ESAPI - Securing Java Applications

Securing Java Apps using ESAPI

1. Add maven entries:
<dependency>
    <groupId>org.owasp.esapi</groupId>
    <artifactId>esapi</artifactId>
    <version>2.1.0</version>
</dependency>



2. Add ESAPI.properties and validation.properties inside src/main/resources
     http://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
http://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/validation.properties

3.  Create class as an access point

public final class OracleEncoder {
   //private static final Code ORACLE_CODEC = new OracleCodec();

  public static String encode(String value) {
    return ESAPI.encoder().encodeForSQL(ORACLE_CODEC, value);
  }
}

@Configuration in Java

http://docs.spring.io/spring/docs/3.1.x/javadoc-api/org/springframework/context/annotation/Configuration.html

public @interface Configuration

Indicates that a class declares one or more @Bean methods and may be processed by the Spring container to generate bean definitions and service requests for those beans at runtime, for example:

 @Configuration
 public class AppConfig {
     @Bean
     public MyBean myBean() {
         // instantiate, configure and return bean ...
     }
 }

 <beans>
    <context:annotation-config/>
    <bean class="com.acme.AppConfig"/>
 </beans>

vs 

 @Configuration
 @ComponentScan("com.acme.app.services")
 public class AppConfig {
     // various @Bean definitions ...
 } 

Vim shortcuts

Tonight went to vim meeting, and learnt some cool new tricks.

gvim

vim-adventures.com

h
j
k
l
Ctrl + R
u
J
:earlier 30s
:later 5m
.
&
5j
w

vit

5cw
I
o
O
a
A
set number
set list
b
%
: set match pair ':'

:helpgrep <find>

HomeBrew installation in Mac OSX. Missing package manager

This is the missing package manager in Mac. It downloads, and installs ruby, gradle, scala, sbt, etc with few command line. I was really giddy to make this discovery couple of days ago while trying to learn Scala via coursera.

To install brew:
1. Open terminal, and run the following command.
2.  ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"


this will download brew into /usr/local/Cellar

In this location it will contain all the other downloads.


 or use
- mkdir homebrew && curl -L https://github.com/mxcl/homebrew/tarball/master | tar xz --strip 1 -C homebrew

you are good to go, and run
- brew ruby install
- brew gradle install

This was fascinating for me as it removed all the steps to download zipped file or tar file, setting up necessary folder, PATH variables, and repeating the process to get new packages.

Tracking Knowledge & Java postings.

I want to start a blog that way I can track my learning, and it can be a go to place for myself as well as others for Java/ J2EE related questions. You are welcome to comment, and figure out a way a better way to do things. My language is not polished, and I am hoping to make it better through this avenue. I will try to post everyday. I will post some good links as well as what I learnt throughout the day.

Sunday Computer Repair & Setting up Stand

Sunday, 9/25/2011

I finally decided to take a stab at the HP Pavilion dv6t quad edition(XW898AV-5CH1170PCB) laptop. I bought this laptop 5 months ago for my brother, but the day I bought it started giving me problems, and blue screen of death was the biggest one. I got really fed up of it, and formatted the entire computer. I replaced the Windows 7 Home edition with a Ubuntu 11. I am a huge fan of Ubuntu OS. Even after I placed Ubuntu, I kept on having issues with OpenOffice. It would type multiple characters, and there was a lot of delay whenever I tried tryping my documents. For me this was a minor issue, but for my brother it wasn't a pretty picture. I caved into his request, and formatted the laptop with Windows 7 Professional. I had a spare copy from McKendree MSDN software. 

I thought my troubles would go away with Windows 7, as it has plug and play features, but to my chagrin, it didn't install most of the drivers. The only thing working was keyboard, and CD/DVD drive. Either way I meticulously trucked along, and searched for drivers in hp.com. I searched with HP Pavilion dv6t, and it routed me to software download page. I thought this is it, I found the magic potion, but to my dismay again this was a wrong software again. This was me about a month ago. Couple of weeks later I ran into a blog in Lifehacker.com which mentioned free software that details all the hardware in the system. I was busy again, so I stalled the project in back burner. 

Finally on Saturday night it rang into my mind, so I downloaded Hwinfo64 to figure out what kind of hardware my laptop has. It showed me the devices, and after performing stringent Google search on the devices I was able to find a driver for chipset. I had that installed, and some conflicts in hardware were resolved in the device manager. This process wasn't straightforward like downloading form the internet, as the ethernet card, and USB port weren't working. The best way to troubleshoot came in the form of enabling ethernet, and then installing required drivers from the internet. I was able to do that for most of drivers, except for now 2 issues from 15. I tried on and on, and finally caved into HP's customer service. 

I talked with the chap from Pakistan, and he gave me correct model number of my laptop. I was a superhero now, I finally finished another issue, and re-downloaded all the drivers. Now the last bit of issue remains that of USB conflict. Only 1 USB works out of 4, and HP is sending me the recovery CD. Hopefully by Wednesday I should be able to fix the last remaining issue. 

Oh!!! the registration with the Microsoft was also a big bugger. I couldn't deauthorize the installation from the old computer, so it's still asking me for the key. This will be solved with the another MSDN download hopefully. Either way I can mark this as 95% complete regarding my hardware setup.