What is Application Penetration Testing?

It is a course of action where a computer & network professional analyze an application to explore procurable and current vulnerableness on a network. This course of action is labor-intensive and requires indepth cognition and experience in a variety of different mechanisms and a range of exploits.

How is this varied from PCI Compliance?

For most retailers, who authorize as “L4″ merchants (less than 25,000 Visa transactions/year), PCI Compliance utilizes blasé and well-established automated tools to explore and report procurable vulnerabilities. However, there are restrictions to automated tests, and a web application penetration test is designed to more thoroughly evaluate an application than can be realized through automated tests.

Who is an Ethical Hacker?

An Ethical Hacker goes through pervasive training to become well versed in variety of techniques and tools to mimic how an effective vicious hacker may gain route to your system. The ethical hacker works for the site holder, instead of against them.

What do you test for?

We need to test for range of vulnerabilities. These include but are not confined to:

• Validation of input (Form, Data, Fields, URl, e-mail … etc)
• Buffer Overflow (Memory, Function calls, Stack flow, stack over run, system stack … etc)
• Cross Site Scripting (DOM-based, reflected vulnerability, second-order vulnerability … etc)
• URL Manipulation (Trial and error, Directory traversal … etc)
• SQL Injection (First order attack, second order attack, lateral injection … etc)
• Cookie Modification
• Bypassing Authentication (Direct page request, Parameter Modification, Session ID Prediction … etc)
• Code Execution (Shell code attacks, malicious attack … etc)

In the current web industry the talk persists over the advantages of ready to go popular CMS like wordpress, Joomla etc. & rather than going for the custom CMS to be built from the scratch. Don’t forget, custom CMS is a personalized built which will act as exactly what you wanted. I would like to share my thought on this regard.

It’s obvious that custom developed are always unique. Custom CMS that are developed from the scratch are more easier, optimized & offers best fit as per the clients requirement. To develop a website from a ready built CMS requires lengthy code as it consumes a lot of time to overrides the default attributes which comes as built-in.

For me, both custom developed CMS & ready built CMS has its own pro’s & con’s. Before choosing between them one needs to consider the below factors :

Time Line : Does time line is a preeminent factor?
Costing : Custom developed CMS are expensive. If in case the ready built CMS are not proximate to your needs then the custom developed CMS will help you in cost effectiveness.
Prerequisite : Does the ready built CMS matches your requirement? If the ready built CMS matches 75% or more, then it is ideal to go with ready built one’s.
Intended Users : Who are the intended users of the CMS? If they are business persons or not technically sounded, then usability & friendliness is the most imperative thing. On the other hand, if the users are technical people then the interface might not be so much imperative.

Other factors that are imperative while culling between a ready built CMS & CUstom developed CMS are Market Trend, Usability, Technology, speed & performance, user friendliness. These aspects needs to be considered while choosing the right CMS.

If you have any enquiries about custom developed CMS & Open source CMS, get in touch with us.

robots.txt is a casual file that is applied in the root/base directory of your web server. An illustration of placing is, http://www.example.com(Your domain)/robots.txt. This file is predominantly used to advert search engines & crawler robots to which part(sphere) of the website needs to be visited & indexed.

robots.txt can be placed only in the root/base directory & can be used once. That is, where your main/index page is.

When robots.txt is placed, it can be accessed by http://www.yourwebsite.com/robots.txt. It will not work if the robots.txt is placed as http://www.yourwebsite.com/sub-domain/robots.txt

Most of the search engine takes robots.txt into account. Obviously, spam botters(e-mail crawlers) cannot understand this. But it is advisable to place secured files in protected folders rather than trusting robots.txt to do the job completely. robots.txt is more about advising search engines rather than for security.

How does a robots.txt looks like?

# robots.txt created by http://www.pixelbytelab.com
User-agent: *
Disallow:

The above information tells the search engines to crawls & index all the directories and no need to omit any directories.

# robots.txt created by http://www.pixelbytelab.com
User-agent: *
Disallow: /

The above information tells the search engines to not to crawl & index any directory.

As it is already told robots.txt is very simple, a simple “/” could make search engines not crawl & certainly would affect the SEO rankings.

