background preloader - Forgot that connection string? Get it here! - StumbleUpon - Forgot that connection string? Get it here! - StumbleUpon
Related:  mayurgaud

SQL Injection Attacks by Example A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation. So we'll do it in steps. A standalone query of

PHP Security Guide 37 Tested PHP, Perl, and JavaScript Regular Expressions inShare22 A regular expression, also called regex or regexp for short, is simply a piece of code that matches a pattern. Mastering regular expressions can be a difficult chore, and if you don't need them all of the time, the syntax is tricky enough to make the task frustrating or slow as you will constantly need to use a reference sheet. In order to save you time, I've compiled a list of PHP, Perl, and JavaScript regular expressions for common use cases that have been tested and are ready to go. If you're looking for regex tutorials or regex resources, you can find them at the end of the page as well as some additional regex resources. Perl and PHP Regular Expressions PHP regexes are based on the PCRE (Perl-Compatible Regular Expressions), so any regexp that works for one should be compatible with the other or any other language that makes use of the PCRE format. All Major Credit Cards Alpha-Numeric Characters Test for alpha-numeric characters with this regexp. Alphabetic Characters Digits URLs

How to Dynamically Create Thumbnails In this week's screencast, I'll show you how to upload files and then have PHP dynamically create a thumbnail. Whether you're building an ecommerce site, or just a simple gallery, these techniques will absolutely prove to be useful. If you're ready for your "spoonfed" screencast of the week, let's get going! *Note - There have been a few slight changes to the code after some additional thinking and some great suggestions. Don't worry, very little has changed. The Simple Config File The first step is to create a simple config file where we can store a few variables. $final_width_of_image - This variable will store the width of our thumbnail. Save this file as 'config.php' and place it in the root of your folder. The HTML Next, create a new page called "index.php" and paste the following. First, scroll down a bit to the body tag. Any time that you're going to be working with the "file upload" input type, you need to add an "enctype" attribute to the form tag. Saving the File ImageCreateTrueColor

PHP security tips PHP is one of the most popular web programming languages today. The reason is it is easy to learn, and yet robust enough to successfully power even the most complicated applications. This has its downsides. PHP community is large and very open, and often beginners learn wrong things or nothing at all about PHP security. PHP is very “forgiving” language and many users do not think about securing their applications. Securing a web site is all about quality coding and using defense techniques wisely. Programmer must always be on alert and know form where the attack can come. NEVER trust user input I will repeat, never trust your users. When this gets executed, the query looks like this: As the ”=” is always true, this guy is logged in even if he does not know the password. My tip is to always escape user input before doing anything with it. This way, the input gets escaped and harmless, and this simple doing gets you secured from most of the SQL related attacks. XSS attacks Error reporting

PHP Security Cheat Sheet This page intends to provide basic PHP security tips for developers and administrators. Keep in mind that tips mentioned in this page may not be sufficient for securing your web application. PHP overview PHP is the most commonly used server-side programming language, with 81.8% of web servers deploying it, according to W3 Techs. An open source technology, PHP is unusual in that it is both a language and a web framework, with typical web framework features built-in to the latter. Like all web languages, there is also a large community of libraries etc. that contribute to the security (or otherwise) of programming in PHP. Serious issues abound in all aspects of PHP, making it difficult to write secure PHP applications. Language issues Weak typing PHP is weakly typed, which means that it will automatically convert data of an incorrect type into the expected type. Try to use functions and operators that do not do implicit type conversions (e.g. === and not ==). Exceptions and error handling

