| |
|
Session Cookie Review
This is a PHP/Javascript example showing how using Cookie flags can prevent Javascript cookie access. While creating the example I learned that Cookies which are flagged as 'Secure' but not 'HttpOnly' cannot be changed, however the cookie itself can actually be removed by Javascript in the browser. Your handling of each cookie option/flag is important when you are attempting to plan for cookie handling in your web application's system session architecture, and both 'Secure' and 'HttpOnly' flags are necessary in order to ensure the best protection possible.
|
| |
|
Dance Is A Poem - Interactive Movie
This Flash Movie was created by a team of five people (Writer, Director, Artist, and Programmers), as a part of the Masters of Digital Media(MDM) Program at the Center for Digital Media. I helped create the Flash interactivity and attempted to integrate smoothly with the film, without taking away from the flow of action. It was a group effort so I can really only take credit for reading a book on Flash, however I hope you'll agree it is an interesting piece which with today's broadband access allows for significant accessibility, interaction and enjoyment.
|
| |
|
Its Your City - Cultural Content
This Drupal website was created by a team of six people (Project Manager, Writer, Director, Artists, and Programmer), as a part of the Masters of Digital Media(MDM) Program at the Center for Digital Media. I helped create this Drupal website in order to help share video information and content focused on informing people about issues of Locality with in different geographic areas. We had a few user stories we wanted to communicate to viewers. The goal was to allow people to post YouTube/Vimeo videos on the site using pre-made Drupal modules. What follows are the videos and information we collected to describe Vancouver.
|
| |
|
uContact - Address Book
This Java web application has been designed to be easy to use and simple to navigate. A user can Add, Modify, Delete, or Search for contacts already entered. It requires a user to login with credentials for role based activities(username: admin, password: admin).
This three tier web application makes use of an Apache Webserver, a Tomcat Java Application Server, and a MYSQL database. A combination of HTML, CSS, JSP, JSTL, EL, i18n, and well placed graphics provides a visually pleasing interface.
|
| |
|
uEmploy - WebManager
-
SOAP Service
xsd1
xsd2
This Java web application uses the the Java displaytag library to easily display SessionBean object Lists in a configurable table. A user can Add, Delete, or Search for employees. This web app makes no database calls directly, instead it uses a JAX-WS SOAP service provided by a Java Service Endpoint Interface.
This four tier web application makes use of an Apache Webserver, a Tomcat Java Application Server, a Java SEI, and a MYSQL database. A combination of HTML, CSS, JSP, JSTL, EL, displaytag.org, and JAX-WS provide a simple yet powerful interface.
|
| |
|
uEmploy - WebManager
-
REST Service
xsd
This Java web application uses the the Java displaytag library to easily display SessionBean object Lists in a configurable table. A user can Add, Delete, or Search for employees. This web app makes no database calls directly, instead it uses a JAX-RS REST service provided by a separate application server.
This four tier web application makes use of an Apache Webserver, a Tomcat Java Application Server, a JBOSS Java Application Server, and a MYSQL database. A combination of HTML, CSS, JSP, JSTL, EL, displaytag.org, and JAX-RS provide a simple yet powerful interface.
|
| |
|
WebUI Features - JQuery
This is a set of JQuery/Javascript features I have created to illustrate how JQuery is mandatory for any Web UI toolkit:
Picture Viewer
- click on a small picture to see it displayed in frame.
Popup Videos
- mouse over links and pop-up window animations appear.
Vacation Planner
- simple to use UI for selected depature and return dates.
Input AutoChecker
- give a user instant feed back concerning invalid input.
Page Animation
- movable tabs that allow for structured graphical page features
Style Morpher
- an example of how to offer multiple styles for viewing an interface.
AJAX Search Hints
- an AJAX example of how retrieve and process XML, and supply dynamic input hints.
Prevent Unvalidated Redirects
- a Javascript example describing the dangers behind unvalidated redirects.
Session Cookie Review
- a Javascript example showing how using Cookie flags prevents Javascript access.
|
| |
|
Smart Phone - Signing Service
No sample data can be provided to demonstrate this work due to NDA legal documents. Essentially an application server was used to provide signing services to a major smart phone device provider, in order to ensure scheduled software for installation on a device(over a CDN) used only 100% authentic and approved software. An XML document was used for communicating the request, using many different base64 encoded data fields.
|
| |
|
Corinex - Network Management System
No sample application or data can be provided to demonstrate this work due to NDA legal documents. This application was a Windowed non-web application providing device information for network elements used to provide a layer 2 backbone for transmitting Internet data. For more information please refer to a current resume.
|
| |
| |
nCase: Restricted Access Firewall
This program was the subject of an intense
practicum I completed at BCIT, in order to attempt to provide better security
for enterpises engaged in operating SCADA Systems. It was designed to operate
on an Intrinsyc PXA270 embedded Linux board (ie. a handheld sized board). The
configuration provides a firewall that does not allow any external access.
If external access is required a remote client can request to open a port
by using a custom encryption channel. In this way access through the firewall
to the internal network is only available to those that know the custom
encryption/protocol. Access is further monitored by a configuration file that
can be as restrictive as required.
|
| |
| |
Encrypted Covert Channel
This program was designed to offer selective
access to a machine. It is an experimental design attempting to discover
how networks are compromised, rather than to facilitate such an
enterprise.
|
| |
| |
Buffer Overflow Talk
A presentation I created to describe how remote buffer overflow attacks can be perpetrated and prevented.
|
| |
| |
Port Forwarder Daemon
A Port Forwarding Server and message protocol
allows a client to request one machine forward its TCP connections to a
specific remote host:port pair. Full port forwarding request and delete
functionality has been implemented.
|
| |
| |
Simple File Server
A simple file server client application I
created to fulfill a course requirement.
|
| |
| |
Security Engineering Trivia
When it comes to creating applications that are resistant to attack, the goal is to build-in Protections and Prevent glaring weaknesses. From a security engineering perspective solving architectural Weaknesses is just the start of the process. When weaknesses are found the goal is sometimes not just to eliminate them, but to also Understand how to protect against the conceived/probable Attacks. Eliminating weaknesses is one of our goals, but learning about weaknesses builds up our knowledge of what Defenses are actually needed. Also removal may not always immediately be Possible, we might first need to apply some Protections until the system/feature can be Replaced. Depending on how Important a system is for a Business, will largely determine what kind of improvements are Probable. Once we begin to see Improvements in the implied protection of a software feature/component/application/architecture, we begin to see some progress in application Defense. A good game of Prevention, Protection, and Defense should help lead to reducing the attack surface externals have to play with, and increase the ability of an application owner to reduce Risk.
|