As per one’s needs, after uploading robots.txt in the root directoy do not forget to set permissions for the search engines to crawl.

If you have any issue with the timing in the web server, then relay timing can be set in order make each crawler to access the web directory with a delay.

Most commonly known search engines bots are :

Googlebot, MSNBot (Bing), Yahoo slurp, Ask Teoma, Gigabot, Scrubby, Robozilla, Twiceler

The below example is a combination of allowing & disallowing bots,

# robots.txt created by http://www.pixelbytelab.com
User-agent: Googlebot (Allows google)
Disallow:
User-agent: MSNBot (Allows Bing)
Disallow:
User-agent: Slurp (Allows Yahoo)
Disallow:
User-agent: Teoma (DisAllow ASK)
Disallow: /
User-agent: Gigabot (DisAllow gigablast)
Disallow: /
User-agent: Scrubby (DisAllow scrub the web)
Disallow: /
User-agent: Robozilla (DisAllow Dmoz)
Disallow: /
Crawl-delay: 60 (This is the timer used for delay)
Disallow: /log/ (directory to disallow)

Aspects & axiom of design are the architectural blocks of the design that are used to innovate the art of work. Ingradients of art contains sketch, drawing, painting etc. Nice (or) worse – Most of the design will meet up the below constraints if not all.

The axiom of design can be thought of as what we do to the ingradients of design. How we apply the design axioms determines how successful the design can be.

THE ELEMENTS OF DESIGNING :

LINE : There are two ways a line can be deduced. The attenuated impression made with a pen/pencil/brush (or) the bound created when 2 shapes meet.

SHAPE : A shape is a spatial arrangement of any element of geometric form. Goemetric is nothing but math science of shape.

DIRECTION : Every line will have a direction. Let it be, Horizontal, Vertical or Oblique. Horizontal suggests composure, endurance & calmness. Vertical gives evenness, convention & agility. Oblique gives action & direction.

SIZE : Size is the relationship of the goemetric form clocked up one after other.

TEXTURE : Texture is the surface finish of a shape – tangled/smooth/flashy etc. Texture can be visual too.

COLOR & VALUE : Color is also known as “Hue”. Darkness/Delicacy of a color determines the color value. Value is also known as “Tone”.

THE PRINCIPLES OF DESIGNING :

BALANCE : Big shape near the center can be attuned by a small shaped element close to the bound. Big light valued shape will be balanced by a small dark valued shape (Darker the shape appears to be heavier)

REPETITION : Repetition with alteration is absorbing, but without variation repetition can become toneless. If you want to develop attraction with repeating elements, then there should be some degree of variation.

HARMONY : Harmony is nothing but visual pleasing. It is the effect of combining related/similar elements. For eg. , near by color combination, sampe type of shapes etc.

DOMINANCE : Dominance gives a special interest for a designer to counterbalance perplex and monotous situations. To give more prominence, dominance can be applied to few elements.

While developing a website, PHP & ASP are the most common/popular. Which has the upper hand, Check out the reasons below,

Both the programming languages are used to develop dynamic websites. They both can connect & interact with the database. ASP is a microsoft product & uses IIS(Internet information server) that runs on Microsoft server whereas PHP(Hyphertext Preprocessor) designed from parsing language later developed by many.

PHP & ASP has many differences :

Price/Cost Comparison :

Internet information server is essential to run ASP scripts, eventually it is not free. On the otherhand, PHP scripts runs on Linux/unix. Even the database connection is not free in ASP. It requires MS-SQL, again a product of Microsoft which needs to be purchased. Whereas, PHP generally connects with MYSQL is which is free for use.

Comparing Fastness :

While executing & running ASP & PHP scripts, PHP has an upper hand over ASP when it comes to speed. PHP scriots/code is faster than ASP. ASP is build based on component based model which consumes server space whereas PHP scripts/code runs on its own allocated memory space.

Platform Compatibility :

PHP scripts/code can run on various plank like Unix/Linux/Windows/Solaris whereas ASP scripts/code primarily runs in windows. It can be run in Linux with Apache-ASP installed.

