Tuesday, March 14, 2017

Study Less, Study Smart

If you spend hours and hours of studying, without improving your grades, or information retention, then learn how to study smart by Marty Lobdell. Lobdell taught Psychology at Pierce College in Washington State for 40 years. During Lobdell's career, he has taught tens of thousands of students and he wants students to succeed. After watching students cram for eight hours or more for a test without any improvement, Lobdell has developed a studying technique that helps the brain retain the information that you are studying in this video "Study Less, Study Smart"





Wednesday, January 25, 2017

Which of the following two passwords is stronger?



Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9

If you really want to know you need to check the gibson password brute force search calcultor. Most of the website are password strength calculator. Check out the website https://www.grc.com/haystack.htm

Sunday, January 22, 2017

nodemon : must have tool for node js developer

 Some of the tools we have make developer life easy. If you are node js developer and writing any server app , you must install this small command line tool . It will make ur life dam easy.

The tool restart the server as soon any files are modified. So life become bit easy.For more details check the nodemon website. 

Wednesday, January 18, 2017

Web security : tool that u can make use to test your website


It important for a web-developer to know kind of attack malicious people make use to do damage to your web site.

You can easily visualize how these attack is being used for some of the world biggest data breached
Check the information beaches around the world http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


some of the common one are

1. SQL injection.  here I will discuss error based sql injection.In these attacker try to modify the serach query in the url and then try to get the error and next he will modify the query to get output they you does not want to desirably want to share on the web page.

The easier way to make user of automated tool "Havij". Plz explore it to validate to test your website.
Make sure validate the data getting as external input eg if u are expecting number .. then it should be number in thr post and get request.
The other best way to get stay away from SQL injection to make use of binding variable  (parameterize queries) in query that you are making use having the input from the outside.
The last one is allow application to have access access to certain table with "principle of least permission". Eg should ur application db account , can run database admin command".
Last one but important is web application firewall and cryptographic storage.



2.  Insufficient Transport Layer Security : it  mean here that are you making lack of making secure layer (eg http or https) while communicating to web server on internet.Most people get hacked when they using open wifi network. Here , attacker may monitor the information in and out flowing through the router. Some attacker even modify the DNS server setting for common ip request to their own hosted website with replicated page.
Some times attacker inject the key loger js script into the page. So how to prevent such attack.
Make sure that you web application login page open in https mode along with https post form is used.So apply TLS to encrypt by default (U need to pay some money to get the certificate) if you are expanding your application especially for the login page authentication.

Also make use of encrypted authentication cookies in your application and firewall is the last defense.
Also check out out the blog how to setup SSL certificate.
https://ksylvest.com/posts/2014-05-06/setup-free-ish-ssl-tls-on-heroku-for-ruby-on-rails-or-any-other-framework



3. Insecure Password Storage
I hope very developer  is aware of rainbow table.Here the attacker has pre-computed hash table that he make use of guess the password. Easiest way to prevent , to make use of bcrypt algorithm (avoid md5) and save password and random salt used , save  in two separate column. You can add additional layer of security by encrypting the output from bcrypt again using md5.
 
eg
byscript alogorithm -> random salt + password -> md5 -> save salt column and password column
I future I may be sharing , how to implement the above in node js

4. Cross Site Scripting (XSS)

5. Weak Account Management


Tuesday, July 26, 2016

interview details for Perl/ Unix developer @ deutsche bank

Recently I had interview @ Deutsche bank for perl developer.

I would like to share , though most of the question where pretty basic , few added my learning. :)


Friday, February 19, 2016

Perl problem of the ziprecuiter while submitting the application

Recently I had chance to apply for the zip reciter (USA base startup.)
While application you are asked to resolve a problem in perl or Phython.


Here the description of the problem



Though when I submitted the application , I did not thought and made used of JSON module.
But I think , It can be solved too without module , as it an ref to array.



Tuesday, March 24, 2015

Perl and selenium - a trail of youtube history


Recently I wanted to to get complete list of the youtube history page to a video I have seen a long time back. Though Youtube save ur maintain ur history but does not provide the option to search your history. The history button provided shows very few videos at time.

So I decided to write my own script recipe to handle this scenario. Though I have know about selenium for along time but never tried it Perl API. Let see it this can help me to get my list.

 Before reading this script recipe u need to check some info video and slide share get the functionality and usage the module (ingredient) we will going to use