Hibernate Dialect

1. DB2

org.hibernate.dialect.DB2Dialect

2. DB2 AS/400

org.hibernate.dialect.DB2400Dialect

3. DB2 OS390

org.hibernate.dialect.DB2390Dialect

4. PostgreSQL

org.hibernate.dialect.PostgreSQLDialect

5. MySQL

org.hibernate.dialect.MySQLDialect

6. MySQL with InnoDB

org.hibernate.dialect.MySQLInnoDBDialect

7. MySQL with MyISAM

org.hibernate.dialect.MySQLMyISAMDialect

8. Oracle 8

org.hibernate.dialect.OracleDialect

9. Oracle 9i/10g

org.hibernate.dialect.Oracle9Dialect

10. Sybase

org.hibernate.dialect.SybaseDialect

11. Sybase Anywhere

org.hibernate.dialect.SybaseAnywhereDialect

12. Microsoft SQL Server

org.hibernate.dialect.SQLServerDialect

13. SAP DB

org.hibernate.dialect.SAPDBDialect

14. Informix

org.hibernate.dialect.InformixDialect

15. HypersonicSQL

org.hibernate.dialect.HSQLDialect

16. Ingres

org.hibernate.dialect.IngresDialect

17. Progress

org.hibernate.dialect.ProgressDialect

18. Mckoi SQL

org.hibernate.dialect.MckoiDialect

19. Interbase

org.hibernate.dialect.InterbaseDialect

20. Pointbase

org.hibernate.dialect.PointbaseDialect

21. FrontBase

org.hibernate.dialect.FrontbaseDialect

22. Firebird

org.hibernate.dialect.FirebirdDialect

Basic Hacker Skills

When people think of hackers they immediately think of the worst but there are many different types of hackers and most of them has done a great deal to improve and develop software, the Internet and electronic devices.

Hacking skills - You must have the patience and will to understand programming languages. There are dozens of programming languages and they have evolved through the years, so start out with learning the basics. You can begin learning the programming language C then progress to other languages like Pascal or Fortran. Then move on to learning Perl, XHTML and other programs used on the Internet.

Understanding computer hardware is also a must as well as all the components that a computer system needs. You need to understand banking systems, and other systems used in the financial world because this is where you'll learn the kinds of security that are in place to protect the system and its clients.

Security Audit Stages

Stage 1. Automation Auditing
Stage 2. Manual Auditing

Automation Tools:-

1. AppScan
2. Scando
3. Acunetix
etc..

Manual Testing Tools:-

1. Burp Suite
2. IE Tamper
3. Achilles
etc..


How to prevent via coding ?   [Project should implement the following points]:-
Auto Completion for important controls like password
Salted hash for password fields
Sanitization to all the input controls
Browser Refresh [use captcha]
Steal Password via Refresh or back button [use redirection, clear cache]
Session Fixation [ use new session id before/after login ]
Brute Force [use captcha]
Guessing UserID
Always clear Browser cache
Insecure direct object reference  [ in search result screens, avoid give action link with pk id ]
CSRF
Downloading Secure File [ dont take a path from parameter ]
Inproper Error Handling [use proper tr{} catch{}, move to custom error page]
XSS [use sanitization, check server side validation (type,size,input data) ]
SQL Injection [use sanitization]
Cross Account Access
Privileged Escalation
Login Trail
Audit Trail
Forgot Password [use security question, captcha, send a mail link to change password (one time link) ]
etc..

Fraud Detection on Web App

Prerequisites

Before jumping into ways to detect potential fraud in Web applications and services, we need to set a few ground rules. Number one, and most important, you must have adequate logging. For full coverage on appropriate logging, read “How to Do Application Logging Right.”1 At a minimum, consider the five types of logging events covered

• authentication, authorization, and access events;
• changes to the system, application, or data;
• availability issues;
• resource issues;

Impossible Travel
Let’s say you saw the two entries shown in Figure 2 in your logs. These entries show that someone accessed login.jsp twice (let’s assume the same  user and that you have those details in the logs) in two hours. At 10 a.m., an IP address in California accessed  it; at noon, someone in Romania accessed it. The quick math says that no one could travel from California to Romania in two hours, even in an SR-71.
HTTP Request
Looking beyond the User-Agent header, what has changed?
• The order of headers differs.
• The order of cookies differs.
• The headers differ. Only the
first request has Origin and Cache-Control; only the second request has Keep-Alive.
• Regarding Accept-Encoding, only the first request lists each.
•  regarding Accept-Language, the first request has en-US and q=0.8, whereas the second request has en-us and q=0.5.
Fraud Detection in Sessions :- Its like session hacking / session fixation.

Latest News

• Salted Hash Password - OWASP
• Detecting Fraud on Websites
• Secure Issues Handling
• Share with Us
• Exercise

Popular

• Man-In-The-Middle Attack
• OWASP Top 10 Secure for web Application
• What Is a Hacker ?
• Autocomplete
• Salted Hash Password - OWASP

Fraud Detection

Fraud Detection

• Data preprocessing techniques for detection, validation, error correction, and filling up of missing or incorrect data.
• Calculation of various statistical parameters such as averages, quantiles, performance metrics, probability distributions, and so on. For example, the averages may include average length of call, average number of calls per month and average delays in bill payment.
• Models and probability distributions of various business activities either in terms of various parameters or probability distributions.
• Computing user profiles.
• Time-series analysis of time-dependent data.
• Clustering and classification to find patterns and associations among groups of data.
• Matching algorithms to detect anomalies in the behavior of transactions or users as compared to previously known models and profiles. Techniques are also needed to eliminate false alarms, estimate risks, and predict future of current transactions or users.

Let you get more details from :
http://en.wikipedia.org/wiki/Data_Analysis_Techniques_for_Fraud_Detection
http://horicky.blogspot.in/2011/07/fraud-detection-methods.html

For banking
http://www.sqnbankingsystems.com/

For insurance
http://www.capterra.com/insurance-fraud-detection-software

Latest News

• Salted Hash Password - OWASP
• Detecting Fraud on Websites
• Secure Issues Handling
• Share with Us
• Exercise

Popular

• Man-In-The-Middle Attack
• OWASP Top 10 Secure for web Application
• What Is a Hacker ?
• Autocomplete
• Salted Hash Password - OWASP