Ebase Xi (from ebasetech.com) 4.5.2 is a rapid application development platform I recently encountered at a client. The previous developers had left and a security audit revealed that the (many) forms they built with Ebase Xi were susceptible to SQL Injection. In this blog post I will tell how I fixed the SQL Injections and discovered some interesting things along the way.
05 December 2014
16 October 2014
There are two camps within our ranks: the first camp believes the front- and back-end should be completely separated, where both applications have separate version control, build processes, and deployments.
Disclaimer: I'm in the camp that believes strongly in separating the two. So I want to argue the case for separating front- and back-end completely in the post.
07 October 2014
Aggregations in MongoDB
The MongoDB aggregation operations allow us to process data records and return computed results. Aggregation operations group values from multiple documents together, we can perform a variety of operations on the grouped data to return a single result. Spring Data Mongo makes the usage of this feature from your Java application very easy.
15 June 2014
A web-application is never finished. Even when no new features are being developed new vulnerabilities may be found in the frameworks used in the application requiring a patch or an upgrade. Are you actively monitoring the frameworks that are in use in your applications? My guess is no, or at least not all of them. Well, luckily enough OWASP has a very nice utility that easily integrates into a build environment and can do most of the hard work for you. Let me tell you about it.