Tuesday, 9 September 2014

avoid vulnerability on websites, try tools below

Site vulnerabilities result that requires immediate attention and corrections are categorized into 4 types:

 Manual – Vulnerabilities found during a manual review, which cannot be detected by scanners. Common vulnerabilities of this type include Stored Cross-Site Scripting (XSS), Broken Access Control, Broken Authentication and Session Management, Logical security flaws, Personal Identifiable Information (PII) disclosure such as Possible Username or password disclosure, Directory Path disclosures such as Error page path disclosure, or ASP.NET debugging enabled.

 High - Vulnerabilities categorized as the most dangerous, which put a site at maximum risk for hacking and data theft such as SQL Injection, Cross-Site Scripting (XSS).

 Medium - Vulnerabilities caused by server misconfiguration and site-coding flaws, which facilitate server disruption and intrusion such as Unencrypted ViewState, Directory Listing, Open Redirection, and Source Code disclosure.

 Low – Vulnerabilities that are locally exploitable do not result in a permanent compromise of the attacked websites, such as TRACE method is enabled, Cookie without HttpOnly flag set, Farmable response (potential Click jacking).

 Informational - Vulnerabilities that disclose information, which facilitates severe attacks, such as  E-mail Address Disclosure, Private IP Address Disclosure, and Robots.txt File.
Acunetix Web Vulnerability Scanners :

  • https://www.acunetix.com/
  • http://www.telerik.com/fiddler
Posted by at No comments:

Tuesday, 28 August 2012

Status Codes in http

  • HTTP/1.1 100 Continue
  • HTTP/1.1 101 Switching Protocols
  • HTTP/1.1 200 OK
  • HTTP/1.1 201 Created
  • HTTP/1.1 202 Accepted
  • HTTP/1.1 203 Non-Authoritative Information
  • HTTP/1.1 204 No Content
  • HTTP/1.1 205 Reset Content
  • HTTP/1.1 206 Partial Content
  • HTTP/1.1 300 Multiple Choices
  • HTTP/1.1 301 Moved Permanently
  • HTTP/1.1 302 Found
  • HTTP/1.1 303 See Other
  • HTTP/1.1 304 Not Modified
  • HTTP/1.1 305 Use Proxy
  • HTTP/1.1 307 Temporary Redirect
  • HTTP/1.1 400 Bad Request
  • HTTP/1.1 401 Unauthorized
  • HTTP/1.1 402 Payment Required
  • HTTP/1.1 403 Forbidden
  • HTTP/1.1 404 Not Found
  • HTTP/1.1 405 Method Not Allowed
  • HTTP/1.1 406 Not Acceptable
  • HTTP/1.1 407 Proxy Authentication Required
  • HTTP/1.1 408 Request Time-out
  • HTTP/1.1 409 Conflict
  • HTTP/1.1 410 Gone
  • HTTP/1.1 411 Length Required
  • HTTP/1.1 412 Precondition Failed
  • HTTP/1.1 413 Request Entity Too Large
  • HTTP/1.1 414 Request-URI Too Large
  • HTTP/1.1 415 Unsupported Media Type
  • HTTP/1.1 416 Requested range not satisfiable
  • HTTP/1.1 417 Expectation Failed
  • HTTP/1.1 500 Internal Server Error
  • HTTP/1.1 501 Not Implemented
  • HTTP/1.1 502 Bad Gateway
  • HTTP/1.1 503 Service Unavailable
  • HTTP/1.1 504 Gateway Time-out"
Eg :
a php based status code usage for http redirect so that google does not show a page in in search result.
Add below code at the top of page, so when google crawler sees this it would remove the page from its database.
header("HTTP/1.1 403 Forbidden");
Posted by at No comments:
Labels:

Monday, 30 July 2012

What is Cloud compting ?

Imagine your PC and all of your mobile devices being in sync—all the time. Imagine being able to access all of your personal data at any given moment. Imagine having the ability to organize and mine data from any online source. Imagine being able to share that data—photos, movies, contacts, e-mail, documents, etc.—with your friends, family, and coworkers in an instant. This is what personal cloud computing promises to deliver.

