Investigating uPNP with Python for fun and profit
Investigating uPNP with python for fun and profit. SSDP is an interesting uPNP protocol - devices advertise their capabilities on the network and leak valuable information. SSDP is very similar…
Scrum Alliance Certified Scrum Master
I've been training over the last 4 weeks for my Scrum Alliance Certified Scrum Master Certification. I took an online course, which was delivered over zoom in real time (as…
Defending Against Injection Attacks Through Context-Sensitive String Evaluation
300 word summary: What is the paper about? Defending Against Injection Attacks Through Context-Sensitive String Evaluation introduces CSSE - Context-Sensitive String Evaluation - a way to detect sqlI in php at…
Introduction to APIs
What is an API (Introduction to APIs) Carrying on from my previous posts on SOA here and here I thought it may be useful to write a post on what…
AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks
300 word summary: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. Provides a valuable background section on the countermeasures for SQL injection attacks: Defensive ProgrammingGeneral Techniques against SQLiStatic Analysis techniques…
Evaluation of SQL injection testing tools and techniques
My MSc Thesis in 2016 was titled Evaluation of SQL injection testing tools and techniques. I had a quick look through all my old uni work looking for content to…
sql injection attack types – a list of sqli types and papers
My research notes about the different types of sqli - sql injection attack types; inband (eg reading errors from the screen) out-of-band (getting information from a different channel eg from…
Securing Web Application Code by Static Analysis and Runtime Protection
What is the paper about? a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection Who is the intended audience? researchers Is title/abstract…
A Classification of SQL Injection Attacks and Countermeasures
This paper (A Classification of SQL Injection Attacks and Countermeasures) has an excellent section on Injection mechanisms - the way that sql code is modified to actually perform the injection…
image courtesy of https://www.flickr.com/photos/christiaancolen/20607701226
OS Detection Techniques
Os Detection Techniques and OS fingerprinting Os Detection Techniques - Background information This is a list of Os Detection Techniques, with explanations for all the active and passive Os Detection…
service-oriented architecture and frameworks – SOA frameworks
service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be…
MSc Thesis
Ive completed my MSc Thesis! I was awarded a grade A (81%) and an MSc with distinction :D The abstract from my thesis is below: SQL injection vulnerabilities remain one…
What is an sql injection attack
What is an sql injection attack? All websites process data entered by users. An input-validation attack is when unexpected user input is processed by a web server or database and…
4 Layers in an SOA
4 Layers in an SOA There are 4 layers in an SOA: Business Processes Business Services Integration Services Enterprise Resources Enterprise Resources existing applications COTS systems (consumer, off the shelf)…
4 types of service in an SOA system
4 types of service in an SOA system. Business services Domain services Integration services Foundation / Utility services Business Services Provide high-level functionality Provides abstraction of the interface Provides integration of…
Challenges of SOA / Comparison of SOA and traditional apps
Challenges of SOA / Comparison of SOA and traditional apps Traditional enterprise applications present themselves as islands of data, automation and security. Integration is needed because of the nature of…
Characteristics of SOA Services
Characteristics of SOA services Granularity Size / Scope of service Encapsulation Separation of interface form implementation Modularity Business processes can be decomposed into services which can be decomposed into smaller…
Roles in SOA and their responsibilities
There are 4 roles in SOA: Architecture team Business analysts Management / executive team Technical team (design / development) Roles in SOA - Technical team (design / development) Answers…
M-business Security Threats
M-business Security Threats: Device as an attack vector with mobile devices widespread they are commonly being used as attack vectors Virii While not many viruses exist for mobile devices themselves,…
Oracle process overview
Oracle process overview. There are 3 types of oracle processes: USER processes SERVER processes BACKGROUND processes User connected to a user application (eg sql*plus) controls the application associated with an…
Oracle forms overview
Oracle forms overview. Oracle internet platform consists of 3 components: oracle application server (forms service + OC4J) oracle developer suite (forms developer + object navigator + form module) oracle database…
Oracle procedure with cursor
This is a basic oracle procedure with cursor: DECLARE CURSOR my_cursor IS SELECT * FROM table_a LEFT JOIN table_b ON a.x = b.x BEGIN FOR things IN my_cursor LOOP --…
Oracle instead of triggers
Oracle instead of triggers, and why you need them: You cant update a view if it contains:group byorder byanalytical /aggregate functionssubqueriesjoins You then need an 'instead of' trigger CREATE TRIGGER…
Oracle logical structures
Oracle logical structures Oracle logical structures can be summarised by the following: Schema. Tablespace. Datablock. Redo log. Schema collection of objects (table, view, etc) owned by db user name is…
Oracle control file
Oracle control file: binary file start of instance, file is checked database has 1 control file each modifiable only by oracle editing prohibited, even by DBA Keeps track of: datafile…
The build process for multiloquent theme
Since I released my first public wordpress theme (I have made lots of themes over the years, but have never released any as open-source) I decided I would share the…
Investment appraisal evaluation
Investment appraisal evaluation SCOTLAB TC COP Savings Achieved Cost of investment Opportunity cost Time-value of money Life of investment Available finance Benefits of investment Timing of income Compound Interest using…
Evaluation of FPA
Evaluation of FPA (Function Point Analysis) Language independant Derived from Specification Re-Usable code / Object Oriented Business software is best suited Training required Innovative code with fewer LOC is not…
XP extreme programming
Here are my bullet points for XP extreme programming: [DeLeRIuM Pair] Design Later Reuse / Refactor / OO Integrate continually Minimal system first, expand later Pair Programming [5 'Donts'] Don't…
Waterfall method
I'm studying a Masters Degree in 'Advanced Computer Systems Design'. I have an upcoming exam in project management. One of the areas I'm studying is SDLC [software development life-cycles]. This…
Subnetting class C networks
Subnetting class C networks Benefits of Subnetting: Reduced Network Traffic Optimised Network Performance - as a result of reduced traffic Simplified management Facilitated spanning of large geographical distances How…