Developing a web applications is often articulated as easy and a good thing for new programmers to start with. Many books and tutorials have been written on the subject, and many frameworks and programming languages have been built to facilitate quick construction of web applications. Just one thing bothers me about this, many of the books and tutorials ignore many of the security issues that are related to building web applications. This fact might explain why we do have such a huge number of insecure and vulnerable web applications around on the net.

Anyway, it is not just bad – a number of initiatives have been formed to communicate the need for security and web-based applications. One of these initiatives is OWASP, which is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

OWASP’s most successful documents include the book-length OWASP Guide and the widely adopted OWASP Top 10 awareness document. The most widely used OWASP tools include their training environment WebGoat, their penetration testing proxy WebScarab, and their OWASP .NET tools. OWASP includes roughly 100 local chapters around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec series of conferences to further build the application security community.

Hopefully initiatives like OWASP will provide up-coming web developers with a awareness of the security issues related to development of web application and enable them to avoid the classic pitfalls in web application security. At least so far I have learned a lot from OWASP articles and guides.

Related posts:

1. Google Gives Away Web App Security Tool
2. PHP Source Code Security Audit Tool
3. 68 Linux Related Free E-books
4. Voices That Matter: GWT – Security
5. Test your environment’s security with BackTrack
6. Popular Photoshop Tutorials
7. Firefox Flash Interaction Bug: I Cannot Click In Flash Application e.g. Youtube
8. Top 15 Free SQL Injection Scanners
9. Howto Install Ruby and Ruby on Rails on Debian Etch 4.0
10. soapUI: Easy Webservice Invocation and Testing Application

During the last couple of weekends I have experimented with Google Web Toolkit (GWT). I have tried to build a number of small simple web interfaces and I have experimented with a number of IDEs for development of GWT.

I’m currently still experimenting, but I’ll write a post on my experiences later on.

Related posts:

1. Google Gives Away Web App Security Tool
2. GWT 1.4.62 and GWT 1.5.0 Documentation
3. Dalvik: How Google routed around Sun’s IP-based licensing restrictions on Java ME
4. Google Cube
5. Google Gmail on your own domain
6. GWT, Usability and User Experience
7. Google’s new operating system: Chrome OS boots at 7 seconds
8. Google Maps with Danish street names
9. Google Calendar – just plain sailing
10. Google Talk Conference Call

Video of “Usability with Kelly Norton” from Pearson Education’s Voices That Matter: Google Web Toolkit conference.

Related posts:

1. Voices That Matter: GWT – Security
2. Why Free Software has poor usability, and how to improve it
3. Usability in a learning theory perspective
4. Google Talk Conference Call
5. GWT 1.4.62 and GWT 1.5.0 Documentation
6. Experimenting with Google Web Toolkit (GWT)
7. Novell and OpenSUSE are getting serious on usability
8. Garmin Mobile XT on N5800 – Europe Map 2010.1
9. Garmin Mobile XT 5 on Nokia N95
10. Gnome System Monitor User Interface Rework

Apache Tomcat is a very common application server in java-based solutions and it is able to run on every platform supported by Sun Java. But which platform delivers most performance and stability; Microsoft Windows or Linux. According to this performance study part 2, Linux significantly outperforms Microsoft Windows.

Executive summary
The plots speak for them self.

Tomcat Throughput Performance – Linux vs. Windows

Tomcat CPU Utilization – Linux vs. Windows

Tomcat Errors / second – Linux vs. Windows

Related posts:

1. Windows Developers Begin Slow Defection to Linux
2. Linux Terminal Speed Performance Comparison
3. Seamless Windows Applications on Ubuntu Linux Using VirtualBox
4. Browse Faster Using a Local DNS Cache
5. Dalvik: How Google routed around Sun’s IP-based licensing restrictions on Java ME
6. Linux Job Market Trends: Galloping Forward
7. MySQL Optimization and Performance Tips
8. X11 for Windows XP and Vista
9. Howto Install Sun Java on Debian Etch
10. Safari on Linux

Security in applications and security in web applications has come into prominence. One way to enhance security is by reviewing the code with a security auditing tool, which is a new open source tool to do static analysis of php code for security exploits.

Download the Spike PHP Security Audit Tool here.

