Author Archives: Ajitesh Kumar

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.

Auditing Requirements are Tricky. Isn’t it?

repudiation

[adsenseyu2] Many a project I worked upon, did not have a clear stated set of requirements related to auditing. Interestingly, with some projects, the auditing related requirements were created only after a couple of releases and got prioritized as less important in that specific release. One of the common observation I made across these projects is lack of understanding of auditing requirements and its significance, to key stakeholders including product owners, business analysts, developers and testers. Most of them could not figure out a strong reasoning in relation with why do we need to take care of audit trail of one or more transactions, until they got addressed/questioned by a …

Continue reading

Posted in Application Security. Tagged with , .

Developers lack Application Security Skills. Do You Agree?

Application security

[adsenseyu2] In my experience, I have found that almost 95% of application developers lack application security skills and at times, tend to complete their journey without knowing much of the security technologies and related skills. Ask them if they wrote secured code, and almost in 90% of cases, they may say “don’t know” or say, “yes, wrote parameterized queries”. I talked to some of the developers at different experience levels and found some of the following as their answers: Use secured frameworks, so why bother?: Well, frameworks that are used for application development takes care of security aspects. So, we rely upon these frameworks for security concerns and not pay …

Continue reading

Posted in Application Security. Tagged with .

PHP Code for Avoiding XSS Attacks

xss vulnerability

[adsenseyu2] Before we go and discuss the PHP coding tips and techniques to avoid Cross-site scripting (XSS) attacks, lets try and understand quickly what is XSS attack. XSS is a Web-based attack performed on vulnerable Web applications which ends up victimizing the end user rather than the application itself. In these attacks, malicious content is delivered to users primarily using JavaScript. The XSS attack happens when the web applications accepts the input from the end user without validating it. In XSS attack, the malicious code executes in the context of the victim’s session, allowing the attacker to bypass normal security restrictions. There are multiple good web pages to read about XSS …

Continue reading

Posted in Application Security. Tagged with , , .

How to Address Application Performance in Agile Scrum Teams

application performance in agile scrum teams

Given the nature SCRUM, two quality characteristics that takes back seat and considered as implicit are performance and security. I shall discuss the approach on how to address application performance while working with agile SCRUM teams. Before I go and list down the tips and techniques, let’s understand some of the constraints: Not all developers working in SCRUM teams are very familiar with application performance aspects It may get difficult to do performance testing at the end of each sprint. It may get difficult to articulate performance related user stories in each sprint. Given above constraints, it becomes much more important to address performance related issues in SCRUM model. Following …

Continue reading

Posted in Agile Methodology, Performance Engineering. Tagged with , .

Code Conversion from C++ to C#: Tips & Techniques

Migration

Following are some of tips & techniques for doing code migration of your C++ application to C#: Conversion using Tool: One strategy can be to use some of the existing tools such as that provided by Tangible Software Solutions or sourceforge project on c++ to C# code conversion. Once the code gets migrated, you may want to look out for traps which may lead to error while code migration. Given that C# looks a lot like C++, there are areas (traps) you may want to review to make sure that code conversion took care of those so-called traps. This is not known on how effective these tools do the automated …

Continue reading

Posted in Migration, Software Engg. Tagged with , .

How to Address Application Security in Agile Scrum Teams?

Agile SCRUM Team Composition and Application Security

One of the concerns that takes the back burner while setting up the agile SCRUM teams is application security. One other area that gets similar behavior like security is performance which shall be addressed in later articles. However, performance gets addressed quickly as it is key quality characteristic and gets noticed by end users very quickly. In the traditional waterfall based development model, security gets fair attention as the non functional requirements related with security gets captured in the initial stages and the team gets composed of at least one security officer/specialist/architect to take care of security requirements. However, having a security specialist/officer in each SCRUM team is not feasible …

Continue reading

Posted in Agile Methodology, Application Security. Tagged with , , .

Let’s Save Them for our Kids & Their Kids

Save Water

Today, on Sunday, I had to visit the school in which my elder one is studying in class III. She got to write an ABACUS test. I had to wait outside her classroom for an hour so.  This is when I decided to check the school noticeboard where I found some interesting good paintings on saving water and energy. Thought to capture some of them and share with you.

Posted in Uncategorized.

Tips for Newbies to Create Architecture Diagrams – Part 1

Wondering How to Create Architecture Diagrams

In the initial years of application development, I have found several junior or mid-level developers show up blank faces when asked about architecture of application. This is primarily because that they have been involved mainly in coding or low level design aspect of application development till that point of time in their career. Thus, these developers look up to architects to help them come up with various different architectural viewpoints. Not only this, project managers also look up to architects to come up with architecture and help the team get started.   Before I go ahead and write on a series of articles on how newbies could come with the …

Continue reading

Posted in Enterprise Architecture, Freshers. Tagged with .

