of Science and Technology CCM4350_CNSec 1 Web Server Security The Web is the most visible part of the net

More information

Web Application Security Part 1

Web Application Security Part 1 Web Application Security Part 1 Author : Treasure Priyamal Site : www.treasuresec.com E-mail : treasure@treasuresec.com Twitter :http://twitter.com/treasure_sec Introduction Today we are going to talk

More information

COMP 112 Assignment 1: HTTP Servers

COMP 112 Assignment 1: HTTP Servers COMP 112 Assignment 1: HTTP Servers Lead TA: Jim Mao Based on an assignment from Alva Couch Tufts University Due 11:59 PM September 24, 2015 Introduction In this assignment, you will write a web server

More information

IT3504: Web Development Techniques (Optional)

IT3504: Web Development Techniques (Optional) INTRODUCTION : Web Development Techniques (Optional) This is one of the three optional courses designed for Semester 3 of the Bachelor of Information Technology Degree program. This course on web development

More information

IT3503 Web Development Techniques (Optional)

IT3503 Web Development Techniques (Optional) INTRODUCTION Web Development Techniques (Optional) This is one of the three optional courses designed for Semester 3 of the Bachelor of Information Technology Degree program. This course on web development

More information

PRESSEKIT INTERNATIONALE STUDERENDE

PRESSEKIT INTERNATIONALE STUDERENDE PRESSEKIT INTERNATIONALE STUDERENDE FÅ MENTOR KORT MED MASSER AF FORDELE! Studenterhuset vil gerne bakke op om mentorernes store arbejde på KU. Derfor har vi i år lavet et mentorkort! Med et mentorkort

More information

Project OWASP and two most frequent vulnerabilities in web applications

Project OWASP and two most frequent vulnerabilities in web applications Project OWASP and two most frequent vulnerabilities in web applications Filip Šebesta, Wilson Tuladhar 2010 Abstract With the rapid use of the Internet, there has been a rapid growth in websites and web

More information

CTIS 256 Web Technologies II. Week # 1 Serkan GENÇ

CTIS 256 Web Technologies II. Week # 1 Serkan GENÇ CTIS 256 Web Technologies II Week # 1 Serkan GENÇ Introduction Aim: to be able to develop web-based applications using PHP (programming language) and mysql(dbms). Internet is a huge network structure connecting

More information

Guide for Building Web Application Using PHP and Mysql

Guide for Building Web Application Using PHP and Mysql Guide for Building Web Application Using PHP and Mysql 1. Download and install PHP, Web Server, and MySql from one of the following sites. You can look up the lecture notes on the class webpage for tutorials

More information

Chapter 1. Introduction to web development

Chapter 1. Introduction to web development Chapter 1 Introduction to web development HTML, XHTML, and CSS, C1 2010, Mike Murach & Associates, Inc. Slide 1 Objectives Applied 1. Load a web page from the Internet or an intranet into a web browser.

More information

Server-side: PHP and MySQL (continued)

Server-side: PHP and MySQL (continued) Server-side: PHP and MySQL (continued) some remarks check on variable: isset ( $variable )? more functionality in a single form more functionality in a single PHP-file updating the database data validation

More information

Lesson 7 - Website Administration

Lesson 7 - Website Administration Lesson 7 - Website Administration If you are hired as a web designer, your client will most likely expect you do more than just create their website. They will expect you to also know how to get their

More information

PHP: Introduction. CS7025: Network Technologies and Server Side Programming Lecturer: Saturnino Luz

PHP: Introduction. CS7025: Network Technologies and Server Side Programming  Lecturer: Saturnino Luz PHP: Introduction CS7025: Network Technologies and Server Side Programming http://www.scss.tcd.ie/~luzs/t/cs7025/ Lecturer: Saturnino Luz January 24, 2011 1 PHP: Introduction How does a browser request

More information

Why File Upload Forms are a Major Security Threat

Why File Upload Forms are a Major Security Threat Why File Upload Forms are a Major Security Threat To allow an end user to upload files to your website, is like opening another door for a malicious user to compromise your server. Even though, in today

