Search This Blog

Monday, October 28, 2013

Hibernate Dialect

1. DB2


2. DB2 AS/400


3. DB2 OS390


4. PostgreSQL


5. MySQL


6. MySQL with InnoDB


7. MySQL with MyISAM


8. Oracle 8


9. Oracle 9i/10g


10. Sybase


11. Sybase Anywhere


12. Microsoft SQL Server


13. SAP DB


14. Informix


15. HypersonicSQL


16. Ingres


17. Progress


18. Mckoi SQL


19. Interbase


20. Pointbase


21. FrontBase


22. Firebird


Saturday, October 26, 2013

Basic Hacker Skills

When people think of hackers they immediately think of the worst but there are many different types of hackers and most of them has done a great deal to improve and develop software, the Internet and electronic devices.

Hacking skills - You must have the patience and will to understand programming languages. There are dozens of programming languages and they have evolved through the years, so start out with learning the basics. You can begin learning the programming language C then progress to other languages like Pascal or Fortran. Then move on to learning Perl, XHTML and other programs used on the Internet.

Understanding computer hardware is also a must as well as all the components that a computer system needs. You need to understand banking systems, and other systems used in the financial world because this is where you'll learn the kinds of security that are in place to protect the system and its clients.

Security Audit Stages

Stage 1. Automation Auditing
Stage 2. Manual Auditing

Automation Tools:-

1. AppScan
2. Scando
3. Acunetix

Manual Testing Tools:-

1. Burp Suite
2. IE Tamper
3. Achilles

How to prevent via coding ?   [Project should implement the following points]:-

Auto Completion for important controls like password
Salted hash for password fields
Sanitization to all the input controls
Browser Refresh [use captcha]
Steal Password via Refresh or back button [use redirection, clear cache]
Session Fixation [ use new session id before/after login ]
Brute Force [use captcha]
Guessing UserID
Always clear Browser cache
Insecure direct object reference  [ in search result screens, avoid give action link with pk id ]
Downloading Secure File [ dont take a path from parameter ]
Inproper Error Handling [use proper tr{} catch{}, move to custom error page]
XSS [use sanitization, check server side validation (type,size,input data) ]
SQL Injection [use sanitization]
Cross Account Access
Privileged Escalation
Login Trail
Audit Trail
Forgot Password [use security question, captcha, send a mail link to change password (one time link) ]

Fraud Detection on Web App


Before jumping into ways to detect potential fraud in Web applications and services, we need to set a few ground rules. Number one, and most important, you must have adequate logging. For full coverage on appropriate logging, read “How to Do Application Logging Right.”1 At a minimum, consider the five types of logging events covered

• authentication, authorization, and access events;
• changes to the system, application, or data;
• availability issues;
• resource issues;

Impossible Travel
Let’s say you saw the two entries shown in Figure 2 in your logs. These entries show that someone accessed login.jsp twice (let’s assume the same  user and that you have those details in the logs) in two hours. At 10 a.m., an IP address in California accessed  it; at noon, someone in Romania accessed it. The quick math says that no one could travel from California to Romania in two hours, even in an SR-71.
HTTP Request
Looking beyond the User-Agent header, what has changed?
• The order of headers differs.
• The order of cookies differs.
• The headers differ. Only the
first request has Origin and Cache-Control; only the second request has Keep-Alive.
• Regarding Accept-Encoding, only the first request lists each.
•  regarding Accept-Language, the first request has en-US and q=0.8, whereas the second request has en-us and q=0.5.
Fraud Detection in Sessions :- Its like session hacking / session fixation.

Fraud Detection

Fraud Detection

  • Data preprocessing techniques for detection, validation, error correction, and filling up of missing or incorrect data.
  • Calculation of various statistical parameters such as averages, quantiles, performance metrics, probability distributions, and so on. For example, the averages may include average length of call, average number of calls per month and average delays in bill payment.
  • Models and probability distributions of various business activities either in terms of various parameters or probability distributions.
  • Computing user profiles.
  • Time-series analysis of time-dependent data.
  • Clustering and classification to find patterns and associations among groups of data.
  • Matching algorithms to detect anomalies in the behavior of transactions or users as compared to previously known models and profiles. Techniques are also needed to eliminate false alarms, estimate risks, and predict future of current transactions or users.

Let you get more details from :

For banking

For insurance

Hit Counter

View My Stats