DOT NET is one of the key products that enable application development under the new vision. However, DOT NET is not quite backward compatible with prior versions like visual basic version 6. This makes migration a serious issue. Converting existing source code to DOT NET architecture is not just a matter of loading it to the new version. DOT NET has its built-in migration tool, which performs the vital task of converting the source code syntax. But that’s just half of the work done. But before the converted code is actually compiled, the developer needs to enable it to smoothly fix lot of issues to fit into DOT NET architecture. In present efforts to find out solutions to these migration issues, a re-engineering Migration Model for Legacy Source Code (MMLC) has been proposed in this study. Proposed model has been further validated using a in-house project at one of the leading software development organisation. It is envisaged from the experimental try-out that the model would help the developer community to easily convert their legacy source code to DOT NET framework.
Read the rest of this entry »

• 0 Comments

Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »

• 0 Comments

With the rise of model-driven development, model repositories are intended to facilitate research in model engineering and consequently in domain-specific modeling. Model repositories are central places where all kinds of modeling artifacts (e.g., meta-metamodels, metamodels, models, and possibly transformation models) are stored and coordinated. They can serve as a platform for making available the specification of metamodels to others (typically necessary for domain-specific modeling languages) and for exchanging models, as well as a resource for teaching/learning materials.
Read the rest of this entry »

• 0 Comments

The term CAD is an abbreviation of Computer Aided Design and refers to the use of a wide range of computer-based tools used by engineers, architects and other design specialists. Computer Aided Design involves both software applications, ranging from 2-dimensional vector-based drafting tools through to highly sophisticated 3D modelling systems, and specialist hardware tools including ‘wide-format’ print systems.
Read the rest of this entry »

• 0 Comments

An attacker’s location in the application space and/or the network will largely define how they would approach breaking into a SQL Server 2000 machine from a remote location. If their attacks go through SQL Injection via a web server then their ‘cursus incursi’ will be considerably different from those when direct access can be gained to the SQL Server. Consequently, this paper will be split into four main sections. The first section will cover attacks that do not require the attacker to have a user ID and password for the SQL Server, that is, the attacks are unauthenticated. The second section will cover those attacks that do require authentication; to succeed the user must be logged onto the SQL Server. The third section will consider those attacks that can be launched from a compromised server.
Read the rest of this entry »

• 0 Comments

Since 1979, the U.S. Army Research Laboratory* has been developing and distributing the Ballistic Research Laboratory - Computer-Aided Design (BRL-CAD) three-dimensional (3-D) solid modeling package to support combat vehicle vulnerability studies and various other military and industrial applications. The software, which is now in its third generation, includes a large collection of tools and utilities, including an interactive geometry editor, raytracing and generic framebuffer libraries, network-distributed image-processing/signal-processing capabilities, and an embedded scripting language.
Read the rest of this entry »

• 0 Comments

Basics Bluetooth Security Attacks via Bluetooth - Introduction BlueSnarf BlueSnarf++ BlueBug BlueJacking HeloMoto BlueSmack Cracking the Bluetooth PIN Conclusion Bluetooth Basics Originally invented 1994 by Ericsson Technology for connections of short range devices Bluetooth operates within license-free ISM band (2.4 – 2.48 GHz) To prevent interferences: frequency hopping base band frequency switched 1600 times / s ISM band devided into 79 freq. levels, 1 MHz distance Connect two devices: pairing Piconet
Read the rest of this entry »

• 0 Comments

The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to opensource gcc-enhancements. A comprehensive testsuite was developed consisting of speci?cally-designed test cases and model programs containing real-world vulnerabilities.
Read the rest of this entry »

• 0 Comments