Extra Costs :

Since PHP is open source, lot of free tools are available free of cost. Many builtin features like E-Mail, FTP, code encryption methods are available by default but in ASP they require additional installation. Hence, one needs to purchase these features as they are not available for free.

Deriving Language from :

Even though C++(Include C) is pretty old programming languages, but it is still considered to be the best among developers. PHP programming is based on C++. If one is quite familiar with C++ then PHP coding will be very easier. ASP is based on Visual basic which is also a product of Microsoft. Hence, it depends on individual style & comfort.

Both programming languages ASP & PHP has its own pro’s & cons. Many would say choosing between them is based on a user’s requirements. In many surveys & research, many feel that ASP is quite equivalent to PHP. But for me choosing PHP might be better choice than ASP.

A new phone named “kin” was unvieled by microsoft to target young users & for social networking purpose.

The phone was mainly designed & developed for people to share & get in touch with friends-family from anywhere.

It is the first phone to access Zune & has a high resolution camera to capture pictures & videos with high quality.

This product can compete with its counter rivals Google, Apple & others.

In USA, Phone will be available for sale in this MAY & in Europe, it will be available by the end of this year. The cost of the phone is yet to be known.

About Kin :

Kin has exquisite touch screen and a slide in/out keyboard. The front screen is always turned on so that recent updates like, SMS, Images, shared lists are known & also the happenings among friends.

There is a special feature in the phone called “SPOT” where users can drag & drop images, videos, etc. and can decide whom to share with. The phone connects with prominient social networking sites(Twitter, Facebook, Myspace).
Any new happening created on the phone can be organized & published online and can be accessed online by any web browser.

Mr.Derek Snyder one of the product manager who was in the phone development said that “Social networking is the heart of this phone”. It will have a great experience while working with it.
Microsoft has made a new trend by offering their software to phone makers as well as offering complete control in hardware as well as software.

There was an interesting question asked while the launch, “Will it be possible to complete with the rivals?”
In the current market, Blackberry smart phones & Apple Iphone are the leaders, it is going to be tough to beat among the consumers.
“It is certain that Microsoft is behind in this field, but there is a lot to be liked”, told by analysts.

“Microsoft reckon they can come through this competetive market & more importantly their effort to get into the consumer market is a excellent thought. I think it’s a good move.

With reference to Canalys research firm, Microsoft’s contribution in smart phone has about 9% totally. That makes them 4th behind Apple, Symbian & Rim.

We can get too technical & go writing for pages about the features of the Pbware cart, instead we would like to tell the basics. It was exciting to see what our customers where able to make out of our cart.

General Features of our Shopping Cart:

• First thing first, good features simple to use

• No installation required. Any standard web browser is enough to work.

• No limit in adding categories & products.

• Storage manager is completely web based.

• Lot of customization & options available while managing products.

• Order status e-mail for store owner & the customer.

• Simple product filter capabilities.

• NO extraordinary server side capabilities are required

• Error Tracking.

• Cart designed for adding new plug-in in simple way.

• Multiple payment options available. Absolutely configurable as per the customers needs.

• All the formatting are done with CSS.

• Cookie Tracking with IP address for backup.

• Dynamic page creation using database.

• Complete Order & Report management.

• Total & Free support.

Check Out Features:

• VAT, Sales Tax calculation by zones & country.

• Wide range of shipping methods available. Any logistics carrier can be customized for you.

• Discount calculation per product.

Important/essential  Features:

• MD5 encryption for product & password information for complete security.

• Advanced security on the check out page to prevent any hack attempts.

• Advanced IP blocking feature available.

• Shop in Shop available on customer request.

• Rating for every product IP/Login Based.

• Multilanguage Support

Member Login  Features:

• Login members to store their wish lists.

• Review of products

• SEO friendly url creation for each product.

• Redeem/coupon for members.

• Customer Accounts details.

Pbware cart does not end with the above basic features. It has advanced features what an e-commerce business would need & we can customize features for very business. We listen to the customers requirements and develop & customize accordingly. For more information, get in touch with us.

We wanted to prove that working on shopping cart cannot get easier than this. Thats what we hear from our customers. That makes us to win & move on with high end development.

