SQL Injection attacks are one of the easiest ways to hack into a website. One
recent hack, using a script from verynx.cn, involves injecting SQL into a
that then gets executed on the client side when a user views a
database-driven page. To learn more about this hack, go to this link.
If you're using ColdFusion, to harden your website from sql injection attacks
add the following code to your Application.cfm file. If you're not using
ColdFusion, you can translate this code into the language you're using and it
should still work.
I recently spent the weekend up in the lakes region of New Hampshire, and made the rounds of all the various country stores and craft shops that are a staple of the area. In one shop, I noticed something I hadn’t seen in a long time: a large set of Russian nesting dolls. The quality, craftsmanship, and level of detail were impressive. As I removed the cover on the first intricately painted doll, nestled inside was the next, slightly smaller one, a duplicate of the outer doll, with all of the same detail on a slightly smaller scale. As I continued opening each successive doll, revealing the nex...
Nov. 24, 2015 07:00 PM EST Reads: 262
Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined. Sometimes Employee might publish things that might be sensitive in nature and these things might lead to compromise of a system.
Nov. 24, 2015 07:00 PM EST Reads: 241
Cybersecurity is a complex field, and with laws varying across states and countries, keeping cloud usage compliant can become a real headache for enterprise security decision-makers. As regulations continue to lag behind the rapid pace of technological advancements, many IT security professionals turn to the expertise of cybersecurity lawyers, who not only understand the ambiguities of the law, but are also able to secure and protect their employers’ interests in the case of a breach. Cybersecurity attorneys are not necessary, however, for everyday operations. While they play an important role...
Nov. 24, 2015 07:00 PM EST Reads: 202
A capability model is a structure that represents the core abilities and competencies of an entity (department, organization, person, system, and technology) to achieve its objectives, especially in relation to its overall mission and functions.
Nov. 24, 2015 06:30 PM EST Reads: 4,450
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now all corporate assets – people, objects, and spaces – can share information about themselves and thei...
Nov. 24, 2015 05:30 PM EST Reads: 136
Yellow Pages (YP) has developed a massive enterprise data warehouse with near real-time reporting capabilities that pulls oceans of data and information from across new and legacy sources.
The next BriefingsDirect big-data innovation case study highlights how Yellow Pages (YP) has developed a massive enterprise data warehouse with near real-time reporting capabilities that pulls oceans of data and information from across new and legacy sources.
We explore how YP then continuously delivers precise metrics to over half a million paying advertisers - many of them SMBs and increasingly through m...
Nov. 24, 2015 04:39 PM EST
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions.
Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessions, I wanted to share some of my observations on emerging trends. As cyber security serves as a fou...
Nov. 24, 2015 04:30 PM EST Reads: 283
The IoT trend brings rise to a plethora of new and useful services that enrich our lives, simplify it, or save us time and money. To provide these kind of connected – and complex – services, software companies must have three different software teams (at least!) and they have to deliver the different, integrated, service components across different platforms and devices. In addition, software upgrades must be coordinated across all environments to ensure service continuity. Only an integrated DevOps platform can provide the traceability, visibility, shared control, and the ability to react qui...
Nov. 24, 2015 04:30 PM EST Reads: 332
You may have heard about the pets vs. cattle discussion – a reference to the way application servers are deployed in the cloud native world. If an application server goes down it can simply be dropped from the mix and a new server added in its place. The practice so far has mostly been applied to application deployments.
Management software on the other hand is treated in a very special manner. Dedicated resources are set aside to run the management software components and several alerting systems are deployed to watch the health of those components. Administrators spend hours each day managi...
Nov. 24, 2015 04:13 PM EST
Test-driven development (TDD) has been around for a while now. Behavior-driven development (BDD), a comparably recent methodology, emerged from the practice of TDD and could reasonably be called a narrower application of TDD.
The TDD process allows a developer to use a failing unit test to express a shortcoming of the system. The next step is to modify the production code to get the failing test to pass without making existing tests fail. BDD more or less takes this same concept and adds the idea that the tests should be written in easy-to-understand language describing the problem domain,...
Nov. 24, 2015 04:00 PM EST
My father used to tell me that the key to success in life was to look people in the eye and give them a firm handshake. But the art of the handshake seems to have died in my generation. I grew up in the era of high fives, forearm smashes and fist pumps. I played baseball, so there were also a lot of butt pats, (but let’s not go into that). It seems like the importance of handshakes and eye-to-eye contact have diminished even further in my daughter’s generation. Every day I watch her friends look down at their smartphones while texting each other “omg hi bff” as they greet each other at school ...
Nov. 24, 2015 04:00 PM EST Reads: 190
The Millennial Generation, aged 18 to 34 is having an increased impact on business technology. Born into the age of the PC and early internet this demographic is more proficient and demanding of apps, devices and IT services than earlier generations. In the past progressive IT organizations would consider this group as a category to accommodate, making the company appealing to college recruits and new hires. More recently however, this generation is now mainstream with increased influence driving IT strategy. They now include partners at large firms, doctors that never used paper charts and ex...
Nov. 24, 2015 04:00 PM EST Reads: 365
There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content. Join @ThingsExpo conference chair Roger Strukhoff (@IoT2040), June 7-9, 2016 in New York City, for three days of intense 'Internet of Things' discussion and focus, including Big Data's indespensable role in IoT, Smart Grids and Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) IoT's use in Vertical Markets.
Nov. 24, 2015 03:30 PM EST Reads: 506
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible.
In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
Nov. 24, 2015 03:30 PM EST Reads: 459
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new data-driven world, marketplaces reign supreme while interoperability, APIs and applications deliver un...
Nov. 24, 2015 03:30 PM EST Reads: 133
About ColdFusion Developer's Journal
ColdFusion Developer's Journal educates and informs novice to advanced ColdFusion developers, generates Ã¢â‚¬Å“buzz,Ã¢â‚¬Â and provides customer examples, tips and more.
ADD THIS FEED TO YOUR ONLINE NEWS READER