More information

WIRIS quizzes web services Getting started with PHP and Java

WIRIS quizzes web services Getting started with PHP and Java WIRIS quizzes web services Getting started with PHP and Java Document Release: 1.3 2011 march, Maths for More www.wiris.com Summary This document provides client examples for PHP and Java. Contents WIRIS

More information

Sample Code with Output

Sample Code with Output Sample Code with Output File Upload : In PHP, we can upload file to a server fileupload.html #menu a #content #italictext

More information

PHP MySQL Course Details

PHP MySQL Course Details PHP MySQL Course Details By Besant Technologies Course Name Category Venue PHP MySQL Scripting Language & Web Development Besant Technologies No.24, Nagendra Nagar, Velachery Main Road, Address Velachery,

More information

Specialized Programme on Web Application Development using Open Source Tools

Specialized Programme on Web Application Development using Open Source Tools Specialized Programme on Web Application Development using Open Source Tools A. NAME OF INSTITUTE Centre For Development of Advanced Computing B. NAME/TITLE OF THE COURSE C. COURSE DATES WITH DURATION

More information

Intrusion detection for web applications

Intrusion detection for web applications Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities

More information

AJ Matrix V5. Installation Manual

AJ Matrix V5. Installation Manual AJ Matrix V5 Installation Manual AJ Square Consultancy Services (p) Ltd., The Lord's Garden, #1-12, Vilacheri Main Road, Vilacheri, Madurai-625 006.TN.INDIA, Ph:+91-452-3917717, 3917790. Fax : 2484600

More information

Example for Using the PrestaShop Web Service : CRUD

Example for Using the PrestaShop Web Service : CRUD Example for Using the PrestaShop Web Service : CRUD This tutorial shows you how to use the PrestaShop web service with PHP library by creating a "CRUD". Prerequisites: - PrestaShop 1.4 installed on a server

More information

HP WebInspect Tutorial

HP WebInspect Tutorial HP WebInspect Tutorial Introduction: With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the

More information

How to hack a website with Metasploit

How to hack a website with Metasploit How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make

More information

Lecture 2. Internet: who talks with whom?

Lecture 2. Internet: who talks with whom? Lecture 2. Internet: who talks with whom? An application layer view, with particular attention to the World Wide Web Basic scenario Internet Client (local PC) Server (remote host) Client wants to retrieve

More information

PHP. Intro, Syntax, Variables, Echo, Data Types

PHP. Intro, Syntax, Variables, Echo, Data Types PHP Intro, Syntax, Variables, Echo, Data Types Introduction PHP scripts are executed on the server. What You Should Already Know Before you continue you should have a basic understanding of the following:

More information

When you have selected where you would like the form on your web page, insert these lines of code to start:

When you have selected where you would like the form on your web page, insert these lines of code to start: Mail Form Tutorial This tutorial will show you how to make use of SIUE s mail form script to allow web users to contact you via e mail regarding anything you wish. This script if most useful for receiving

More information

User's Guide and Software Design of. Job Tracking System for the NTC s Machine Shop 2006-01-05. Version 2.0

User's Guide and Software Design of. Job Tracking System for the NTC s Machine Shop 2006-01-05. Version 2.0 User's Guide and Software Design of Job Tracking System for the NTC s Machine Shop 2006-01-05 Version 2.0 File: \\CVFILER\cv-cdl-sis\MeasSys\Tasks\ShopTrackSys2.doc Page i Printed: 2006-01-05 12:54:59

More information

Research on the Danish heroin assisted treatment programme

Research on the Danish heroin assisted treatment programme Research on the Danish heroin assisted treatment programme Katrine Schepelern Johansen Anthropologist, PhD Post.doc, Department of Anthropology, University of Copenhagen Treatment with heroin in Denmark

More information

Application Servers G22.3033-011. Session 2 - Main Theme Page-Based Application Servers. Dr. Jean-Claude Franchitti

Application Servers G22.3033-011. Session 2 - Main Theme Page-Based Application Servers. Dr. Jean-Claude Franchitti Application Servers G22.3033-011 Session 2 - Main Theme Page-Based Application Servers Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences

