Skip to main content

Posts

The Bourne Betrayal | Book Review

Novel by Eric Van Lustbader and Robert Ludlum I like all Robert Ludlum’s novels including those which are written by Evan Lastbadder. To me his novels have taken fiction to the next level. During my way back to Hyderabad from my last summer trip to hometown I bought paperback version of “The Bourne Betryal”. This novel was full of Lastbadder’s style of writing than Robert Ludlum’s one.  I took almost 6 months to complete it. This novel has something different to offer actually. Plot is exciting but the story is not very accelerating. Jason bourn and Martin Lindros, When martin Lindros decided to come back in the field operations with the aim to destroy Fadi and When Martin is out the track , Jason is the only help possible in the situation. Story takes you through various struggle of Jason to bring Martin back home. There are few things where author has not even paid any attention for example how does an ordinary Pakistani Waiter will have that much of information   Towards the e
Recent posts

Web Assets and Security Risk

In application security world blacklisting and whitelisting validations are very popular. This basically indicates what should be allowed and what shouldn’t be allowed. I was thinking about some of the web applications deployment structure and paying attention on the way various files are packaged and deployed. I found one interesting thing about web assets like CSS, Images and fonts , java scripts. When we host the web assets, URLs that actually provide web assets are actually not protected up to the mark. Let’s say  you have an application which has URL something like this http://someapplicationname/somecontext/myaccount when you access the above mentioned URL, application may redirect you to login page, Whole idea is to force user to authenticate him/herself and create a secure session. Once the session is established you can access and the account page and do whatever you want to do. But web asset URLs are not protected.   http://someapplicationname/somecontext/js/log

New Programming Language, Do we really need ?

We have seen multiple new programming languages every year and question which is commonly asked is Will there always be new programming languages coming out? I believe  many new programming languages will keep coming and many are on the way. Technologies are evolving around us will make it fairly easy; everyday big corporation and tech individual/communities are making consistent progress towards technological advancement. If you observe every new programming language has one thing in common and that is they are based on software engineering principals, you will find same loop, iteration, conditional processing and stuff like that. What makes them different is Adoption, you can make your own programming language using other languages but it will only be popular when it can convince large tech community on the ground of Efficiency, Security, Agility, Portability, platform support etc. Wikipedia has impressive List of programming languages We have seen many languages in the past a

ipconfig/displaydns

Why does the aboave command prints URLs, Websites addresses that we have never accessed before ? When your system communicates with the DNS server for resolvingthe name queries, Your system builds the cache over the perios of time, This cache normally contains records from the host file and also the retrieved records from the recently resolved queries. Coming to the question that the site which were never accessed showing up there. DNS cache notes down positive and negative results as well. as you know caching is all about performance improvment. Now lets say you accessed Website1 and Website1 has some functionalities which makes it to communicate with Website2. Now Fortunately or unfortunately Website2 is blocked in your network and name query for this Website is not resolved. Still this unresolved queries will be recorded in DNS cache. I think those results are coming as they were initiated from your system implicitly. Issue this command to clean the DNS cache

Backend vs Frontend

Why did backend guys always feel superior over frontend guys? I have been on both side and have done both front-end development and back-end development for long time. Truth is in a web based product nothing is superior both complement each other. Think about the product which has sophisticated transaction processing system, better error handling,reliability and availability but lacks good user experience and poorly designed user interface. Consider user interface as front desk, no matter how good your back office processes are if front desk does not behave in respected manner nothing works. Coming to so called superior feeling of backend developers much of it can be largely attributed to technology stack, I think it’s better to say traditional technology stack. Normally engineer feel great when they deal with stuff which has fair amount of complexity and backend gives you that.Front end was nothing more than JAVA script, HTML and CSS, not counting tools and productivity solutions

Information Security Profile Questions

One of the friend asked this question in one of the popular forums, i thought I should keep copy of my answer in my blog as well. What sort of interview questions can be asked in information security profile? It depends on your role under information security profile, If you are ininformation security engineering role, questions will be more from tools andtechnologies and security audit and analysis methodologies. Questions may comefrom application security(OWASP TOP10), network security or computer forensics. In the corporate world no one expects an information security engineer to bemaster of all the security disciplines. Questions from different operating system techniques and popular web serversand information security architecture will be asked. Various operating system administrationdetails questions may surface. Vulnerability assessment is another topic whichcan be discussed. Security consultant as a profession itself is about being specialist notjournalist. So solid un

Google and Facebook's Data Center

I think Capacity wise Facebook is the good place to start as no other website has experienced kind of volume and traffic that Facebook has witnessed in the recent past. As you have not specified whether You want to know more about the infrastructure, security or you are interested in their operating model, staff size and remote site management? I would go with the general details. Facebook has multiple data centers around the world and the reason behind this is a common knowledge i.e huge volume of the data that FB process on daily basis. Facebook is currently the world’s most popular web site, with more than 1 trillion page views each month, according to metrics from Google’s DoubleClick service. Facebook currently accounts for about 9 percent of all Internet traffic, slightly more than Google, according to HitWise. This is the first data center of the Facebook in Prineville FB realized that they need many data centers in different locations to support the performance demand of