Author Archives: Ajitesh Kumar

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. For latest updates and blogs, follow us on Twitter. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking

Tips & Techniques for Estimating Software Testing Effort


Even before we go about looking into tips and techniques for doing effort estimation for testing, it may be kept in mind that testing can be secluded as a separate task. It starts with the start of the project by starting to analyzing the project requirements and come up with a test plan comprising of test cases (primarily) and goes on till the end in form of performing the tests. However, it may be good idea to understand different aspects of testing to be done in the project and assign efforts accordingly if the testing includes specific attention due to various different reasons. Also, different software development methodologies such as …

Continue reading

Posted in Testing. Tagged with , , .

Google Email or MS Exchange Server for Corporate Accounts

Before we discuss on the difference between Google Apps and MS Exchange Server for corporate email accounts, it goes without saying that Google apps (email) can be used with MS outlook as email client. This is provided by Google for people who are not comfortable with the GMail client. These people can use the same features using MS Outlook. [adsenseyu2] If you want to understand criteria based on which you could decide whether to use Google Email or MS Exchange Server for various purposes including corporate email accounts, following are some of the key differences: Email Search: “Search email” feature in Google is any day better than MS Exchange email …

Continue reading

Posted in Others. Tagged with , .

Top 7 Secured Practices for Securing Your Partner APIs

security threat partner API

If you are planning to publish partner APIs for exposing your business services or data to your partners and customers, you may want to consider following top 7 secured best practices to ensure application level security: [adsenseyu2] Access-token based Authentication: Have your partners’ applications authenticate itself (and its users) using access-tokens rather than actual passwords. This is because access-tokens may be easily time-boxed and can be enforced to be renewed at the regular time-intervals. And the theft of access token can not really compromise the actual users’ password with the parent application. In this relation, you may consider using OAuth based authentication technique. In addition to usage of access-token for …

Continue reading

Posted in API Development, Application Security. Tagged with , .

API Economy & Rich Dad, Poor Dad

API Economy Rich Dad Poor Dad

In recent times, as I have been hearing about and, reading a lot on API related articles including topics such as application programming interfaces (APIs) economy, API-First, API-driven development etc, I got extremely fascinated with this API thing. This is where I decided to put my findings around when, why and how to go for API adoption and whether it would be fruitful for business to go for APIs from strategy perspective. Interestingly enough, I found some connection between API thing, and the central theme of the book, Rich Dad, Poor Dad. This is where I thought to use key themes from the book Rich Dad, Poor Dad to present …

Continue reading

Posted in API Development. Tagged with .

Must-have Application Development Skills for 2014

technology trends 2014

Following are some of the key must-have skills, every developer would want to acquire in order to create applications which align well with the technology trends of the coming year, 2014: Cloud readiness: As many applications have started moving into cloud, you never know when the application you have been working on, would also need to be moved to cloud. However, could any application be moved to cloud just like that? Not really. Following are some of the key characteristics that application would need to have in order to be ready to be moved to cloud: High Performance: An under-performing application could end up utilizing lot of resources in the …

Continue reading

Posted in Software Engg. Tagged with .

May Your Application R.I.P – Part 1

rest in peace

[adsenseyu2] Didn’t really mean that (R.I.P) way, Indeed. 🙂 The objective behind this series of blogs is to represent some of the best practices, the how-tos and the whats/whys in relation with REST based integration of applications. Before we shall talk on any related aspects of REST and how to design great RESTful services and, why go for RESTful design in the very first place, lets try and understand a little bit on what is REST and,  “Resource Oriented Architecture (ROA)”. What is REST? REST is an architectural style for distributed hypermedia systems like WWW. REST stands for REpresentational State Transfer. The term first originated in 2000 doctoral dissertation of …

Continue reading

Posted in Integration. Tagged with , .

OWASP Security Misconfiguration – Classic Example – 1

security misconfiguration

[adsenseyu2] One of the OWASP top 10 application security vulnerability is Security Misconfiguration. One of the most common way to identify the security misconfiguration configuration is to check if error handling reveals stack traces or other informative error messages to users. I tried and run an automated scanner on this website, and got various different URLs which revealed stack traces including some of the following: However, the most dangerous one of the above is Take a look at the screenshot below. Security Misconfiguration Example – Showing compilation errors   Take a look at another diagram below that shows the information regarding the server Apache Tomcat …

Continue reading

Posted in Application Security. Tagged with , .

What to Learn on Day One of Application Development

Day One

Well, I would surely not recommend you to go over the application code and look for things like classes, interfaces, data model, design patterns etc. It definitely has to be everything else than the application code. If you have just landed on to a new application development project and shall be going to start working on the application soon, you may want to understand some of the following on day one rather than nitty-gritties of the application itself: Business overview: The idea is to understand key business functions which is served by the application. The output of business overview can be functional decomposition which can be later related to one …

Continue reading

Posted in Software Engg. Tagged with .