More information

Construction of Social CRM System based on WeChat Public Platform. Linjun Sun

Construction of Social CRM System based on WeChat Public Platform. Linjun Sun International Symposium on Social Science (ISSS 2015) Construction of Social CRM System based on WeChat Public Platform Linjun Sun School of Management, North China Institute of Science and Technology,

More information

SUBJECT CODE : 4074 PERIODS/WEEK : 4 PERIODS/ SEMESTER : 72 CREDIT : 4 TIME SCHEDULE UNIT TOPIC PERIODS 1. INTERNET FUNDAMENTALS & HTML Test 1

SUBJECT CODE : 4074 PERIODS/WEEK : 4 PERIODS/ SEMESTER : 72 CREDIT : 4 TIME SCHEDULE UNIT TOPIC PERIODS 1. INTERNET FUNDAMENTALS & HTML Test 1 SUBJECT TITLE : WEB TECHNOLOGY SUBJECT CODE : 4074 PERIODS/WEEK : 4 PERIODS/ SEMESTER : 72 CREDIT : 4 TIME SCHEDULE UNIT TOPIC PERIODS 1. INTERNET FUNDAMENTALS & HTML Test 1 16 02 2. CSS & JAVASCRIPT Test

More information

QUESTIONS AND ANSWERS

QUESTIONS AND ANSWERS TECHNOLOGY CONSULTANCY Innovative. Reliable. Efficient. QUESTIONS AND ANSWERS WEB HOSTING SERVICES What you need to know about Web Hosting Q&A - WEBHOSTING 1. What is web hosting? Web Hosting is a service

More information

Student evaluation form

Student evaluation form Student evaluation form Back Number of respondents: 17 1. Multiple choice question Percentage Name of course: [Insert name of course here!] Course Objectives: [Insert course objectives (målbeskrivelse)

More information

Annual Web Application Security Report 2011

Annual Web Application Security Report 2011 Annual Web Application Security Report 2011 An analysis of vulnerabilities found in external Web Application Security tests conducted by NTA Monitor during 2010 Contents 1.0 Introduction... 3 2.0 Summary...

More information

SANS Dshield Webhoneypot Project. OWASP November 13th, 2009. The OWASP Foundation http://www.owasp.org. Jason Lam

SANS Dshield Webhoneypot Project. OWASP November 13th, 2009. The OWASP Foundation http://www.owasp.org. Jason Lam SANS Dshield Webhoneypot Project Jason Lam November 13th, 2009 SANS Internet Storm Center jason@networksec.org The Foundation http://www.owasp.org Introduction Who is Jason Lam Agenda Intro to honeypot

More information

Plesk Panel HEAnet Customer Guide

Plesk Panel HEAnet Customer Guide Plesk Panel HEAnet Customer Guide Version 1.7 September 2013 HEAnet has migrated its Webhosting Service from the old Linux/Apache/MySQL/PHP (LAMP) set up to a control panel environment based on Parallel

More information

Network Security In Linux: Scanning and Hacking

Network Security In Linux: Scanning and Hacking Network Security In Linux: Scanning and Hacking Review Lex A lexical analyzer that tokenizes an input text. Yacc A parser that parses and acts based on defined grammar rules involving tokens. How to compile

More information

Web Application Vulnerabilities and Avoiding Application Exposure

Web Application Vulnerabilities and Avoiding Application Exposure Web Application Vulnerabilities and Avoiding Application Exposure The introduction of BIG-IP Application Security Manager (ASM) version 9.4.2 marks a major step forward. BIG-IP ASM now offers more features

More information

RIPS - A static source code analyser for vulnerabilities in PHP scripts

RIPS - A static source code analyser for vulnerabilities in PHP scripts RIPS - A static source code analyser for vulnerabilities in PHP scripts Johannes Dahse 1 Introduction The amount of websites have increased rapidly during the last years. While websites consisted mostly