Howto use the Spike PHP Security Audit Tool

Unzip and install

unzip spike_phpSecAudit.zip


Execute the run.php, passing the file name or directory to audit. Note that the –src option is mandatory.

php /path/to/spike_phpSecAudit/run.php --src test_file.php


or


php /path/to/spike_phpSecAudit/run.php --src dir_name


Get Help

php run.php --help


Related posts:

1. Google Gives Away Web App Security Tool
2. Card Security Code (CSC) and Card Verification Value (CVV)
3. Awareness: Web Application Security
4. Test your environment’s security with BackTrack
5. Syntax Highlight Code in Wordpress Posts
6. Howto Install Ruby and Ruby on Rails on Debian Etch 4.0
7. Hack Wireless WEP Network
8. .htaccess Generator
9. Voices That Matter: GWT – Security
10. Ubuntu Howto: Install Ruby and Ruby on Rails


import org.eclipse.swt.*;
import org.eclipse.swt.ole.win32.*;
import org.eclipse.swt.widgets.*;

");
invoke(mail,"Display" /* or "Send" */ );
outlook.dispose();
shell.dispose();
display.dispose();
}
// These helper methods facilitate writing the OLE apps
private static Variant invoke(OleAutomation auto, String command) {
return auto.invoke(property(auto,command));
}
private static Variant invoke(OleAutomation auto, String command, String value) {
return auto.invoke(property(auto,command),
new Variant[] { new Variant(value)});
}
private static Variant invoke(OleAutomation auto, String command, int value) {
return auto.invoke(property(auto,command),
new Variant[] { new Variant(value)});
}
private static boolean setProperty(OleAutomation auto, String name, String value) {
return auto.setProperty(property(auto,name), new Variant(value));
}
private static boolean setProperty(OleAutomation auto, String name, int value) {
return auto.setProperty(property(auto,name), new Variant(value));
}
private static int property(OleAutomation auto, String name) {
return auto.getIDsOfNames(new String[] { name })[0];
}
}


Related posts:

1. Top Eclipse Plugins
2. Avoid Spam in Input Forms
3. Top 10 Eclipse Hotkeys
4. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
5. Java and C# Client Server Socket Programming
6. SSL: Verifying that a Certificate matches a Private Key
7. MySQL Concatenate: Adding String At The End Of Field Data
8. Rethinking the GUI (Graphical User Interface) and the CLI (Command Line Interface)
9. Blog Comment Spam and Wordpress Anti-Spam Plugins
10. JavaScript Syntax Validator

According to itmanagement.earthweb.com the numbers, clearly, point to a major industry trend.

Take a look: Dice, the tech jobs site, reports that it had 9,631 Linux job listings in August. While this is a big number, what’s truly eye-catching is the percentage growth since January: Linux job listing are up a robust 30 percent – three times the increase of overall tech job listings. (Since January, Dice job listings have grown by 10.2 percent, to a total of 96,548 tech jobs.)

To be sure, Linux jobs continue to trail the mighty Windows, which had 16,895 listings. Linux also falls behind Unix – still healthy after all these years – which boasted 14,954 listings. (The AIX flavor of Unix had 2,302 jobs, and Solaris posted 4,055.)

Related posts:

1. Tomcat Performance: Linux faster than Windows
2. Windows Developers Begin Slow Defection to Linux
3. Safari on Linux
4. an ex-microsoft employee’s view on Linux and the open source community
5. How to mount bin / cue image files in Linux
6. Seamless Windows Applications on Ubuntu Linux Using VirtualBox
7. 68 Linux Related Free E-books
8. What is the coolest thing you can do using Linux that you can’t do with Windows or on a Mac?
9. Linux versus Windows: OS impact on uptime and speed
10. How package management changed everything

soapUI is a desktop application for inspecting, invoking, mocking and functional/load/compliance testing of web services over SOAP/HTTP. It is mainly aimed at developers/testers providing and/or consuming web services no matter implementation language (java, .net, php, etc).

Related posts:

1. Dalvik: How Google routed around Sun’s IP-based licensing restrictions on Java ME
2. Java default keystore password – cacerts
3. Online WSDL Validator and Invocation Tester
4. Top Eclipse Plugins
5. Describe REST Web services with WSDL 2.0
6. Awareness: Web Application Security
7. Howto Install Sun Java on Debian Etch
8. Ubuntu Howto: Install Sun Java
9. Tomcat Performance: Linux faster than Windows
10. Howto PHP / Java bridge on Debian