Submitted by sgamare on January 25, 2010 - 4:05am.One of the core requirements for any financial application is to ensure that the code can stand up to abuse from potential hackers. If not hackers, even the plain old script kiddies who just want to play with you need to be kept at bay.
So what are the different aspects we should watch for and how can we solve those.
1. SQL Injection - User input field validation.
Submitted by sgamare on January 25, 2010 - 3:39am.In the consulting world frequently our clients ask us for our opinion and/or verification on how to meet certain goals from a business and technology perspective. This can be related to simple tool selection to selecting the next big vendor to outsource and definitely weighs heavily on budget and cost implications.
I believe in following a simple approach as follows:
1. Analyse and study the clients needs and learn any aspect of business and technology dependence related to this initiative.
Submitted by sgamare on January 25, 2010 - 3:23am.Having been part of new development and applications under support and maintenance for various applications for so many different companies, a question that is frequently asked - how do we solve issues proactively? The answer seems to have a lot to do with "Application Health Check Dashboard and Alerts".
Submitted by sgamare on January 25, 2010 - 2:13am.Most of us in our career have encountered applications which were badly written and now your teams are expected to support those. Can we do something about those apps without a full blown rewrite of the apps? The answer is absolutely - yes we can.
Submitted by sgamare on January 25, 2010 - 1:59am.Working frequently with UML we sometimes wonder if a given actor is a primary actor or secondary. There is never a clear cut answer to that question, because it is always "actor is relative to the system boundary".
Submitted by sgamare on January 25, 2010 - 1:50am.Have you ever been struck with a question when defining use cases - how can I find useful use cases ?
There are various aspects you can work with, however few I remember from a UML reference book are pretty straight forward. To identify if any application requirement can be identified at a useful level ask your self the following questions.
1. BOSS Test
A necessary task but which may not be valuable just by itself.
Example: "Log in to the system" without doing anythign meanigful does not make your boss happy.
2. Elementary Business Process Test
Submitted by sgamare on January 25, 2010 - 1:34am.Over years I have seen developers do things backward. For example decades ago I have seen folks do flow charts after the code was developed and tested. Never quite understood why. In today's world of agile development using "use cases" is a very acceptable form of defining user requirements that is visual and can be easily understood by business analysts and even management.
Submitted by sgamare on November 17, 2009 - 12:24pm.This setup is little rare to find. This is typically used in extra secure installations where the server application needs to verify the identity of the client browser who is authorized to access the application. This type of setup is generally limited to within the corporate boundary. Assume an example of a mutual fund sr. trader with access to initiate transactions in multi million dollars.
Submitted by sgamare on November 17, 2009 - 12:22pm.Certificates are used for a variety of implementations to secure communication from any non intended third party. In this case we are discussing the most generic of the certificates commonly known - server based SSL (secure socket layer) certificate. The purpose of the certificate is to prove beyond doubt that the server is who we think it is. This kind of security is generally setup to work on a security port - usually tied to port 443 (note - it does not have to be) and supported by the browser as "https"; an extension to the standard http protocol.
Submitted by sgamare on November 17, 2009 - 12:21pm.Most of you at some point in your career may have setup a local web server installation and probably published articles and pictures using web servers. However here we are talking about a more than the generic setup; we will describe a basic enterprise application centric security setup.
|
Recent comments
9 weeks 2 days ago
12 weeks 6 days ago