More information

SETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS

SETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS White Paper SETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS CONTENTS Introduction 1 Audience 1 Terminology 1 Enabling a custom home page 1 Adding webmysqlserver

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Specialized Programme on Web Application Development using Open Source Tools

Specialized Programme on Web Application Development using Open Source Tools Specialized Programme on Web Application Development using Open Source Tools Objective: At the end of the course, Students will be able to: Understand various open source tools(programming tools and databases)

More information

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM Agenda Introduction to Application Hacking Demonstration of Attack Tool Common Web Application Attacks Live Bank Hacking Demonstration

More information

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006 CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on

More information

Application Monitoring using SNMPc 7.0

Application Monitoring using SNMPc 7.0 Application Monitoring using SNMPc 7.0 SNMPc can be used to monitor the status of an application by polling its TCP application port. Up to 16 application ports can be defined per icon. You can also configure

More information

Big Bad Moodle Guide By Mike Tupker mtupker@mtmercy.edu Version 1

Big Bad Moodle Guide By Mike Tupker mtupker@mtmercy.edu Version 1 Big Bad Moodle Guide By Mike Tupker mtupker@mtmercy.edu Version 1 Introduction. I m a Desktop Technician/Network Administrator at Mount Mercy College in Cedar Rapids Iowa. This document is a how to for

More information

Content Management System

Content Management System Content Management System XT-CMS INSTALL GUIDE Requirements The cms runs on PHP so the host/server it is intended to be run on should ideally be linux based with PHP 4.3 or above. A fresh install requires

More information

Web Programming. Robert M. Dondero, Ph.D. Princeton University

Web Programming. Robert M. Dondero, Ph.D. Princeton University Web Programming Robert M. Dondero, Ph.D. Princeton University 1 Objectives You will learn: The fundamentals of web programming... The hypertext markup language (HTML) Uniform resource locators (URLs) The

More information

Cyber Security Challenge Australia 2014

Cyber Security Challenge Australia 2014 Cyber Security Challenge Australia 2014 www.cyberchallenge.com.au CySCA2014 Web Penetration Testing Writeup Background: Pentest the web server that is hosted in the environment at www.fortcerts.cysca Web

More information

Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion

More information

Using The HomeVision Web Server

Using The HomeVision Web Server Using The HomeVision Web Server INTRODUCTION HomeVision version 3.0 includes a web server in the PC software. This provides several capabilities: Turns your computer into a web server that serves files

More information

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb). 1 / 17 Network: several computers who can communicate. Bus topology: bus Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb). Hardware has globally unique MAC addresses (IDs).

More information

Midlertidige Byrum Den øjeblikkelige invitation Camilla van Deurs, Arkitekt MAA, PhD

Midlertidige Byrum Den øjeblikkelige invitation Camilla van Deurs, Arkitekt MAA, PhD Midlertidige Byrum Den øjeblikkelige invitation Camilla van Deurs, Arkitekt MAA, PhD Gehl Architects Urban Quality Consultants Gl. Kongevej 1, 4.tv 1610 Copenhagen V Denmark www.gehlarchitects.dk 24 Nordisk

More information

Exercises. Days 31 28 31 30 31 30 31 31 30 31 30 31

Exercises. Days 31 28 31 30 31 30 31 31 30 31 30 31 Exercises 1. Days in Month: Write a function daysinmonth that takes a month (between 1 and 12) as a parameter and returns the number of days in that month in a non-leap year. For example a call to daysinmonth(6)

More information

Instructor: Betty O Neil

Instructor: Betty O Neil Introduction to Web Application Development, for CS437/637 Instructor: Betty O Neil 1 Introduction: Internet vs. World Wide Web Internet is an interconnected network of thousands of networks and millions

More information

Quick Reference Guide: Shared Hosting

Quick Reference Guide: Shared Hosting : Shared Hosting TABLE OF CONTENTS GENERAL INFORMATION...2 WEB SERVER PLATFORM SPECIFIC INFORMATION...2 WEBSITE TRAFFIC ANALYSIS TOOLS...3 DETAILED STEPS ON HOW TO PUBLISH YOUR WEBSITE...6 FREQUENTLY ASKED

More information

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop What is PHP? PHP and XML Brian J. Stafford, Mark McIntyre and Fraser Gallop PHP is a server-side tool for creating dynamic web pages. PHP pages consist of both HTML and program logic. One of the advantages

More information

Since we are starting small, we will partake in the time-honoured tradition of true 'Hello World' applications.

