Daily Learning - Day 25

By -
Date: 25th February 2017

Below are the topics i learnt today..

Follow Hashtag: #SKC100DaysofLearning

Topic 1: Security - Find the Technology Components used in Web Application.


Are you interested to know which websites use a certain technology

 Wappalyzer is a browser extension that uncovers the technologies used on websites. It detects content management systems, eCommerce platforms, web servers, JavaScript frameworks, analytics tools and many more.

 Install this on your web browser:  https://wappalyzer.com/download



Topic 2: Security - Massive Bug May Have Leaked User Data From Millions of Sites. So … Change Your Passwords

THE INTERNET INFRASTRUCTURE company Cloudflare, which provides a variety of performance and security services to millions of websites, revealed late Thursday that a bug had caused it to randomly leak potentially sensitive customer data across the internet.

And the Bug is called as - "CloudBleed"

Lessons Learnt:

  • It is necessity to know, the third-party components of code added to your application.           See Topic -1 : To find out the Third-Party Components and Server Details.
  • Check if there are any vulnerabilities recorded on the Third-Party Components and Server. It may not be their code is perfect
  • When you see any Bug, even not serious. Act quickly to address the Bug as a Preliminary Fix after learning about the Bug.
  • Permanently Patch the Bug on the systems.
  • To Mitigate the risk, Option is to Change the Password which ever sites linked to Cloudfare.
  • Other Options for Defense: 2-FA Security Authorization.

Tool: Find out which CDN Service, your website is using.


Change.Org uses Cloudfare as CDN Service.

Read More: https://www.wired.com/2017/02/crazy-cloudflare-bug-jeopardized-millions-sites/

Incident Report: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Location: Mysuru, Karnataka 570001, India

Popular Posts

JMeter Producing Error: Windows RegCreateKeyEx(...) returned error code 5

By -
After running JMeter.bat on Command Line, Problem java.util.prefs.WindowsPreferences <init> WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0x80000002. Windows RegCreateKeyEx(...) returned error code 5. Cause Environment Resolving the problem The error occurs because java.util.prefs.WindowsPreferences is trying to save information in HKEY_LOCAL_MACHINE\Software\JavaSoft\Prefs instead of under HKEY_CURRENT_USER\Software\JavaSoft\Prefs. Windows 7 64-bit The work around is to Open JMeter.bat file as the administrator and so it creates the key HKEY_LOCAL_MACHINE\Software\JavaSoft\Prefs.
Read more

Understanding about Contract Testing

By -
Image
Yesterday Morning (9th May 2020), I had good discussion with  Sundaresan  Krishnaswami on " Contract Testing ". I thank  Sundaresan   for his time and sharing his knowledge. It started with an example: The Owner provides the house or Place of Residence to the Tenants. "Rent Agreement" is provided for the house and It contains agreement to use the house. The house comes with like kitchen, living room, bed room, fans, geysers etc.. It also contains who resides and what is the contractual period, obligation (money) etc.. Here, Owner is the Server and Tenant is Client.                                         Client-Server Architecture. Illustrating the same in the E-Commerce Context: In Some Development Companies, There can be two teams developing the Payments and Orders APIs. In B2B or B2C Ecommerce applications, we place an order using web browser through payment methods and Order is created. Order is successful only when Payment is successful. In general, Payments te
Read more