Learn JSP for Beginners part -2


Implementation

In a JSP application, putting all of the Java codes in the JSP pages is not a good practice. You should separate the presentation layer from the business logic. In this way, you can easily adapt the application to a new look without changing the infrastructural codes.


As I mentioned before, we store the issue records in a H2 memory database. We put the database implementation codes in a new Java class, not in the JSP page. To keep simple dependency list, we choose pure JDBC approach for database access, not an ORM tool like Hibernate, or another helper framework like Spring JDBC. The code of our database access class “DbOperations” is below. We call it in the JSP page to perform the database layer executions.

Digital Forensics Lab Case study with autopsy tool – Russian Tea Room



Digital forensics is a process of uncovering, interpreting and recovery of files found on digital devices. There are some tools, which help in analyzing disk image and performing depth analysis of file system.


Course Materials:


Case study and image file : case study zip

autopsy tool : autopsy tool



Learn JSP for begginners Part 1




Image result for JSP



Java Server Pages (JSP) is a server-side programming innovation that empowers the formation of dynamic, stage free technique for building Web-based applications. JSP approach the whole group of Java APIs, including the JDBC API to get to big business databases. This instructional exercise will show you how to utilize Java Server Pages to build up your web applications in basic and simple advances

OAuth 2.0 - Authorization Server


what is OAuth ?

OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. ... OAuth acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared. OAuth, allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.

The idea is that you are giving certain permission to accesss your facebook details such as name , id and email , so that facebook can provide informations to sign up, give your profile details.

How to protect against Cross Site Request Forgery in web via double submit cookies



Cross Site Request Forgery prevention helps from causing unwanted actions at trusted service using authentication status of logged user without their knowledge.

There are few ways to protect cross-Site-Request-Forgery,
  1. Synchronizer Token Patterns - We had discussed in previous tutorial
  2. Double Submit Cookies
  3. Encrypted Token Pattern
  4. HTTP referrer header

How to protect against Cross Site Request Forgery in web using Synchronizer Token


What is Cross-Site-Request-Forgery ?

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

refer : https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)  for more


How To Develop Good Mobile Apps


Writing a mobile app for Android or iOS is easy but designing a great mobile app can be a challenge. Learn how to write better mobile apps with these ten quick tips!
1: Keep it Focused
The best mobile apps focus on doing one thing very well. You should be able to describe what your app does in one sentence without any “ands”. The user should be able to launch it, use it and put it away in seconds having used its primary purpose. If a user has to navigate through four levels of menus to be productive, your app will be quickly uninstalled.
2: Use the Back Button Appropriately
On Android, the native OS supplied back button should navigate the user back consistently. On iOS where the back button is software controlled, you should always supply a back button and it should always be in the top-left hand corner where the user expects it. Following the conventions of back-button behavior and location specific to your operating system is critical to making your app meet your user’s expectations.