Bonita REST API & Application Architecture
[adsenseyu2] I have been working on BonitaSoft REST API in order to meet following customers’ requirements: The customer has multiple line of business (LOB) applications. The customer has decided to make a strategic move to offer solutions to their existing and new customers rather than one or more products from their multiple LOBs which can be accessed by a web application dashboard. These solution span across multiple LOB applications and is envisioned to leverage functionality offered by these applications using service API. In this regard, one key fundamental architectural component that got introduced is workflow tool, BonitaSoft. The workflow tool is used to execute one or more workflows which forms …
Testing Early, Testing Often for Greater Success in Agile SCRUM
In my experiences, I have found two different approaches taken towards testing in Agile SCRUM: Testers creating test plans while interacting with BAs, as like in waterfall model, in the beginning of each sprint, and executing those tests once the development is done. In this model, testers and developers still managed to survive successfully in their own islands/worlds and things used to move. However, there is not much interaction and collaboration between developers and testers during development phase. There are chances of usual conflicts that happens in the world of development and testing. Testers creating test plans with help of BAs, collaborating on test cases, related with user stories, with …
My All-Time Web Application Security Favorites
Following are my all time favorites web pages I frequently visit for remaining up-to-date with web application security: https://www.owasp.org/ Website I frequently visit to check out videos, presentations, Books etc. http://bsimm.com/ Website about building security in maturity model http://www.webappsec.org/ Website representing Web Application Security Consortium that publishes technical information, contributed articles, security guidelines, and other useful documentation. Businesses, educational institutions, governments, application developers, security professionals, and software vendors all over the world utilize their materials to assist with the challenges presented by web application security. Books: List of web application security books you would want to keep handy Web Application Security Interview Questions: List of some interesting web security interesting …
My Bookmarks (03/12/2013)
Following are some of the links in the areas of APIs and mobile that I found interesting while reading: How to go about creating your APIs: The article presents write up on API design issues and the guidelines. Came across “Mobile-first” keyword Got started with creating tutorials on PHP Programming: The OOPs way on “Codecademy.com“. Considerations for choosing between mobile apps vs mobile websites.
Obamacare Website HealthCare.gov & Security Threats Review
Well, there have been lot of discussions around security issues with Obamacare website, healthcare.gov which has become talk of the town recently. The federal portal serves 36 states not operating their own health insurance exchanges. Fourteen other states and the District of Columbia run their own marketplaces. One of the factors attributing to security issues is sheer large volume of untested source code covering 500 millions lines of code. One of the most important security threat is related with information disclosure of the millions of Americans. The sensitive personal information of millions of Americans such as social security numbers (SSN), birthdays, incomes, home mortgages, and addresses is at risk. Another security …
Are Days Counted for MVC-based Web Applications?
Today, if I am tasked to lay down the architecture for web application, I would no longer be blindly choosing MVC based architecture. Additionally, if this is a migration project from legacy to web application, I would no longer be blindly going for MVC based architecture and choose related MVC frameworks. Not sure if you would agree with me or not. But please read the following and share your thoughts. I would be happy to hear from you. Why am I getting paranoid regarding MVC for web applications? Following are criteria for my considerations for deciding on whether I would select MVC architecture for delivering business functionality on the web: …
Auditing Requirements are Tricky. Isn’t it?
[adsenseyu2] Many a project I worked upon, did not have a clear stated set of requirements related to auditing. Interestingly, with some projects, the auditing related requirements were created only after a couple of releases and got prioritized as less important in that specific release. One of the common observation I made across these projects is lack of understanding of auditing requirements and its significance, to key stakeholders including product owners, business analysts, developers and testers. Most of them could not figure out a strong reasoning in relation with why do we need to take care of audit trail of one or more transactions, until they got addressed/questioned by a …
Developers lack Application Security Skills. Do You Agree?