What are primary architectural components of an ecommerce system?

Following are some of the primary architectural components of an ecommerce system: Functional Customer Profile Catalogs Pricing Shopping Cart Checkout Order Payment (Integration with multiple payment systems) Shipping (Integration with multiple shipping system) Fulfillment (Integration with external fulfillment systems) Campaigns (Promotions & discounts) Products Search Products reviews and ratings Non-functional Content Management Reports (Sales, web usage, user) Multi-channel Analytics  

Posted in ecommerce. Tagged with .

Logging Tips/Best Practices for Newbies

When starting the career of application developer in IT with one or more programming languages, one thing which is kept on back burner and kept for really long is logging. In fact, when I started my career as a programmer, when I realized that I wanted to know about what to log and what not to log, it was almost 4 years or so. This was my involvement in learning nitty-gritties of programming language itself, and not paying enough attention to logging at all. And, when I learnt most of it all, I realized how much value I added to programming by logging appropriate stuff in log files which was …

Continue reading

Posted in Freshers, Maintainability, Software Engg. Tagged with .

Migration Challenges from ATG 9.x to ATG 10.x

Following are some of the migration challenges from ATG 9.x to ATG 10.x: The migration can be achieved by executing scripts provided by Oracle, the information about which could be found in their detailed migration guide or the same can be accessed on this page. However, it is recommended to have an experienced migration architect deal with migration initiative from 9.x to 10.x versions. It has been found that migrating directly from any ATG 9.x  versions to any ATG 10.x versions landed up with one or more issues. If the current ATG version is at 9.x, it may be advisable to first migrate to an intermediate 10.0.3 version and, then migrate …

Continue reading

Posted in ATG, Migration. Tagged with , .

How a Content and Digital Marketing Guy Can Change the Game?

Digital Media Marketing Strategy for Small to Mid-size Companies

Most of the small to mid-size companies are competing in the common technologies space such as Java/JEE, .NET and open source technology stack wherein they do not have much unique to offer. And, this creates tremendous pressure on the sales team to perform and sign on new customers in order to remain sustainable and profitable. And, the common techniques used by sales team to reach out to customer includes emails and cold calls. This methodology, however, does not prove that effective given every companies’ sales team adopt same set of techniques. This puts pressure on sales team as well as senior management teams to find out USPs that they have to …

Continue reading

Posted in Others. Tagged with , , , .

Top 6 things to Avoid Logging

Following are some of the things you may not want to write in the log file or write in masked form: Passwords (goes without saying) Database connection strings Encryption keys/access tokens Sensitive personal data Session identification value (must be masked) File Paths (consider masking)

Posted in Application Security. Tagged with .

Different Roles & Responsibilities in a Business Process Lifecycle

Following are different roles and responsibilities involved in a business process lifecycle which consists of four key stages such as modeling, implementation, execution/control and monitoring/optimization: Process Owners: The primary responsibility of a process owner is to own business process from strategic point of view and has end to end responsibility for the process. The diagram below represents the spectrum of responsibility of a process owner. The details could be further read on this page. Process Analysts: Process analysts analyses the business processes with the process owners and define the process model including information such as activity flow, information flow, rules, documents, business policies, business rules, performance measures (KPI). IT Developers: …

Continue reading

Posted in BPM. Tagged with , , .

What are different types of Business Processes?

Following are different types of business processes: UI intensive processes: Navigational flow and data aggregation is controlled from a user interface layer rather than in a BPEL process. These processes are used for cases where a GUI application performs the process orchestration or control. Synchronous transactional processes: These are a collection of short-running BPEL processes provide real-time responses to graphical user interfaces or for transactional sub-processes. These are used for cases when you need high performance and the caller needs a response immediately. Asynchronous transactional processes: The invoker/caller makes the request and does not wait for the responses. Process is assured to occur at a later time in a separate transaction. These processes are used for cases when …

Continue reading

Posted in BPM. Tagged with , .

Why REST with Bonita When You can Mix ‘N’ Match :-)

To give you quick overview on what is referred to as Bonita here, Bonita is referred to as BonitaSoft BPM Tool. As per BonitaSoft corporate website, Bonita BPM improves business operations by connecting people, processes, and information systems into easily managed applications. The blog aims to highlight some of the aspects of Bonita BPM REST API and, some of the reasons due to which one would want to go with REST based integration with Bonita BPM. Those of you working with BonitaSoft tool including Bonita Portal for accessing workflow applications on top of BonitaSoft workflow engine & Bonita Studio for creating workflows, may have been exploring to find out ways and …

Continue reading

Posted in BPM. Tagged with , .