Humood10’s Weblog

The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is organization that supports and manages OWASP projects and infrastructure.

OWASP is not affiliated with any technology company, although it supports the informed use of security technology. OWASP has avoided affiliation as it believes freedom from organizational pressures may make it easier for it to provide unbiased, practical, cost-effective information about application security OWASP advocates approaching application security by considering the people, process, and technology dimensions.

OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Its documentation projects currently consist of:

• The Guide – This document that provides detailed guidance on web application security
• Top Ten Most Critical Web Application Vulnerabilities – A high-level document to help focus on the most critical issues
• Metrics – A project to define workable web application security metrics
• Legal – A project to help software buyers and sellers negotiate appropriate security in their contracts
• Testing Guide – A guide focused on effective web application security testing
• ISO 17799 – Supporting documents for organizations performing ISO17799 reviews

Development projects include:

• WebScarab – a web application vulnerability assessment suite including proxy tools
• Validation Filters – (Stinger for J2EE, filters for PHP) generic security boundary filters that developers can use in their own applications
• WebGoat – an interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
• DotNet – a variety of tools for securing .NET environments.
• And many other application security tools

The three web site of my choose are

What is LibraryThing?

Enter what you’re reading or your whole library—it’s an easy, library-quality catalog. LibraryThing also connects you with people who read the same things. This website give the user the following characteristics:-

• Meet the world’s largest book club. Find people with eerily similar tastes.
• Catalog with Amazon, the Library of Congress or 690 other world libraries. Import from anywhere.
• Get recommendations. Tag your books and explore others’ tags.
• Enter 200 books for free, as many as you like for $10 (year) or $25 (life).

Adding books to your catalog is also easy. Just enter some words from the title, the author or an ISBN. You don’t have to type everything in. LibraryThing gets all the right data from Amazon.com and over 690 libraries around the world, including the Library of Congress. Your catalog shows all the books you’ve entered. You can look at your catalog in either “list” or “cover” view. You can search your books, sort your books, edit book information, and apply “tags.” You can rate your books and write reviews.

http://www.librarything.com/

Get a  Calendar That You Can Access From Anywhere Keep it private, share it in a group, or even publish it on your blog.

Create a personal calendar and add birthdays, social functions, random get-togethers with friends, and while you’re at it, create reminders for paying bills, remembering special occasions, or checking that online auction. Get organized!

Coordinate Your Team

Create a calendar for your office. Keep track of todos, milestones, and deadlines. Set some goals, get everyone on board, and then… Get started!

Promote Yourself

Create a calendar for your church, your band, your team. Publish a event feed on your own website or blog so people can follow you and get involved. Get noticed!

Inform Your Audience

Teachers: Publish exam dates, homework due dates, project deadlines, etc. Students: Subscribe to your class’ calendar, or else create your own class calendars then roll them up into one view so you can stay abreast of it all. Get A’s!

Stay in Touch with Friends and Family

Create a schedule for your family. Create reminders for all your children’s scheduled activities. Get together!

http://www.calendarhub.com/

Hubs are just like web pages. Each one contains an article you write that’s filled with insight, advice, information – whatever you’d like to say on your favorite topic.

While there are other methods to create a presence on the Internet, you’ll be hard-pressed to find an easier way to:

• Produce all kind of contents with easy-to-use tools. Our non-techie tools allow you to easily load your hub with the content, pictures, link and videos that interests you most.
• Reach a large online audience who shares your interests. The technology behind our hubs gives them the power to reach thousands of people interested in your favorite topic.
• Take advantage of royalty-generating tools. HubPages provides you with easy access to the Internet’s top income generating tools: Google ads and eBay and Amazon offers. The opportunity to earn more and more royalties over time simply by writing about your favorite topic is the icing on the cake!

HubPages allows you to share your passion and your knowledge. By publishing your own hubs, you can connect with people who are at this moment searching for information on your topic.

Some favorite topics of our hubbers include:

• Personal Finance
• Home Improvement
• Diet and Nutrition

The beauty of the Internet is that it allows people who share a wide range of interests a common meeting ground. HubPages allows you to interact with people who share a common passion, or are interested in learning more.

http://hubpages.com/

refers to the broad certification program for Microsoft, although it can also refer to an individual candidate who had completed any one exam within the program (subject to some exclusions).

The MCP program offers multiple certifications, based on different areas of technical expertise. To attain these certifications, a candidate must pass a series of exams within the program. The current certifications are Microsoft Certified Technology Specialist (MCTS), Microsoft Certified Professional Developer (MCPD), Microsoft Certified IT Professional (MCITP) and the Microsoft Certified Architect (MCA).

Popular previous generation certifications include Microsoft Certified System Engineer (MCSE), Microsoft Certified Solution Developer (MCSD) and Microsoft Certified Database Administrator (MCDBA).