Get to know the Impress.js presentation tool Ryan Boudreaux shows the basics of how you can use and modify the Impress.js presentation framework provided by Bartek Szopka to add sizzle to your website and web-based presentations. If you are looking for a cool and creative tool for implementing online presentations, Impress.js might just be the instrument you need to kick them up, or your entire website, for that matter. Impress.js is a presentation framework based on the power of CSS3 transforms and CSS3 transitions along with JavaScript and jQuery. The framework is currently supported in modern browsers and inspired by the idea behind, which is cloud-based presentation software. The source code is available on github where the files are compressed into a zip archive or can be copied individually, including the demo index.html, impress-demo.css, impress.js, and a few .png image files. Figure B The HTML Figure C <h1>Welcome to the Presentation! <p>Featuring... <li>CSS3 Transitions</li> <li>CSS3 Transforms</li> <li>HTML5</li>

Database Normalization What is Normalization? Normalization is a database design technique which organizes tables in a manner that reduces redundancy and dependency of data. It divides larger tables to smaller tables and link them using relationships. In this tutorial, you will learn- The inventor of the relational model Edgar Codd proposed the theory of normalization with the introduction of First Normal Form and he continued to extend theory with Second and Third Normal Form. Later he joined with Raymond F. Theory of Data Normalization in Sql is still being developed further. Database Normalization Examples - Assume a video library maintains a database of movies rented out. Table 1 Here you see Movies Rented column has multiple values. Database Normal Forms Now let's move in to 1st Normal Forms 1NF (First Normal Form) Rules Each table cell should contain single value. The above table in 1NF- 1NF Exmple Table 1 : In 1NF Form Before we proceed lets understand a few things -- What is a KEY ? What is a primary Key? Summary

Free Online Tools for Looking Up Potentially Malicious Websites Several organizations offer free on-line tools for looking up a potentially malicious website. Some of these tools provide historical information; others examine the URL in real time to identify threats: AVG LinkScanner Drop Zone: Analyzes the URL in real time for threats BrightCloud URL/IP Lookup: Presents historical reputation data about the website Comodo Web Inspector: Examines the URL in real-time. Cisco SenderBase: Presents historical reputation data about the website Cyscon SIRT: Provides historical data for IP addresses, domains and ASNs. Any on-line tools that should be on this list, but are missing? My other lists of on-line security resources outline Automated Malware Analysis Services and Blocklists of Suspected Malicious IPs and URLs. Copyright © 1995-2013 Lenny Zeltser.

FlipJack | The most interesting button in the world The Problem Buttons are a critical part of the Web – they drive sales, confirm subscriptions, book flights and so much more. So why don’t they actually do anything? Most buttons on the Web are nothing more than static images that give no proactive feedback to the user. This lack of feedback has a negative effect on the user experience – for instance, how many times have you double-charged your credit card because it was unclear your transaction was being processed? If call-to-action buttons are so important, they should act that way - they should contain information and activity, all spring-loaded and ready to burst forth the moment you click them. Who It’s For FlipJack is for any site owner who wants to create a more compelling experience when it comes to the actions users take on their site. How It Works With FlipJack, we aim to improve the experience of taking action on a call to action by providing robust and real time feedback to the user. How do you make buttons interesting?

10 Things a Website Should Never, Ever Do / Kyle Schaeffer As a designer of the world wide web, you are armed with the power to amaze, enlighten, entice, and captivate. The web is an easel for your creative aspirations, and the content you design for is the foundation of your creativity. With so much power at the tips of your fingers, you also possess the ability to deter, annoy, anger, and infuriate. Your users are yours to command, their emotions yours to pluck like the strings of a harp. It’s the latter of these powers that we discuss today: your ability to destroy the desire for users to stay on your site. 1. The browser window is a fairly simple application: an address/search bar, a few buttons, and a big window where users read, scroll, and click. Example: Microsoft SharePoint 2010 One of the most preposterous features of an interface that I’ve seen is SharePoint 2010′s new ribbon interface. When a SharePoint 2010 page loads, users will not be able to scroll until all JavaScript has loaded. An easy solution 2. A Simple Solution 3. 4. 5. 6.

Sauce Labs: Selenium Testing & More Fly-To-Basket Effect With jQuery Krups Coffee Maker Keurig Cup Coffee Pro