Need Checklist for websecurity

I want to have a checklist which will give my code more secure for web.
Where I need to make my code more secure. Java,jsp,servlets and frontend html.
Please suggest me sites or checklist which i have to be noted while writing java /j2ee based applicaions.
kiran

HI ,
Actually I have seen your link today but I could not find any websecurity related info there.
Could youplease suggest me exactly the link where I can search for the checklist and all.
Regs
Kiran

Similar Messages

  • Need Checklist for migrating MS SQL 2005 SP2 to MS SQL 2012

    Dear Member,
    We are in process of  migrating our MS SQL 2005 SP2 db engine / SSIS/SSRS services to 2012.Need to know steps/checklist and experiences of migration.
    I have read on Microsoft site (http://msdn.microsoft.com/en-in/library/ms143393(v=sql.110).aspx), that we can only migrate SQL 2005 with SP4 to SQL 2012.Do we need to upgrade first existing 2005 SP2 to SP4 and then start migration.
    Regards,
    Mahesh 

    Hello,
    Yes, you need to apply SP4 first, if you choose to perform an in-place upgrade.
    You have the option to perform a side-by-side upgrade too. Please refer to the following guide:
    http://download.microsoft.com/download/9/5/3/9533501A-6F3E-4D03-A6A3-359AF6A79877/SQL_Server_2012_Upgrade_Technical_Reference_Guide_White_Paper.pdf
    Hope this helps.
    Regards,
    Alberto Morillo

  • WebSecurity!!  - Checklist for coding servlets,jsp etc.

    HI Friends,
    I need a checklist which can give me detials where I have to concentrate on security related issues like login, cookies, request from user, sessions, .. database sql injection topics ...
    Please give me the checklist related info for websecurity.
    regs
    Kiran

    I think i m using my hands to type..
    kiranand you're apparently not using your brain to think (note, I do still have the hope that you are in posession of one).

  • Checklist for Exchange Certificate issues

    Checklist for Exchange Certificate issues
    1. 
    Why certificate is important for Exchange and What are Certificates used for
    Exchange is now using certificates for more than just web, POP3, or IMAP. In addition to
    securing web services, it has also incorporated Transport Layer Security (TLS) for session based authentication and encryption.
    Certificates are used for several things on Exchange Server. Most customers also use certificates
    on more than one Exchange server. In general, the fewer certificates you have, the easier certificate management becomes.
    IIS (OWA, ECP, EWS, EAS, OA, Autodiscover, OAB, UM)
    POP/IMAP
    SMTP
     2. 
    Common symptoms for
    certificate issue
    Here we can see three different types of the certificate warning, mainly from the Outlook
    side.
    a.
    Certificate mismatch issue
    b.
    Certificate trust issue
    c.
    Certificate expiration issue
    3. 
    Checklists
    In this section, checklists will be provided according to the three different scenarios:
    Certificate Mismatch Issue
    [Analysis]:
    This issue mainly occurs because the URL of the web services Outlook tries
    to connect does not match the host name in the certificate.
    [Checklist]:
    Firstly make sure how many host name in your certificate the certificate. Run “Get-ExchangeCertificate | select certificatedomain”.
    Secondly, check the web services URLs which Outlook are trying to connect to. Run “Test Email AutoConfiguration”
    In this scenario, you need to check the host name for the following services:
    Autodiscover
    EWS
    OAB
    ECP
    UM
    If any of the urls above does not match the one in the certificate, refer to the following article to change
    it via EMS:
    http://support.microsoft.com/kb/940726
     1.
    Do not forget to restart the IIS service after applying the changes above.
     2. Make sure a valid certificate is enabled on the IIS service.
    Certificate Trust Issue
    [Analysis]:
    For the self-signed and PKI-based (Enterprise)
    certificates, they are not automatically trusted by the client computer or mobile device, you must make sure that you import the certificate into the trusted root certificate store on client computers and devices. On the other hand, Third-party or commercial
    certificates do not have this problem. Most commercial CA certificates are already trusted because the certificate already resides in the trusted root certificate store. Because the issuer is trusted, the certificate is also trusted. Using third-party certificates
    greatly simplifies deployment.
    [Checklist]:
    If it’s an Enterprise CA certificate, manually install the root certificate to the “Trusted Root Certification Authorities” folder:
    If it is a 3<sup>rd</sup>-party certificate, first remove and reinstall the certificate. Check whether the Windows Certificate Store on the local
    client is corrupted. If it still does not work, please contact the third-party CA support to verify the certificate.
    Certificate Expiration Issue
    [Checklist]:
    When a certificate is about to expired, we just need to renew it by referring the following article:
    Renew an Exchange Certificate
    http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx
    To avoid any conflictions, it’s recommended to remove the expired certificate from the certificate store.
    [How to set a reminder to alert the administrator when a certificate is about to expired]:
    It’s easy to fix the certificate expire issue. But it should be more important to set a reminder before the
    certificate expiration. Or there can be a large user impacts.
    Generally, the Event ID “^(24|25)$” will appear in Application log when a certificate is about to expire.
    If it’s not quite visible, we can refer to the following solution:
    http://blogs.technet.com/b/nexthop/archive/2011/11/18/certificate-expiration-alerting.aspx
    OWA certificate revoked issue
    [Analysis]:
    IE
    includes support for server certificate revocation which verifies that an issuing
    CA has not revoked a server certificate. This feature checks for CryptoAPI revocation when certificate extensions
    are present. If the URL for the revocation information is unresponsive, IE cancels the connection.
    [Solution or workaround]:
    1. Contact CA provider and check whether the questioned certificate is in the Revoked List.
    2. If not, check whether the certificate has a private key.
    3. Remove the old certificate and import the new one.
    Workaround:
    IE Internet Options -> Advanced tab -> Clear the "Check for server certificate revocation"
    checkbox.
    4. 
    More References
    Digital Certificates and SSL
    http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
    More on Exchange 2007 and certificates - with real world scenario
    http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx

