Learning Something New: 17/07/2018

"It always seems impossible until it's done."




Subject: Java Fundamentals


Topics:
  1. Variables
  2. Declaration of Variables
  3. Assignment of Values to Variables
  4. Variables = Ability to store and manipulate values (Named Data Storage)
  5. Declaration and Assignment of Values in a single statement
  6. Naming Variables
    • Combination of Rules and Conventions.
    • Rules: Allows use of letters, numbers, $ and underscore
    • Convention: Only letters and numbers are used.
    • Rules: First character is not a number
    • Convention: First character is always a letter
    • Convention: Follow "Camel Casing"
      • First letter is lowerCase
      • Start of each word after first is UpperCase
      • All other letters are lower case.
  7. We can assign a value to variable and later modify it to other.
  8. Local Variables: 
    • Variables declared inside the main method
 public class Variables {  
      public static void main(String[] args) {  
           /**  
            * Declaring only the local variable and printing the variable.  
            *   
            * int myVar;  
            * System.out.println(myVar);  
            *   
            * Error during compilation:  
            * Exception in thread "main" java.lang.Error: Unresolved compilation problem:   
            * The local variable myVar may not have been initialized  
            * at Variables.main(Variables.java:8)  
            */  
           int myVar; //Declaring the local variable  
           myVar = 50; //Assigning the value to local variable  
           System.out.println("myVar=" + myVar);  
           int anotherVar = 100; //Declaring and assigning another local variable  
           System.out.println("anotherVar=" + anotherVar);  
           myVar = anotherVar ; //Assigning copy of value of anotherVar to myVar  
           System.out.println("myVar=" + myVar);  
           System.out.println("anotherVar=" + anotherVar);  
           anotherVar=200; //Assigning another value to anotherVar. As it is already declared earlier.  
           System.out.println("myVar=" + myVar);  
           System.out.println("anotherVar=" + anotherVar);  
      }  
 }  




    Subject: Web Application Security

    Topics:


    1. OWASP - #4: Insecure Cryptographic Storage
      • When you register a user, find out how the passwords are stored in application.
      • If it is Plain text, then it is leads to security vulnerability.
      • Passwords should never be stored in unencrypted format: plain text on server.
      • Better way is to store using one-way cryptographic hash of user's password.
      • While logging to the application, Password is computed with hash function and compares the hashed password with stored hash password. If both matches, Login is granted.
      • Benefits: Only one-way hash, cannot compute the string from hash.
      • Hash Functions: SHA-1 , SHA-512 etc.
      • More better way to secure is: Adding Salt (Random text) to the password, before computing the hash function. This maximizes the password cryptography.
      • Without Salt, when user creates a password as "Hello" and another user creates the same password as "Hello". When they are computed through Hash function. Both Hashed Passwords will be same.
      • Reference: Web Application Security - What Testers can do.
    2. OWASP - #5: Failure to Restrict URL Access
      • Keep unauthorized users out of access of modules from UI Navigation and By URL.

    This entry was posted in ,,. Bookmark the permalink.

    Leave a Reply