[adsenseyu2] In my experience, I have found that almost 95% of application developers lack application security skills and at times, tend to complete their journey without knowing much of the security technologies and related skills. Ask them if they wrote secured code, and almost in 90% of cases, they may say “don’t know” or say, “yes, wrote parameterized queries”. I talked to some of the developers at different experience levels and found some of the following as their answers: Use secured frameworks, so why bother?: Well, frameworks that are used for application development takes care of security aspects. So, we rely upon these frameworks for security concerns and not pay …
PHP Code for Avoiding XSS Attacks
[adsenseyu2] Before we go and discuss the PHP coding tips and techniques to avoid Cross-site scripting (XSS) attacks, lets try and understand quickly what is XSS attack. XSS is a Web-based attack performed on vulnerable Web applications which ends up victimizing the end user rather than the application itself. In these attacks, malicious content is delivered to users primarily using JavaScript. The XSS attack happens when the web applications accepts the input from the end user without validating it. In XSS attack, the malicious code executes in the context of the victim’s session, allowing the attacker to bypass normal security restrictions. There are multiple good web pages to read about XSS …
How to Address Application Performance in Agile Scrum Teams
Given the nature SCRUM, two quality characteristics that takes back seat and considered as implicit are performance and security. I shall discuss the approach on how to address application performance while working with agile SCRUM teams. Before I go and list down the tips and techniques, let’s understand some of the constraints: Not all developers working in SCRUM teams are very familiar with application performance aspects It may get difficult to do performance testing at the end of each sprint. It may get difficult to articulate performance related user stories in each sprint. Given above constraints, it becomes much more important to address performance related issues in SCRUM model. Following …
Code Conversion from C++ to C#: Tips & Techniques
Following are some of tips & techniques for doing code migration of your C++ application to C#: Conversion using Tool: One strategy can be to use some of the existing tools such as that provided by Tangible Software Solutions or sourceforge project on c++ to C# code conversion. Once the code gets migrated, you may want to look out for traps which may lead to error while code migration. Given that C# looks a lot like C++, there are areas (traps) you may want to review to make sure that code conversion took care of those so-called traps. This is not known on how effective these tools do the automated …
How to Address Application Security in Agile Scrum Teams?
One of the concerns that takes the back burner while setting up the agile SCRUM teams is application security. One other area that gets similar behavior like security is performance which shall be addressed in later articles. However, performance gets addressed quickly as it is key quality characteristic and gets noticed by end users very quickly. In the traditional waterfall based development model, security gets fair attention as the non functional requirements related with security gets captured in the initial stages and the team gets composed of at least one security officer/specialist/architect to take care of security requirements. However, having a security specialist/officer in each SCRUM team is not feasible …
Let’s Save Them for our Kids & Their Kids
Today, on Sunday, I had to visit the school in which my elder one is studying in class III. She got to write an ABACUS test. I had to wait outside her classroom for an hour so. This is when I decided to check the school noticeboard where I found some interesting good paintings on saving water and energy. Thought to capture some of them and share with you.
Tips for Newbies to Create Architecture Diagrams – Part 1
In the initial years of application development, I have found several junior or mid-level developers show up blank faces when asked about architecture of application. This is primarily because that they have been involved mainly in coding or low level design aspect of application development till that point of time in their career. Thus, these developers look up to architects to help them come up with various different architectural viewpoints. Not only this, project managers also look up to architects to come up with architecture and help the team get started. Before I go ahead and write on a series of articles on how newbies could come with the …
What are primary architectural components of an ecommerce system?
Following are some of the primary architectural components of an ecommerce system: Functional Customer Profile Catalogs Pricing Shopping Cart Checkout Order Payment (Integration with multiple payment systems) Shipping (Integration with multiple shipping system) Fulfillment (Integration with external fulfillment systems) Campaigns (Promotions & discounts) Products Search Products reviews and ratings Non-functional Content Management Reports (Sales, web usage, user) Multi-channel Analytics
Logging Tips/Best Practices for Newbies
When starting the career of application developer in IT with one or more programming languages, one thing which is kept on back burner and kept for really long is logging. In fact, when I started my career as a programmer, when I realized that I wanted to know about what to log and what not to log, it was almost 4 years or so. This was my involvement in learning nitty-gritties of programming language itself, and not paying enough attention to logging at all. And, when I learnt most of it all, I realized how much value I added to programming by logging appropriate stuff in log files which was …
I found it very helpful. However the differences are not too understandable for me