Top 10 security risks for web applications

Wed, 05/11/2011 - 16:19paul

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Contributors include security experts from around the world who have shared their expertise to produce this list.

Below is a summary of the 2010 report - the previous having being in 2007.

Tags: 
security

Desktop-filing and under-engineered applications

Fri, 04/22/2011 - 13:31paul

I am sure you know all about the desktop filing system. Yes, when you use the desktop as a filing system. This works well to start off with - adding stuff is a breeze. However, as the pile grows:

  • it becomes unstable. Adding new stuff requires a bit more effort to make sure you don't topple the pile
  • it becomes harder to find the thing you want - it's somewhere right in the middle of the pile
Tags: 
filing
under-engineer

Quick facts about sleep

Sun, 03/13/2011 - 15:27paul
  1. As we snooze, our brain is busily processing the information we have learned during the day.
  2. Sleep makes memories stronger, and it even appears to weed out irrelevant details and background information so that only the important pieces remain.
  3. Our brain also works during slumber to find hidden relations among memories and to solve problems we were working on while awake.
Tags: 
sleep

Phing: a build system for PHP

Mon, 09/06/2010 - 01:31paul

Phing (recursive acronym for PHing Is Not GNU make) is a PHP project build system closely modelled on Apache's Ant tool for Java development and implemented in PHP. Phing, like Ant, uses simple XML build files to determine what to do as part of the build process. Why would you need a build system? Certain tasks might need to be performed repeatably during application development (on a large project or a small one). These might include:

  1. collect files from different folders and assemble them in one folder, optionally renaming them in the process
  2. automatically check that the code adheres to a coding standard
  3. extract code from a repository and run unit tests
  4. change configuration files from development settings to production/staging settings
  5. generate project documentation from code
  6. strip comments from production code to make it lighter-weight
  7. automatically search and replace words or phrases in files
A build system, such as Phing, can go a long way towards helping you do this with only a few keystrokes. Phing can call tools/packages, and is also easily extended, using your favourite language - PHP, to handle any reasonably strange requirement you might have.

Tags: 
php
phing

Illusions of Colors

Tue, 08/10/2010 - 09:59paul
The brain can see colors which are not there, as this illusion by Kitaoka demonstrates, thanks to color constancy. Color constancy is an example of subjective constancy and a feature of the human color perception system which ensures that the perceived color of objects remains relatively constant under varying illumination conditions. A green apple for instance looks green to us at midday, when the main illumination is white sunlight, and also at sunset, when the main illumination is red.
Tags: 
illusions

Pages