- to http webapp hosting howto caching by brightbyte on Sep 21, 2008, 2:28 PM
In order to solve web application vulnerabilities we have created HDIV (HTTP Data Integrity Validator) open source project.
We can briefly define HDIV a...In order to solve web application vulnerabilities we have created HDIV (HTTP Data Integrity Validator) open source project.
We can briefly define HDIV as a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and without adding any complexity to the application development. It is possible to use HDIV in applications that don’t use Struts 1.x, Struts 2.x, Spring MVC or JSTL, but in this case it is necessary to modify the application (JSP pages).
The security functionalities added to the web applications are these:
INTEGRITY: HDIV guarantees integrity (no data modification) of all the data generated by the server which should not be modified by the client (links, hidden fields, combo values, radio buttons, destiny pages, etc.). Thanks to this property HDIV helps to eliminate most of the vulnerabilities based on the parameter tampering.
EDITABLE DATA VALIDATION: HDIV eliminates to a large extent the risk originated by attacks of type Cross-site scripting (XSS) and SQL Injection using generic validations of the editable data (text and textarea).
CONFIDENTIALITY: HDIV guarantees the confidentiality of the non editable data as well. Usually lots of the data sent to the client has key information for the attackers such as database registry identifiers, column or table names, web directories, etc. All these values are hidden by HDIV to avoid a malicious use of them. For example a link of this type, http://www.host.com?data1=12&data2=24 is replaced by http://www.host.com?data1=0&data2=1, guaranteeing confidentiality of the values representing database identifiers. Also it is possible to hide the name of the parameters becoming the link into http://www.host.com?0=0&1=1.
ANTI-CROSS SITE REQUEST FORGERY (CSRF) TOKEN: Random string called a token is placed in each form and link of the HTML response, ensuring that this value will be submitted with the next request. This random string provides protection because not only does the compromised site need to know the URL of the target site and a valid request format for the target site, it also must know the random string which changes for each visited page.
to software http integrity data security develop springframework by gresch on Sep 2, 2008, 3:28 PMThe goal of Simple is to bring the power of simplicity to the world of server side Java. The primary focus of the project is to provide a truly embeddable ...The goal of Simple is to bring the power of simplicity to the world of server side Java. The primary focus of the project is to provide a truly embeddable Java based HTTP engine capable of handling enormous loads. Simple provides a truly asynchronous service model, request completion is driven using an internal, transparent, monitoring system.
This allows Simple to vastly outperform most popular Java based servers in a multi-tier environment, as it requires only a very limited number of threads to handle very high quantities of concurrent clients. Simple has consistently out performed both commercial and open source Java Servlet engines and has a fully comprehensive API that is as usable for experienced Java developers as it is for beginners. Best of all, Simple is completely free, and is released under the terms of the GNU Lesser General Public License, LGPL, which ensures its availability for use by open source and proprietary developers alike.
to softwaqre frameworks http java_ee xml java develop configuration by gresch on Aug 29, 2008, 9:17 PM- to practices w3c cache http best web handy header mobile by jil on Aug 3, 2008, 10:16 PM
Qinfo
to s36 http qinfo ru by winfer on Jul 10, 2008, 7:58 PMWinfo
to http ru winfo zx6 by winfer on Jul 10, 2008, 7:54 PMWinie is a network utility to put files on the web using HTTP/1.1. The main feature of Winie is its ability to solve the "lost update problem" by storing E...Winie is a network utility to put files on the web using HTTP/1.1. The main feature of Winie is its ability to solve the "lost update problem" by storing ETags (like Web Commander) . Winie use the client side api of Jigsaw, the W3C Web server.
to tools put get winie http delete by michi and 1 other person on Jun 18, 2008, 2:58 PM- to HTTP WWW REST by restclient on Jun 2, 2008, 3:28 PM
- to AJAX HTTP Forms authentication HTML by brightbyte on Jun 2, 2008, 12:51 PM
Flood is a profile-driven HTTP load tester. It can be used to gather important performance metrics for your website.
to tools software http performance flood webserver testing load apache by cschenk on May 31, 2008, 8:06 PM- to HTTP by geriofrio and 1 other person on May 29, 2008, 5:04 PM
The QCon presentation (slides) was ostensibly about how we use HTTP for services within Yahoo’s Media Group.
to cache http proxy apache rest architecture squid caching by fmeyer on May 26, 2008, 2:17 PM- to networking http security by brightbyte on May 20, 2008, 11:39 PM
tips on how to create an ontology page
to rdfa http owl semantic web by albert.hupa and 4 other people on May 20, 2008, 4:20 PM- to networking protocol http O.O by brightbyte on May 20, 2008, 1:46 PM
Paper by Mark
to networking scalability http paper hosting wikimedia by brightbyte on May 19, 2008, 5:00 PM- to networking scalability http hosting wikimedia by brightbyte on May 19, 2008, 4:59 PM
- to networking scalability http hosting wikimedia by brightbyte on May 19, 2008, 4:56 PM
- to w3c http semantic rdf web v0805 dfki by flint63 on Mar 30, 2008, 10:00 PM
AFTrack ist das Display für einen Bluetooth GPS und öffnet die Welt des Wanderns, des Bikings, des Segelns, des Geocachings oder mehr für Ihr Handy. Das Pr...AFTrack ist das Display für einen Bluetooth GPS und öffnet die Welt des Wanderns, des Bikings, des Segelns, des Geocachings oder mehr für Ihr Handy. Das Programm umfaßt das Tracking mit variablen Logneigenschaften. Es sendet Reports über GPRS (HTTP) oder SMS. Es empfängt SMS-Positionsanzeigen und zeigt sie als Wegepunkt. Es exportiert und importiert Wegepunkte, Tracks oder Routen, Umgang mit Karten.
to symbian position gprs bluetooth tracking http umts n95 gps s60 by bugsbunny on Mar 29, 2008, 2:57 PM