Attention Developers: Take Care of Your Debts

Clear your technical debts

Hmm.. was the title intriguing enough for you to check out if you as a developer got any debts to clear (such as that represented below :-)? Well, I am talking about what is called as “technical debt” and that is it. 🙂 Believe me, there are high possibilities that most of the developers do have technical debts to clear which they (or someone else) introduce in the system while working on it over a period of time. Lets try and understand what/how/why/whens related with technical debt?   As Fowler writes in his blog, technical Debt is a wonderful metaphor developed by Ward Cunningham to help us think about this …

Continue reading

Posted in Agile Methodology, Software Engg, Software Quality. Tagged with , .

Tips for Newbies to Choose between Technologies


Does the above picture include one of the programming languages you are planning to learn or have started learning? I have come across many a newbies frequently looking for answers to some of the following questions: Which technology will be most suitable for me from career perspective? Which technology will help me secure high-paying job? Which technology will I love to work with? Is development (coding) good for me or, I could also explore testing career? Should I go on to learn one of the programming languages such as Java, C#, PHP, RoR etc, or should I learn one of the application packages such as that related with ecommerce (ATG, Hybris, …

Continue reading

Posted in Freshers. Tagged with .

Follow Single Responsibility Principle & You are Home!

ajitesh shukla

Here is an interview with Ajitesh Shukla who has been very passionate about coding all these years and have helped many software developers to write better code by getting them understand few basic coding principles. Read on to find out about his experience and expertise around coding. Tell us something about yourself, in brief My name is Ajitesh Kumar and I have got an experience of around 14 years working in different technologies such as Java, PHP etc. I am currently working on projects related with software quality governance, BonitaSoft, enterprise architecture, ATG etc. Tell us about your coding experience, in brief.  I have been coding in different languages including …

Continue reading

Posted in Geeks' Brain's Picks. Tagged with .

New Initiative – Geeks’ Brain’s Picks


We are starting on a new initiative to share the pick of software geeks’ brains. The objective is to share information about beliefs, experience & expertise of software geeks out there who have been doing some real cool stuff. We are reaching out to many of these geeks and getting ready to start publishing information about them very soon. What is there for everyone’s out there? If you are a fresher/newbie who want to learn the software coding best practices from the horses’ mouth or, a tech lead/project manager who want to make sure their team follows a consistent coding best practices, you may want to pay attention to one …

Continue reading

Posted in Geeks' Brain's Picks.

Tips for Gathering Security Requirements of your Web Application Project

web security

Gathering security requirements in relation with a project, sprint (if agile) is key to deliver secured applications. This is because security requirements would lead to appropriate design in relation with security. Following are key topics to consider for gathering security requirements: Authentication & password management: This is mostly a one-time activity and done as the start of the project and not in every sprint. One may want to ask questions such as following in relation with authentication and password management: Password policies: This is important to ask to avoid dictionary attack in relation with user credentials. Password hashing: This is important to make sure password is encrypted with appropriate encryption …

Continue reading

Posted in Application Security, Software Engg. Tagged with .

Atlassian Confluence-JIRA Integration to Strengthen Agile Portfolio

atlassian jira confluence integration

Earlier this week, Enterprise software toolmaker Atlassian announced tighter integration between its JIRA issue tracking application and its Confluence team collaboration platform. With this move, they have further strengthened their agile portfolio. Following is the list of software in their agile portfolio: Confluence: Confluence pages are used to maintain requirements (stories), technical specs, design guidelines, etc. Confluence pages are linked with JIRA thus linking requirements/technical specs to stories. JIRA: JIRA is used to maintain epics/stories and issues. There are several blueprints in JIRA created to manage status reports, retrospective meetings etc. The new JIRA Report Blueprint allows development teams to create an ad-hoc status report or a change log in Confluence. The new Retrospective Blueprint gives scrum masters, …

Continue reading

Posted in Agile Methodology, News. Tagged with , .

Top 7 Security Attack Questions While Analyzing Every Requirement

security attacks

Following are top 5 security attack related questions that you could ask while analyzing the each requirement in hand, the answers to which could help you put better design in relation with security: Security threats analysis related with data entering into/coming out of the system: How could an attacker inject SQL commands? (OWASP SQL Injection). Solution: Use parameterized SQL queries rather than building SQL statements dynamically using string concatenation How could an attacker perform a cross-site scripting attack? (OWASP Cross-Site Scripting – XSS). Solution: Use OWASP ESAPI to sanitize user input against scripts such as Javascript that could lead to XSS attacks.  This is more about doing input data validation as soon as …

Continue reading

Posted in Application Security. Tagged with , .

Tips for Designing Security for Your Public APIs

securing an api

[adsenseyu2] Before we look into tips & techniques to design security for your Public APIs, lets understand what do we mean by Public APIs? Public APIs are APIs that are published to the world including developers, or partners’ developers to create their custom application by making use of APIs. These APIs can be used by another program, mobile apps or web applications (Web UI), desktop client etc. Following are some tips/techniques for designing security for your Public APIs: IP Address Restrictions: To be able to control access to APIs based on IP address from which request arrived, the IP address restrictions policy should be imposed. This is very handy when …

Continue reading

Posted in API Development, Application Security. Tagged with , .