Security Issues on Sessions and Cookies

The following are the four issues to watch for on Sessions and Cookies

1. Cookie Theft
2. Exposed Session Data
3. Session Fixation
4. Session Hijacking

Posted in Software Security

Security Issues on Database and SQL

The following are the three issues to watch for on Database and SQL

1. Exposed Access Credentials
2. SQL Injection
3. Exposed Data

Posted in Software Security

Security Issues on Forms and URLs

The following are the seven issues to watch for on Forms and URLs

1. Forms and Data
2. Semantic URL Attacks
3. File Upload Attacks
4. Cross-Site Scripting
5. Cross-Site Request Forgeries
6. Spoofed Form Submission
7. Spoofed HTTP Request

Posted in Software Security

Seven Areas that Needs Security

The following is the seven areas that needs to be secured in a web application

1. Forms and URLs
2. Database and SQL
3. Session and Cookies
4. Includes
5. Files and Commands
6. Authentication and Authorization
7. Shared Hosting

Posted in Software Security

Team Skills for Effective Requirements Management

1. Analyzing the Problem, gain a proper understanding of the problem that a new software system is intended to solve.
2. Understanding User and Stakeholder Needs, elicit requirements from the system users and stakeholders and ability to understand the real needs that the system must address.
3. Defining the System, converts an understanding of the problem and the users’ needs to the initial definition of a system that will address those needs.
4. Managing Scope, managing the scope of the project and  to negotiate an acceptable deliverable before success can be achieved.
5. Refining the System Definition, organize the requirements information and elaborate on the system definition, or refine it to a level suitable to drive design and implementation, so that the entire extended team knows exactly what kind of system it is building.
6. Building the Right System, design assurance, testing, and change management, and  traceability used to help ensure a quality outcome.

Posted in Requirements

Three Software Application Categories

If there are three kinds of customers, then I also have a list of three categories in Software Applications. They are the following:

Information systems and other applications developed for use within a company (such as the payroll system being used to calculate the take-home pay for our next paycheck). This category is the basis for the information system/information technology industry, or IS/IT.

Software developed and sold as commercial products (such as the word processor). Companies developing this type of software are often referred to as independent software vendors, or ISVs.

Software that runs on computers embedded in other devices, machines, or complex systems (such as those contained in the airplane we are writing this in; the cell phones we just used to call our spouses; the automobile we’ll use to get to our eventual destination). We’ll call this type of software embedded-systems applications, or embedded applications.

Posted in Requirements

Three Customers

For some of us, the customer is an external entity, purchase order in hand, whom we must convince to disregard our competitor’s claims and to buy our shrink-wrapped software product because it’s easier to use, has more functionality, and, in the final analysis, is just better.

For others of us, the customer is a company that has hired us to develop its software, based on expectations that the software developed will be of the highest quality achievable given today’s state of the art and will transform the company into a more competitive, more profitable organization in the marketplace.

For others of us, the customer is sitting down the hall or downstairs or across the country, waiting anxiously for that new application to enter sales orders more efficiently or to use e-commerce for selling the company’s goods and services so that the company we both work for will ultimately be more profitable and our jobs more rewarding and just more fun.

Posted in Requirements

Behavioral Patterns of the GoF

1. Chain of Responsibility - Avoid coupling the sender of a request to its receiver by giving more than one object a chance to handle the request. Chain the receiving objects and pass the request along the chain until an object handles it.
2. Command - Encapsulate a request as an object, thereby letting you parameterize clients with different requests, queue or log requests, and support undoable operations.
3. Interpreter - Given a language, define a represention for its grammar along with an interpreter that uses the representation to interpret sentences in the language.
4. Iterator - Provide a way to access the elements of an aggregate object sequentially without exposing its underlying representation.
5. Mediator - Define an object that encapsulates how a set of objects interact. Mediator promotes loose coupling by keeping objects from referring to each other explicitly, and it lets you vary their interaction independently.
6. Memento - Without violating encapsulation, capture and externalize an object’s internal state so that the object can be restored to this state later.
7. Observer - Define a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically.
8. State - Allow an object to alter its behavior when its internal state changes. The object will appear to change its class.
9. Strategy - Define a family of algorithms, encapsulate each one, and make them interchangeable. Strategy lets the algorithm vary independently from clients that use it.
10. Template Method - Define the skeleton of an algorithm in an operation, deferring some steps to subclasses. Template Method lets subclasses redefine certain steps of an algorithm without changing the algorithm’s structure.
11. Visitor - Represent an operation to be performed on the elements of an object structure. Visitor lets you define a new operation without changing the classes of the elements on which it operates.

Posted in Design & Programming

Structural Patterns of the GoF

1. Adapter - Convert the interface of a class into another interface clients expect. Adapter lets classes work together that couldn’t otherwise because of incompatible interfaces.
2. Bridge - Decouple an abstraction from its implementation so that the two can vary independently.
3. Composite - Compose objects into tree structures to represent part-whole hierarchies. Composite lets clients treat individual objects and compositions of objects uniformly.
4. Decorator - Attach additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for extending functionality.
5. Facade - Provide a unified interface to a set of interfaces in a subsystem. Facade defines a higher-level interface that makes the subsystem easier to use.
6. Flyweight - Use sharing to support large numbers of fine-grained objects efficiently.
7. Proxy - Provide a surrogate or placeholder for another object to control access to it.

Posted in Design & Programming

Creational Patterns of the GoF

1. Abstract Factory - Provide an interface for creating families of related or dependent objects without specifying their concrete classes.
2. Builder - Separate the construction of a complex object from its representation so that the same construction process can create different representations.
3. Factory Method - Define an interface for creating an object, but let subclasses decide which class to instantiate. Factory Method lets a class defer instantiation to subclasses.
4. Prototype - Specify the kinds of objects to create using a prototypical instance, and create new objects by copying this prototype.
5. Singleton - Ensure a class only has one instance, and provide a global point of access to it.

Posted in Design & Programming