Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- security

  SQL Injection through HTTP Headers

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and whic...

   Code security,SQL injection,HTTP header     2012-04-05 11:42:04

  What to Know About Windows 11

Windows 11 launched in October, with Microsoft bringing some changes to the operating system. It was the first name change in six years, and the rollout began on October 5. The rollout is being phased on eligible devices.  You can download it if you don’t want to wait for it to be your device’s turn.  Some businesses are opting to defer upgrades to Windows 11, as are some individuals. Others are excited to take advantage. The following are some things to know about impleme...

   MICROSOFT,WINDOWS 11     2021-12-06 10:41:04

  Flash Player sandboxing is coming to Firefox

Peleus here. In December of 2010, I wrote a blog post describing the first steps towards sandboxing Flash Player within Google Chrome. In the blog, I stated that the Flash Player team would explore bringing sandboxing technology to other browsers. We then spent 2011 buried deep within Adobe laying the groundwork for several new security innovations. Today, Adobe has launched a public beta of our new Flash Player sandbox (aka “Protected Mode”) for the Firefox browser....

   Flash,Sandbox,Google chrome     2012-02-07 06:16:57

  Using C for a specialized data store

Pixenomics stores and transports 1.2 million pixels from the server to the client. During development we played with various methods to store and process this. Our ultimate goal was to send the entire board in under 1 second. During the stages of prototyping we used a MySQL database without thinking too much about performance. With a mere 2,000 pixels we quickly realised this wasn’t even usable as a demo. Changing the storage engine to memory was much better but still obviously unu...

   C,Data store,Efficiency,Performance     2012-03-07 05:09:38

  HTML5 Video and DRM

Many people call HTML5 an Adobe Flash replacement and I agree. Adobe already discontinued Flash on mobile devices. So HTML5 Video is a must for video on mobile phones and tablets. On the desktop Flash Video players are used more than HTML5 Video players but HTML5 video will work with a current web browser on a site that supports HTML5 video. Commercial video sites like YouTube will play partnered content in Flash even if you turned on HTML5 video at http://www.youtub...

   HTML5 Video,Flash,DRM,Comparison     2012-02-05 07:18:23

  Java 9 release is delayed again

The original Java 9 planned release date is March 2017. But latest source shows that Java 9 release will be delayed again to July 2017. It's four months later than the planned date. Oracle Chief Architect of Java Platform group Mark Reinhold proposes this new release date in a message sent on the OpenJDK mailing list.  Despite this progress, at this point it's clear that Jigsaw needs more time. We recently received critical feedback that motivated a redesign of the module ...

   JAVA,RELEASE DATE,JAVA 9,JAVA 9 DELAY     2016-09-26 12:22:53

  Using JavaScript to operate clipboard

Browsers allow JavaScript to read and write data on clipboard. Generally script should not modify user's clipboard to avoid impacting user expectation, but there are cases where this can indeed bring convenience to users. For example, for some code snippet, user can copy it to clipboard with one click instead of select and copy manually. There are three options for clipboard operation provided in JavaScript/browser: document.execCommand() Asynchronous Clipboard API copy and paste events This p...

   JAVASCRIPT,CLIPBOARD,NAVIGATOR.CLIPBOARD     2021-01-23 23:23:34

  Subdomain Configuration

Subdomain ConfigurationA subdomain configuration is very similar to a domain name configuration. The only difference is that the subdomain entry is tied to the corresponding domain name lookup. A request for the subdomain (e.g. http://content.websitegear.com) will be routed to a DNS server containing the DNS information for the parent domain (websitegear.com). Once the DNS record for the subdomain is resolved to a particular IP address, the request is sent to the web server listening on that IP ...

   Domain,Subdomain,Configuration,Setup     2011-10-09 09:23:16

  10 happiest tech companies in 2013

According to Tencent Tech, CareerBliss released a list of happiest tech company in America in 2013. Intuit is the happiest tech company in America in 2013. While Google which is widely considered as a best company to work for only ranks 4th place. Let's take a look at the top 10 happiest tech companies. 1. Intuit Happiness index : 4.27 Average salary: $77000 Don't think it's boring to work in a company which focus on software development, in contrast it's very interesting to work in Intuit. Bec...

   CareerBliss,Happiest tech company     2013-04-18 12:33:43

  JavaScript Attack/Defend

As developers and designers we work hard to build visually attractive, fast and easy to maintain applications. Our goals are to make sure the applications we build stick to users and keep them coming back for more. Security is not always at the forefront of our minds. No one intentionally builds insecure software but often a lack of security knowledge leads developers to build vulnerabilities into their applications. In this article we are going to examine two web security attacks, how they are ...

   JavaScript,Attack,Defend,Security,Cross site     2011-10-13 13:09:11

RECENT