Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »

• 0 Comments

This paper briefly describes several common classes of coding error generally encountered when auditing web applications running on the Active Server Pages (ASP) platform. The paper is broken down into three broad sections, each of which addresses several common coding problems. The following is a list of the common errors that are discussed in this document, divided into three broad categories. The remainder of the document deals with each of these problems in turn. Any ASP code samples assume that the default language is VBScript, but all of the points apply equally to JavaScript. Equally, all occurrences of the SQL language assume that Microsoft SQL Server is being used as the back – end database.
Read the rest of this entry »

• 0 Comments

RealObjects PDFreactor is a powerful formatting processor that enables server-side PDF creation from XML and XHTML/HTML documents using Cascading Style Sheets (CSS) to define page layout and styles. You can dynamically generate PDF documents such as reports, invoices, statements and others on-the-fly. Since PDFreactor runs on your server, the end-user does not need any software other than a Web browser with a free PDF viewer.
Read the rest of this entry »

• 0 Comments

A number of new geospatial viewing tools from major players in the Internet industry have recently appeared on the scene and are taking the geospatial world by storm. Google,Yahoo, Microsoft, and Amazon have all released web-based mapping tools in the recent past, and collectively these new players to the industry have raised the bar for Internet mapping. Although their functional capabilities don’t provide anything we haven’t seen in web offerings from traditional GIS vendors, their emergence has been significant in that they have managed to capture a wider audience. Google, in particular, has emerged as the leader of this pack with it’s recently released Google Maps product which provides a slick, highly responsive visual interface built using AJAX technologies along with detailed street and aerial imagery data, and an open API allowing customization of the map output including the ability to add application specific data to the map.
Read the rest of this entry »

• 0 Comments

Many developers have learned to use PHP over the years because it’s a good solution for creat- ing Web pages and the price is right. The PHP acronym is like many other new acronyms for the Internet—the acronym is recursive (refers back to itself). PHP stands for PHP Hypertext Processor. This general-purpose HTML scripting language works much like ASP (see Chapter 6) or other page description languages you might have used. Essentially, you mix HTML with scripting information. When the PHP process sees HTML, it sends the text directly to the user. It processes any scripting information, and passes the resulting HTML to the user as well.
Read the rest of this entry »

• 0 Comments

In order to avoid any headaches while going through the case studies in this book, it’s best to install the necessary software and configure your environment the right way from the start. Although we assume you already have some experience developing PHP applications, we’ll quickly go through the steps to install your machine with the necessary software.
Read the rest of this entry »

• 0 Comments

This article shows you how a Java™ 2 Platform, Enterprise Edition (J2EE) application was enhanced with an Ajax-style architecture by using the IBM® WebSphere® Application Server Feature Pack for Web 2.0. Learn how to combine Ajax-style architectures with an existing application without having to rewrite the entire Web application. You’ll also discover some ideas on how to apply the Web 2.0 Feature Pack to your own J2EE applications for IBM WebSphere Application Server. The “Plants by WebSphere” application is among a number of samples that are provided with the IBM WebSphere Application Server Feature Pack for Web 2.0.
Read the rest of this entry »

• 0 Comments

Everybody who wants to install a web server database but does not know which software is necessary and how it is installed should benefit from reading this text. This text provides all information necessary to get a SQL database for a web server going; it does not go into any detail of CGI programming, nor does it explain the SQL database language. Excellent books are available on both topics, and it is the intention of this text to provide a working platform based on which a user can then study CGI programming and SQL. For getting a small scale SQL system running (not the notorious example of a major airline booking system, or space mission management database) it will be sufficient to have the software described in this text and the documentation accompanying it. The user manual of msql (a database introduced in this text) provides sufficient information on SQL for building your own database.
Read the rest of this entry »

• 0 Comments