The days are gone for coding PHP applications from the beginning. Below are the 4 best future generation PHP frameworks. All these frameworks have some innovative thinking aspects that makes them better from the other PHP frameworks. We can say that, its no longer essential to develop a PHP application from the beginning. These frameworks allows you to create & work on a application easier.

CAKEPHP
CakePHP have announced their stable version recently. CakePHP OOPS nature allows the developer to begin with the coding rightaway if they are familiar with oops concepts. Like other frameworks told here Cake is very keen on RAD – rapid application development with AJAX technology. If you want to work on a PHP framework, CakePHP can be the ideal choice, since the announce of its 1.0 release, it will ensure the choice of stability.

ZEND
Zend is one of the best application development tool and with over 1 Lakh download Zend’s reliability cannot be underestimated. They are partner with prominent website www.ning.com, a platform for creating best web applications. Zend shows to be the future of the of web application development.

SYMPHONY
We have developed many web application using symphony framework. It speeds up the development and maintenance of web applications. One can say, its not just about easy to work with it by knowing PHP but gives you full control over the application with easeness.

PHP ON TRAX
PHP Trax is known as PHP on Rails as it is same as working in Ruby on Rails(ROR). Like ROR and the other PHP frameworks, PHP on Trax works on model view controller pattern. If you are a ROR developer and you want to develop with rails but not so much familiar with PHP development, then PHP Trax would be the ideal choice.

While all these PHP frameworks are specific with their need they all ensure quality to redefine the modern web. It is known that all these frameworks are based on OOPS concept, it is easier for development. We are working on these PHP Frameworks that makes us successful.

The main reason we started developing web applications is because it seems to be interesting in our development process as well as our clients love that. The following list of tools we have used in our projects and others, covering our complete technology stack that includes desktop, hosting and server applications as well. We would like to hear about any other tool that you use in your designing & development process.

Cake PHP

Cake PHP is an open source PHP web application framework that is for developers happiness and efficient productivity. We prefer this framework as we have been using it for the past couple of years & it has excellent technological updates.

Textmate

Textmate is a simple text editor for Mac operating system. we started using this couple of years back. Soon then, we started used it in a lot of screen-casts that proved various web development technologies. It looks like a simple editor, but it has a lot of exciting features under the hood.

Firebug

Firebug is a simple plug-in for Mozilla Firefox that has many web development options. The main purpose that we use it is to inspect feature. This allows us to inspect any HTML element at any time, Server side responses, Java script load, no. of HTTP requests & many more.

Basecamp

We use Basecamp to manage all our projects. It allows to set a schedule for each tasks with milestones and track our messages/interaction and dos-dont’s all under one place.

MySQL

MySQL is an database(Open Source) that we use for our web applications. Another excellent package that we use is PostgreSQL.

Linux

We use Linux as our server operating system for close to a decade, since we strated developing web applications. Most of the tools we use are based on this platform.

Microsoft have released the Beta version of Internet Explorer(IE) 9. After having a look at it, I can say that the user interface is quite simple. This looks more than a web browser (Not even an address bar). Still, it gives an excellent look. Most important thing, it supports HTML5, it is the uptrend version of the Hypher text mark-up language that can assist more dynamic webpages, video playing, and geo-location. Now Internet Explorer 9 might become closer rivals to Mozilla Firefox, Apple Safari and Google Chrome in terms of usability & functionality. Microsoft concentrated more towards web standards. IE9’s Acid testing — a good test measure to check how a web browser follows the standard web standards — got a score of 55%. Whereas, Firefox 3.7, in comparison, scores 97%, so still not upto the mark. IE9 also proved its improved accession with CSS(Cascading Style Sheets), including rounded curves/corners (if you’ve worked in the previous version of IE, this is definitely a tender spot). IE9 seems to be compatible with CSS-3, which is currently under progress. To match with the modern web technology, Microsoft had to drop down few things. The important one: IE9 will not be compatible with Windows XP. That can be a smart move, as Windows 7 could become more popular sooner. Most importantly, Internet explorer9 can be web compliant and advanced as possible. Microsoft have to do a lot to bring back website users and web developers; its popularity declined as other competitors brought advanced version in the modern web technology. It is a good start though, that Microsoft has started taking its web browsers rivals quite seriously.