 Some employers require or prefer certain MCP certifications for specific jobs that involve Microsoft products and technologies. Other vendors have their own certification programs such as the Sun Certified Professional program, the Red Hat Certification Program, the Oracle Certification Program, the Cisco Career Certifications program, the Ubuntu Certified Professional program and the Apple Certification Program.

In the developed world, each exam costs approximately US$125. Exams usually take between 2 and 3 hours to complete and consist of between 45 and 90 multiple choice, drag and drop, solution building questions and simulated content within exams where students are required to perform certain common administrative tasks appropriate for the topic at hand

Evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.

Wireless devices link to the Internet via “hotspots” – nearby connection points that they lock on to. But these hotspots can act like an open door to thieves. Anyone with suitable equipment can locate a hotspot and take its place, substituting their own “evil twin”.

Method

The attacker uses a bogus base station that latches on to someone using Wi-Fi wireless technology. Victims think their laptops or mobile phones are connected to bona fide wireless Internet connections. Once they connect to the wireless network, the evil twins can access and steal their login information, in addition to confidential information which could potentially lead to identity theft.

Unwitting web users are invited to log into the attacker’s server with bogus login prompts, tempting them to give away sensitive information such as usernames and passwords. Often users are unaware they have been duped until well after the incident has occurred.

Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker’s base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client – thereby turning itself into an ‘evil twin.’

Virtual private networks or end to end encryption may be used to protect passwords, E-mail and other sensitive information.

The days of emailing documents to oneself or carrying around a USB flash drive may be over, thanks to Microsoft’s newly developed Office Live Workspace and its predecessor, Google Docs.

   Office Live Workspace and Google Docs will make group work easier and faster.

there are a number of similarities between Google Docs and Office Live Workspace. Both services allow users to create or upload existing documents, presentations and spreadsheets online, and share them with others simply by inviting them to your workspace using their e-mail address. The file’s creator can also choose which members can edit, and which can review the shared documents.

   Also, each has a “home” screen that is set up like a filing cabinet. This page displays the areas in which one’s personal files are kept, which files have been modified recently and quick links to adding new documents.

   These shared documents can be accessed from any computer or cell phone with an Internet connection and a Web browser. According to Microsoft’s Web site, over 1,000 Office documents can be stored on a workspace.

   Office Live Workspace, like Google Docs, is both platform and browser independent, allowing the services to work on PCs with Windows, Macs and even computers with variants of Unix (including Linux).

   In addition, both allow a user to set access levels for documents in their personal account, so one can choose who may view and make edits.

   The of features that come with Microsoft Office, however, are non-existent in Google Docs.

   Office Live Workspace has taken the platform a step further with functions such as footnotes, page numbers and numerous full-screen slide transitions for PowerPoint presentations that are not available in Google Docs.

   , Office Live Workspace is a way for Microsoft to compete with Google’s Docs service.

   Microsoft’s version of the service is a free plug-in for those who already have Microsoft Office installed on their computers, and will be widely available late this year. Currently, customers can pre-register and will be accepted into the service on a first come, first serve basis, according to Microsoft’s Web site.

   ”Ninety-five percent [of computer users] have Office installed If you have two or more people on a team, chances are that at least one of them will be able to edit the documents.”

   All UB students are provided with Microsoft Office for free via download, or for a highly discounted price through UB Micro. However, the retail price for the entire suite starts at $149 for students and the cost of the standard office suite doubles to $399, according to Microsoft’s Web site. Because of the price for non-UB students, some may be hesitant to use Office Live Workspace rather than Google Docs, which offers similar functionality for free.   ”Google is helping set the expectations that you don’t have to go buy these things,” McNabb said in a Wall Street Journal article.

Google Docs is open to anyone with a valid Google account, which is free to create, and doesn’t require any installation.

   Since Google Docs offers more or less the same main features, and can even import Microsoft Office documents through Office 2003, Office Live Workspace must go the extra mile to attract users. numbers and numerous full-screen slide transitions for PowerPoint presentations that are not available in Google Docs.

   Office Live Workspace has several different workspace templates that are generated automatically when a new document is created. Two templates include a job workspace for resumes, cover letters and interview tips; and a school workspace with a GPA calculator, a calendar for classes, term paper outlines and thesis templates. These shortcomings of Google Docs are what make Office Live Workspace so appealing, especially for students.

   Regardless of preference, both services offer a fresh, new and easy way for transferring, collaborating, and editing documents.

I read today about  Avery  important concept for database which is Information life cycle management (ILM) which is a comprehensive approach to managing the flow of information from creation and initial storage to the time when it becomes obsolete and is deleted. ILM involves all aspects of dealing with data. Information Lifecycle Management (ILM) is a sustainable storage strategy that balances the cost of storing and managing information with its business value.

ILM products automate the processes involved, typically organizing data into separate tiers according to specified policies, and automating data migration from one tier to another based on those criteria. As a rule, newer data, and data that must be accessed more frequently, is stored on faster, but more expensive storage media, while less critical data is stored on cheaper, but slower media. However, the ILM approach recognizes that the importance of any data does not rely solely on its age or how often it’s accessed.