Whether you realize it or not, you're probably already using cloud-based services. Pretty much everyone with a computer has been. Gmail and Google Docs are two prime examples; we just don't think of those services in those terms.

Worlds first social streaming media player :



Some useful links :

personal cloud computing, IAAS cloud, SAAS cloud, PAAS cloud,
Posted by at 1 comment:
Labels:

Thursday, 26 July 2012

Case Study : Twitter API

Posted by at No comments:
Labels: , ,

Monday, 6 February 2012

api to send mail with click stats and opened mail.

I was struggling out with godaddy, trying to figure out how to send mail, cos every time i tried it gave some or other restriction error.

After spending hours in searching for issue, figured out an alternative "Jango Mail". jango mail is a php webservice to send mail to users. and U can track on clicks and no of mails opened.

You need to signup for jango mail : https://www.jangosmtp.com
and use the username and password while api calling.

Sample code is as below :
<?php

$fromname         = "Karan";
$fromaddress     = "karan.xxx@sample.com";
$toaddress         = 'karan.xxx@sample.com';
$message           = " data here , html or plain text";
$client = new SoapClient("https://api.jangomail.com/api.asmx?WSDL");
$parameters = array
(
    "Username" => (string) "username here",
    "Password" => (string) "password here",
    "FromEmail" => (string) $fromaddress,
    "FromName" => (string) $fromname,
    "ToEmailAddress" => (string) $toaddress,
    "Subject" => (string) $subject,
    "MessagePlain" => (string) $message,
    "MessageHTML" => (string) $message,
    "Options" => (string) "OpenTrack=True,ClickTrack=True"
);

try
{
$response = $client->SendTransactionalEmail($parameters);
echo "Message(s) sent!";
}
catch(SoapFault $e)
{
echo $client->__getLastRequest();
}
?>

Posted by at No comments:
Labels: , , ,

Tuesday, 3 January 2012

Internet Radio

We had an event called "Design Sprint" for which we need to set up internet radio for our site, after hours of time spent, fixed mind with "red 5", though there were many other options for internet radio like "icecast","sound cast".

But as we had already set up live streaming using red 5, went with red 5 to set up an internet radio, as well,
To set up internet radio, protocol : Real Time Messaging Protocol is being used (RTMP) was used by us, and believe most of the live streaming use this protocol 'RTMP'.

We needed player for it to play in the browser using "red 5",
so we used long tail video player, and as an addition a plugin - "audiolivestream-1" was used by us,
Below is the code to set up the internet radio front player :

<script type="text/javascript" src="http://www.experiencecommerce.com/audio/jwplayer.js"></script>
<section class="embedWidget" style="padding-left:13px;">
        <h2>Oldies : EC Hammer </h2>
        <div id="mediaplayer" ></div>
</section>
<script type="text/javascript">
  jwplayer("mediaplayer").setup({
    "flashplayer": "http://www.experiencecommerce.com/audio/player.swf",
    "id": "playerID",
    "width": "300",
    "height": "35",
    "file": "stream1325084690928",
    "streamer": "rtmp://postalz.com/oflaDemo",
    "controlbar": "none",
    "autostart": "true",
    "screencolor": "0099FF",
    "plugins": {
       "audiolivestream-1": {
                format: "Playing: %track",
                buffer: "Buffering: %perc%",
                backgroundCss: "gradient",
                trackCss: "color: #fff; font-size: 11px;"      
       }
    }
  });
</script>






Posted by at No comments:
Labels: , ,

Wednesday, 30 November 2011

Open Source Php Forums

After googling for open source forums in php, Thought of finalizing with punBB
Phpbb is also nice but comlicated with highly featured, where as punbb is realy simple with less templates to be edited for customization.

Below link shows the comparison of punbb and phpbb :
http://www.forum-software.org/forum-comparator/phpbb3-vs-punbb

if u feel like installing punbb plugins u can easily find  it here :
http://punbb.informer.com/extensions/


Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)