    (Reported previous post with link to SIS package to moderator)
    This is not the correct SIS package for the N73. The package shown is for S60 3.2 devices, but the N73 is not S60 3.2, I believe it is S60 3.0.
    Most features may work with this SIS, but if you experience strange problems, try using the S60 3.0 version.
    But there are no significant difference between 2.5.3 and 2.5.5 with regard to attachments. The only changes were with localization (languages).
    At this point, try 2.7.0 which is out now:
    http://businesssoftware.nokia.com/mail_for_exchange_downloads.php
    Make sure to pick the right phone on the drop down list. It does matter! There are 4 different packages. This list makes sure you get the right one.
    I have seen some issues with attachments not completing that seem to be carrier dependent. You can test this my using Wifi (if possible).
    Message Edited by m4e_team_k on 28-Sep-2008 12:25 AM

  • Checklist for migration from oracle 9i to oracle 10g DB

    Hi all,
    My previous DB was Oracle 9i.I want to migrate it to Oracle 10g DB.
    So can anybody provide me the checklist for the same ?
    Thanks in advance....

    It doesn't matter how long this process may take to read the entire upgrade documentation. You are supposed to perform this procedure first on a testing environment prior to perform it against the actual production database, you can take all the time you need to customize trim and tailor the procedure to your particular environment requirements. Don't expect anybody else to provide a shortcut, you will find at the end it will take you more time to correct missing upgrade steps and you will -most probably- have to read much more google references and metalink documents that will size bigger than the upgrade guide.
    I suggest you to read through the upgrade document, and don't look for shortcuts. I also suggest you to document issues you may find when performing the upgrade. In my particular scenario I had to deal with an ORA-04030 error, among other things after I performed an upgrade process. You may want to take a look at the not documented Issues I had to face after a production upgrade, and even though I read through the upgrade guide and performed several testing upgrades, there are issues such as user's actual workload that cannot be accurately measured in a testing environment.
    Ref. Issues found when upgrading 9.2.0 to 10.2.0
    ~ Madrid
    http://hrivera99.blogspot.com/

  • Windows Monitoring Checklists for SCOM 2012 R2

    Hi All,
    We are in SCOM 2007 to 2012 migration stage where we will have to check Windows monitoring with SCOM 2012 that how it works better than 2007, what all new components to be considered and focused. Kindly share if you have any checklists to be verified before
    we proceed further. Usually resources like CPU, Memory, File System and Network Performance, Services, events and logs monitoring would be considered. Help to get if anything I missed to list out here.
    Thanks.
    Regards,
    Raj.

    Hi,
    If you are looking for system requirements for installation of SCOM 2012 R2, please refer to the below link:
    System Requirements: System Center 2012 R2 Operations Manager
    http://technet.microsoft.com/en-us/library/dn249696.aspx
    And more details about how to upgrade from SCOM 2007 R2 to newer version, the below article should be helpful.
    Upgrading from System Center Operations Manager 2007 R2
    http://technet.microsoft.com/en-us/library/hh476934.aspx
    We should import management packs according to your environment and your need. For example, to monitor Windows operating system, we should import Windows operating system management packs.
    To monitor AD, we should import Active Directory corresponding management packs.
    Regards,
    Yan Li
    Regards, Yan Li