All information, or data, in storage has a specific lifecycle, from the time the information enters an organization’s system to the time it is archived or removed from the system. The information may have a finite lifecycle—where the data are eventually removed from a storage when the information becomes outdated or no longer needed—or an infinite lifecycle if the information remains valuable to the organization retaining it. In general, there are three stages in the information lifecycle: The creation or  acquisition of the data, The publication of the data and The retention or removal of the data .

The management of the information lifecycle involves keeping the data accessible to the users who need the information and determining how the information is stored based on how high of a priority the information has in the organization at any given moment. At each stage in the information’s lifecycle, the management infrastructure must determine the best software, hardware and storage medium required for the information at that stage, and how those factors differ as the data move through the lifecycle.

You Tomb is Videos Removed for Copyright Complaint is an interesting project by MIT Free Culture that collects YouTube videos taken down because of copyright infringements. “More specifically, YouTomb continually monitors the most popular videos on YouTube for copyright-related takedowns. Any information available in the metadata is retained, including who issued the complaint and how long the video was up before takedown. The goal of the project is to identify how YouTube recognizes potential copyright violations as well as to aggregate mistakes made by the algorithm.”

Since YouTube operates under Digital Millennium Copyright Act, it’s obliged to take down content if it receives a notification claiming infringement from a copyright holder. In some cases, videos are wrongly taken down because YouTube is in no position to judge the validity of a claim.

According to YouTomb’s stats, the companies that have recently taken down the biggest number of popular YouTube videos are: TV TOKYO, Viacom, Warner Bros, World Wrestling and other media companies. “YouTomb is currently monitoring 157340 videos, and has identified 4389 videos taken down for alleged copyright violation and 13330 videos taken down for other reasons.”

Google has a philosophy of keeping things simple so that people who are technically challenged can use it without getting confused, Also that simple things are fast.. Yahoo believes in feature rich application.. their products are more customizable and complex.”

 Yahoo looks hip and colorful, whereas Google looks simple and elegant; Google is more thoughtful and strategic, Yahoo is flamboyant and more reactive; Google concentrates on value added solutions rather than presentation and Yahoo concentrates on superb presentation followed by value creation.”

Yahoo has tons of media and ADS (loads slower). Google search is better (faster) only text ads. I started with Yahoo since I’ve known it first: Mail, I’ve been moving things to Google Mail, Photos Googlepages.”

So Google is strongly associated with simplicity, usefulness, pages that load fast (in one word: text), while Yahoo is connected with rich interfaces, complex designs, pages that load slowly (in one word: multimedia). Gags even called Yahoo flamboyant, which means “elaborately and heavily ornamented”. It will be interesting to see if the acquisitions of YouTube and DoubleClick will change people’s perception about Google.

What is different  and similarity between the Word press, Gmail and Delicious log in .

Wordpres

• wordpress offer a “remember me option”
• wordpress – welcome back message
• wordpress shows account/toolbar above all pages listed on domain *.wordpress.com
• Word press has an image
• Once logged in the login part of the website changed and offers a link to the user’s blog site

 Gmail

• Gmail offer a “remember me option”
• Gmail offer a “forgot password/cannot access my account” link
• Once logged in you are redirected to your gmail account. You are offered a number of options such viewing email, make dates on the calendar, adding photos and viewing the blog site google reader
• log in screen is part of the home page ith gmail the login screen is shown first. This make the log in phase much quicker.

delicious

• delicious offer a “forgot password/cannot access my account” link
• Delicious does not offer a remember me option
• wordpress the log in screen is part of the home page the login screen is shown first. This  make the log in phase much quicker.

I hear a lot about ITIL and its exam. What is the ITIL about . IT infrastructure library (ITIL) is a series of documents that are used to aid the implementation of a framework for IT Service Management. It comprises a series of ITIL books and is intended to assist organization in developing a quality framework. This customisable framework defines how service management is applied within an organisation. It also aligned with the international standard, ISO2000. ITIL is organized into a series of sets (books) the two major ones being service support and service delivery. These in turn are divided into disciplines. Service support is the practice of those disciplines that enable IT services to be provided effectively.

Service delivery covers the management of the IT services themselves. In December 2005, the OGC issued notice of an ITIL, refresh, commonly known as ITIL v3, which is offered in spring 2007.

ITIL defines the organisational structure and skill requirements of the IT area and documents a set of operational management procedures to allow management of an IT operation and infrastructure. Importantly, the operational procedures are supplier independent. The ITIL framework itself comprises seven eight books each providing information on different IT topics, these books includes:

• Service support.
• Service delivery.
• Business perspective.
• ICT infrastructure management.
• Application management.
• Security management.
• Planning and implementation.
• Software asset management.

The two most commonly used are the first two service support and service delivery. These comprise of a number of disciplines.