Since we are starting small, we will partake in the time-honoured tradition of true 'Hello World' applications. Tutorial: 1 VoiceXML Hello World Phone application This simple tutorial will step you through the creation and deployment of a "hello world" application. When we're done, you'll have a basic understanding

More information

Oct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 3. Internet : the vast collection of interconnected networks that all use the TCP/IP protocols

Oct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 3. Internet : the vast collection of interconnected networks that all use the TCP/IP protocols E-Commerce Infrastructure II: the World Wide Web The Internet and the World Wide Web are two separate but related things Oct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 1 Outline The Internet and

More information

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr

More information

Magento Security and Vulnerabilities. Roman Stepanov

Magento Security and Vulnerabilities. Roman Stepanov Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection

More information

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES AUTHOR: Chema Alonso Informática 64. Microsoft MVP Enterprise Security Hello and welcome to Intypedia.

More information

Using PHPIDS to Understand Attacks Trends. @grecs

Using PHPIDS to Understand Attacks Trends. @grecs Using PHPIDS to Understand Attacks Trends @grecs Infosec Career Start - WebAppSec Around 2002 Sooo Much Simpler No CSRF, Click-Jacking, SQLi No SOAP No AJAX No HTML5 Had Our Problems Browser

More information

Lesson Overview. Getting Started. The Internet WWW

Lesson Overview. Getting Started. The Internet WWW Lesson Overview Getting Started Learning Web Design: Chapter 1 and Chapter 2 What is the Internet? History of the Internet Anatomy of a Web Page What is the Web Made Of? Careers in Web Development Web-Related

More information

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

ASL IT Security Advanced Web Exploitation Kung Fu V2.0 ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union

More information

M3-R3: INTERNET AND WEB DESIGN

M3-R3: INTERNET AND WEB DESIGN M3-R3: INTERNET AND WEB DESIGN NOTE: 1. There are TWO PARTS in this Module/Paper. PART ONE contains FOUR questions and PART TWO contains FIVE questions. 2. PART ONE is to be answered in the TEAR-OFF ANSWER

More information

Introduction to Database Systems CS4320/CS5320. CS4320/4321: Introduction to Database Systems. CS4320/4321: Introduction to Database Systems

Introduction to Database Systems CS4320/CS5320. CS4320/4321: Introduction to Database Systems. CS4320/4321: Introduction to Database Systems Introduction to Database Systems CS4320/CS5320 Instructor: Johannes Gehrke http://www.cs.cornell.edu/johannes johannes@cs.cornell.edu CS4320/CS5320, Fall 2012 1 CS4320/4321: Introduction to Database Systems

More information

Installing Joomla On Your VPS

Installing Joomla On Your VPS Installing Joomla On Your VPS Last Update: August 2013 www.servergrove.com PART 1: Configuring a Database 1) Go To the url below & log into your VPS Control Panel: https://control.servergrove.com 2) Click

More information

CMP3002 Advanced Web Technology

CMP3002 Advanced Web Technology CMP3002 Advanced Web Technology Assignment 1: Web Security Audit A web security audit on a proposed eshop website By Adam Wright Table of Contents Table of Contents... 2 Table of Tables... 2 Introduction...

More information

PROJECT REPORT OF BUILDING COURSE MANAGEMENT SYSTEM BY DJANGO FRAMEWORK

PROJECT REPORT OF BUILDING COURSE MANAGEMENT SYSTEM BY DJANGO FRAMEWORK PROJECT REPORT OF BUILDING COURSE MANAGEMENT SYSTEM BY DJANGO FRAMEWORK by Yiran Zhou a Report submitted in partial fulfillment of the requirements for the SFU-ZU dual degree of Bachelor of Science in

More information