  • Complete checklist for oracle 11.2.0.4 environment variables on AIX 6

    Hi,
    Can anyone give me the Doc ID for complete checklist for oracle environment variable 11.2.0.4 on IBM AIX 6 platform (64 bit).
    Because we get the following from IBM website, we wonder if any other oracle variable need to make a change, or will impact upgrade correctly on AIX.
    “AIX 5.1 uses an environment variable LIBPATH when loading shared libraries. AIX 5.3 uses LD_LIBRARY_PATH
    instead. For backward compatibility, AIX5.3 still uses LIBPATH if it is defined.”
    URL: http://www-01.ibm.com/support/docview.wss?uid=isg3T1015835
    So we can actually define both -
    LIBPATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LIBPATH
    LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; /usr/local/lib export LD_LIBRARY_PATH
    there are less companies use AIX to run oracle database than those use Unix/Linux; we are planning upgrade oracle database 11.2.0.3 to 11.2.0.4 on IBM AIX (64bit) os level 6, so we need to double-confirm this.  FYI.
    thank you very much!

    Hi Abhi: the Doc URL you give me (<e48740>) it doesn't help much. It doesn't tell much about environment variables for oracle.  I have the following sample for oracle .profile at IBM AIX 6.1, is it Ok enough for us as basic setting?
    vi /home/oracle/.profile
    # Oracle variables
    umask 022
    TMP=/tmp; export TMP
    TMPDIR=$TMP; export TMPDIR
    ORACLE_SID=meps; export ORACLE_SID
    ORACLE_BASE=/ora_bin01/u01/app/oracle; export ORACLE_BASE
    ORACLE_HOME=$ORACLE_BASE/product/11.2.0; export ORACLE_HOME
    TNS_ADMIN=$ORACLE_HOME/network/admin  export TNS_ADMIN
    PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch:/usr/sbin:/usr/ccs/bin; export PATH
    LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/lib32:$ORACLE_HOME/rdbms/lib:/lib:/usr/lib;/usr/local/lib export LD_LIBRARY_PATH
    LIBPATH=$LD_LIBRARY_PATH export LIBPATH
    CLASSPATH=$CLASSPATH:$ORACLE_HOME/jdbc/lib:$ORACLE_HOME/jre:$ORACLE_HOME/jlib:$ORACLE_HOME/network/jlib:$ORACLE_HOME/oui/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH
    Note:
    there are optional environment variables: TNS_ADMIN(optional), NLS_LANG (optional), TWO_TASK (optional)
    thank you!

  • Upgrading checklist for 10gr2

    Hi all,
    I am preparing for a upgrade project Oracle database from version 9i (standalone instance with non-ASM) to 10g R2 (using RAC and ASM). The platform is moved from x86 server to IBM Power server.
    I need typical checklists for this upgrade to follow, and upgrading is easier. So, would you like provide some typical checklists which can be applied in this case?
    Many thanks,

    hi, see http://download.oracle.com/docs/cd/B19306_01/server.102/b14238/upgrade.htm
    http://www.databasejournal.com/features/oracle/article.php/3581481/Upgrade-Oracle-9i-RAC-to-Oracle-10g-RAC.htm

  • Environment Readiness Checklist for Application Test in an SAP CRM project

    Hello Experts,
    I am working for a very large SAP CRM implementation project at my firm. I am part of Application Test team responsible for carrying out all due dilligence before test begins. I need your help to prepare a detailed checklist for Environment Readyness covering below items like
    - Transport (Custom Build as well as Config)
    - Checking and ensuring that code and config is moved successfully
    - Number Range Set Up
    - Manual Configurations ( partner profile creation, initial ALE config
    - Initial Master Data creation ( reference customer,register groups,enter values in some custom Z-Tables ,service providers etc etc..)
    - Any other item which you I should take into account
    Regards
    Rohit

    Hello Sumanth,
    By going to System -> Status -> SAP System Data -> View Components, you should be able to see the soft components which are installed in your system, I guess.
    These soft components corresponds to the business suite applications which are installed.
    This is what you wanted ?
    Thanks and Regards, Pradeep

  • Checklist for setting up BI QA box

    Hi Gurus,
    Can you please provide me the checklist for the BI QA/Prod box.
    We are in the process of building our QA and Prod. box.
    Thanks,
    SAPIAN

