OWASP 2017 Update

After the long-winding road of discussion and deliberation, revision, disagreements and adjustments, the Open Web Application Security Project (OWASP) are updating their venerable Top 10 list of the most critical web application security risks since 2013. This update brings with it three new entries to the list, based on data OWASP collected and analyzed. Here’s all you need to know about OWASP Top 10 2017.

OWASP_Top_10-2017_(en).pdf

Continue reading “OWASP 2017 Update”

Advertisements

Ten Commandments for Stress Free Programming

  1. Thou shalt not worry about bugs.Bugs in your software are actually special features.
  2. Thou shalt not fix abort conditions.Your user has a better chance of winning state lottery than getting the same abort again.
  3. Thou shalt not handle errors.Error handing was meant for error prone people, neither you or your users are error prone.
  4. Thou shalt not restrict users.Don’t do any editing, let the user input anything, anywhere, anytime. That is being very user friendly.
  5. Thou shalt not optimize.Your users are very thankful to get the information, they don’t worry about speed and efficiency.
  6. Thou shalt not provide help.If your users can not figure out themselves how to use your software than they are too dumb to deserve the benefits of your software anyway.
  7. Thou shalt not document.Documentation only comes in handy for making future modifications. You made the software perfect the first time, it will never need modifications.
  8. Thou shalt not hurry.Only the cute and the mighty should get the program by deadline.
  9. Thou shalt not revise.Your interpretation of specs was right, you know the users’ requirements better than them.
  10. Thou shalt not share.If other programmers needed some of your code, they should have written it themselves.

Kill Process (sp_who2)

Great article on how to kill blocking processes.

When killing any running SQL Server process, it is the durable part of the ACID test we care most about. The durability criterion requires that when a process is killed without completing, all data changed by any uncompleted transactions must be returned to the state it was in before the transaction started. The process of returning data to its original state is called rollback.

What this means is that when you kill a running process in SQL Server, all the uncommented changes made by this process are going to be undone. In most cases, the rollback process happens very quickly and does not have a major impact. In cases where there are a large number of uncompleted transactions, the rollback process can take some time and have a major impact on the performance of the database during that time.

Chronicle's of a Geek...

Identify SPID
To check which processes are affecting the server performance, run the following command:

This shows all the sessions that are currently in the database. These are shown as SPID’s or server process Id’s. The first 50 records that are returned are are system SPIDs and user processes are SPID numbers after 50. When looking into the performace of the server, these SPIDs are most likely causing the issue.

Kill Process
To kill a process just enter the word kill followed by the SPID:

The field Blkby will identify the SPID that is causing any blocks.

Lock Info
To view more details on the lock process just enter the follwing:

View original post

Free eBook: Fundamentals of Azure

Excellent idea for Azure Developers

Build Azure

The book “Microsoft Azure Essentials: Fundamentals of Azure” has been made available as a Free eBook from Microsoft Press and Microsoft Virtual Academy. This book is written by Michael Collier and Robin Shahan.

The material covered in this book are targeted towards introducing both Developers and IT Professionals to the huge range of features and capabilities within the Microsoft Azure platform.

View original post 69 more words

Generate client side code using Swagger Codegen

Overview

  • Swagger provides a simple, powerful representation for you APIs.
  • After creating an API what you need is a client side code to access the API.
  • Swagger provides an open source product to do that.

Swagger Codegen

  • Swagger codegen is the tool that we are going to use for generating client side code.
  • You can simple download swagger codegen from here.

Building Swagger Codegen

  • After downloading the source code from github, you need to build the product.
  • Since it’s maven project what you need to open the terminal there and build the product using the following command.
                     mvn package

Generating client side code

  • There are plenty of supported languages for swagger and i’ll go with JAVA.
  • Swagger needs YAML or JSON swagger file as the input.( The file that is used to represent the API using swagger.)
  • You can find a lot of sample json files from swagger and I’ll go with petstoreexample.
  • Writing JSON or YAML for swagger is tricky. You need to have clear idea about that. So please refer swagger  specification to get an idea.
  • You can use swagger editor to write your own swagger files using YAML or json.
  • Use the bellow command to generate the java client side code.
java -jar modules/swagger-codegen-cli/target/swagger-codegen-cli.jar generate 
  -i http://petstore.swagger.io/v2/swagger.json 
  -l java 
  -o samples/client/petstore/java

How to use the generated client side code

  • Now all the hard part is done. Simply import the generated client side code into your preferred IDE.
  • You can find a package called io.swagger.client.api and there should be three classes.
  • Using these three classes you can do anything you want.
  • For and example let’s say that you need to update a pet and display his name. You can don that using the following lines.
package io.swagger.test;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import org.w3c.dom.ls.LSException;

import io.swagger.client.ApiException;
import io.swagger.client.api.*;

public class test {

	public static void main(String[] args) throws IOException {
		List status = new ArrayList();
		status.add("sold");
		PetApi pet = new PetApi();

		try {
			pet.updatePetWithForm("1", "nicky", "available");
			System.out.println(pet.getPetById((long) 1).getName());
		} catch (ApiException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}

	}
}

Important

  • If your preferred language is not in the list you can simply create a new module by using the bellow command.

java -jar modules/swagger-codegen-cli/target/swagger-codegen-cli.jar meta -o output/myLibrary -n myClientCodegen -p com.my.company.codegen

  • Read this to get a more clear idea on swagger codegen.