    Hi,
    As for the case
    There is a Preupgrade phase wherein u need to follow the points listed below.
    1.Activate all requests in the ODS and Data targets.
    2. All Transfer and Update Rules should be activated
    3.     All Info Cubes should be activated
    4.     Master data consistency [Execute report RSDMD_CHECKPRG_ALL]
    5.     Transport requests [Release transport requests and repairs. No request should be in Modifiable version.]
    6.     Deactivate all Process chains
    7.     Remove unnecessary BW temporary database objects
    8.     Delta Queue should be Empty
    9.     Validate the missing indices in DB02
    10.     Check Info-Objects Status.[RSRV: extensive check]
    11.     Check the status of all support packages (via transaction SPAM)
    12. Determine strategy for downtime minimized or resource minimized
    13.Using the SAP BW Analysis Tool (transaction RSRV), perform extensive tests on all important SAP BW Objects; ensure their correctness prior to the upgrade.
    14. Report ANALYZE_RSZ_TABLE to find double entries in SE38
    We have the PREPARE PHASE next.
    Followed by post upgrade activities.
    Hope it helps.
    Regards
    Govind.

  • Need Suggestion for Archival of a Table Data

    Hi guys,
    I want to archive one of my large table. the structure of table is as below.
    Daily there will be around 40000 rows inserted into the table.
    Need suggestion for the same. will the partitioning help and on what basis?
    CREATE TABLE IM_JMS_MESSAGES_CLOB_IN
    LOAN_NUMBER VARCHAR2(10 BYTE),
    LOAN_XML CLOB,
    LOAN_UPDATE_DT TIMESTAMP(6),
    JMS_TIMESTAMP TIMESTAMP(6),
    INSERT_DT TIMESTAMP(6)
    TABLESPACE DATA
    PCTUSED 0
    PCTFREE 10
    INITRANS 1
    MAXTRANS 255
    STORAGE (
    INITIAL 1M
    NEXT 1M
    MINEXTENTS 1
    MAXEXTENTS 2147483645
    PCTINCREASE 0
    BUFFER_POOL DEFAULT
    LOGGING
    LOB (LOAN_XML) STORE AS
    ( TABLESPACE DATA
    ENABLE STORAGE IN ROW
    CHUNK 8192
    PCTVERSION 10
    NOCACHE
    STORAGE (
    INITIAL 1M
    NEXT 1M
    MINEXTENTS 1
    MAXEXTENTS 2147483645
    PCTINCREASE 0
    BUFFER_POOL DEFAULT
    NOCACHE
    NOPARALLEL;
    do the needful.
    regards,
    Sandeep

    There will not be any updates /deletes on the table.
    I have created a partitioned table with same struture and i am inserting the records from my original table to this partitioned table where i will maintain data for 6 months.
    After loading the data from original table to archived table i will truncating the original table.
    If my original table is partitioned then what about the restoring of the data??? how will restore the data of last month???

  • I have problem with buying in games , I got the massage that the purchased can not be completed , please contact iTunes support.. I need help for my case please

    I have problem with buying in games , I got the massage that the purchased can not be completed , please contact iTunes support.. I need help for my case please

    http://www.apple.com/support/itunes/contact/

  • I am locked out of my iPad, I can't back it up because it won't connect to iTunes (because it's locked with a password) and I need it for school, it has all of my school work on it and the school doesn't have or passwords. PLEASE HELP ME!!!

    I am locked out of my iPad 2, I can't back it up because it won't connect to iTunes (because it's locked with a password) and I need it for school, it has all of my school work on it and the school doesn't have or passwords. I can't loose all of my work. PLEASE HELP ME!!!

    Hi ebby,
    Here are the instructions for a disabled device - hopefully you have sync'd with your computer before now?
    http://support.apple.com/kb/HT1212
    Good luck!
    Cheers,
    GB

  • Can anyone recommend a portable USB 3.0 drive with hardware encryption, compatible with OSX and Windows 7.  I need it for my MacBook Pro 13", 2012, running Mountain Lion

    Can anyone recommend a portable USB 3.0 drive with hardware encryption, compatible with OSX Mountain Lion and Windows 7.  I need it for my MacBook Pro 13”, 2012, running Mountain Lion & Windows 7 Ultimate - BootCamp.  I’ve heard that the Buffalo MiniStation Encryption does not work with OSX, is that true..?  I'd like it to work with both operating systems, using the built in hardware encryption.  Thanks

    This article may help: A flashing question mark appears when you start your Mac.

  • I have a mixer which i was using with my pc and now i bought a new macbook and it have only one jack for headphones and to use mixers i need jack for microphone too so what should i do

    i have a mixer which i was using with my pc and now i bought a new macbook and it have only one jack for headphones and to use mixers i need jack for microphone too so what should i do

    You need to get headset splitter adapter.
    http://www.startech.com/Cables/Audio-Video/Audio-Cables/35mm-4-Position-to-2x-3- Position-35mm-Headset-Splitter-Adapter-Male-to-Female~MUYHSMFF

Maybe you are looking for