uncompiled.com

Web Development Framework is a software framework that is designed to support the development of a Websites, Web applications and Web services. Many frameworks provide libraries for database access, templating frameworks and session management, and they often promote code reuse.

Web development can be little tough if there had been no frameworks to make our life easier. Any Web Framework is a boon to a web developer as it provides so many options, flexibility and its a big time saver.

Here, we have compiled the best of web development frameworks in PHP, CSS, JavaScript, Python and Java. All these frameworks have there pros and cons, they can help you make your project look clean and robost. For future reference, you can bookmark this post and share it with your friends and web-programmers.

Source

At the Under the Radar showcase for cloud start-ups, I was struck by how relational database, one of the defining technologies of a previous era, has become outmoded in this one. In example after example, it was obvious SQL and structured data tables are no longer the right way to go about handling data.

That statement has to do with a particular type of data, the kind that gets generated copiously in a day’s activity on the Internet. Each day sees 15 million tweets, 60 million Facebook updates and 1.6 billion people active online in a variety of other ways. It’s hard for relational systems to keep up. Relational systems have to work hard at decomposing this data, storing it in tables and building indexes on it — they work so hard on it that you don’t really want your system to undertake the task. It’s too expensive.

“When you scale up relational systems, you introduce single points of failure… You lose the advantage of their precision but you gain the overhead,” as you try to make the system work on a larger and larger data set, said John Quinn, VP of engineering at Digg, the social networking site, and lead off speaker at the Under the Radar’s cloud event April 16 on the Microsoft Campus in Mountain View, Calif.

Those NoSQL systems you’ve been hearing about, on the other hand, scale out by distributing their operations across more nodes in a server cluster. “There’s nothing wrong with relational database…You just need to use the right tool for the right job,” Quinn said, throwing in the fact that NoSQL stands for “Not Only SQL,” although there were a few knowing smiles at that one.

Quinn is a leading member of the generation that doesn’t want to try to capture terabytes of data with relational systems. He prompted the changeover from the MySQL open source relational database at the social networking site, Digg, to Cassandra, a key value store system. Cassandra performs many of the data sorting operations of a relational database but allows data reads to be done in advance of full updates. The practice sometimes leads to momentary consistency problems, since one user of the data might get a version that differs slightly from the next one, although both sought identical sets.

The large, distributed key value store system “sacrifices consistency to slave lag,” or tolerates the lapse between when an update occurs on a distributed node and when it’s replicated on other servers. In most NoSQL systems, assured consistency is less an issue — and less a virtue — than in relational systems.

The NoSQL approach allows “tune-able consistency. You can trade off consistency for speed,” Gunn noted.

Because a server in a NoSQL system automatically creates duplicates of the data on at least one other node, a server in the cluster can fail and no data is lost, the NoSQL system keeps processing and an application keeps running. In addition to Cassandra, MongoDB, Voldemort, and CouchDB are NoSQL systems in the public arena. Google and Amazon operate their own internally.

Gunn did implicitly point to a potential NoSQL shortcoming. Although indexes are associated with relational systems, if you do need an index, you may need an external system to build it. So far, the NoSQL systems have only rudimentary indexing.

That’s why the NoSQL enthusiasts say their systems are not for financial or other time-sensitive transactions. Relational systems are. On the other hand, if you’re updating your Zynga Farmville plot, then Cassandra makes a lot of sense for capturing that information.

Of 24 companies presenting at this event, six had a big data handling, analytics or storage systems in mind. They included Sones, Cloudant, GenieDB, GoodData, neotechnology and Maxiscale.

Each start-ups presented their business and product plans in six minutes at the event, then faced questioning from a three-judge panel of reviewers.

Source

The OWASP Top 10 Web Application Security Risks for 2010 are:

1. A1: Injection
2. A2: Cross-Site Scripting (XSS)
3. A3: Broken Authentication and Session Management
4. A4: Insecure Direct Object References
5. A5: Cross-Site Request Forgery (CSRF)
6. A6: Security Misconfiguration
7. A7: Insecure Cryptographic Storage
8. A8: Failure to Restrict URL Access
9. A9: Insufficient Transport Layer Protection
10. A10: Unvalidated Redirects and Forwards

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the world!!!
As you help us spread the word, please emphasize:
* OWASP is reaching out to developers, not just the application security community
* The Top 10 is about managing risk, not just avoiding vulnerabilities
* To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation
* We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

Source

Security threats are changing as enterprises embrace the use of social media sites. Security experts at Forsythe, Info-Tech and nCircle weigh in on how IT can adjust to accommodate the new risks.

Social media is rewriting the rules of IT security and changing the jobs of enterprise security officers, a consultant says.

Social media is quite the challenge for our industry right now,” said Jeff Sizemore, managing security consultant at Skokie, Ill.-based Forsythe Solutions Group Inc. “It’s hard to be proactive in a security manner with social media sites, versus reacting and reading log files … it’s much easier to be proactive and limit data breeches, for example, in e-mail.”

Social media sites are “very sophisticated because they are very well-packaged,” said Sizemore. “It’s very tricky because you have to manage to allow a user to use a Web site, but not access specific pieces of a Web site,” he said.

may contain vulnerabilities that are untraceable to a lot of security technologies on the market. Many enterprise technologies, from Web filtering to traditional firewalls to network security devices, are inadequate to deal with these challenges, said Sizemore.

“You have to have something on the machine that is smart enough to understand there is an application within that Web site, and a lot of firewalls can’t do it today, and a lot of the typical solutions on the end points aren’t able to do it today,” he said.

The first thing IT must do is educate employees, he said. “You have to start educating employees about how to actively use IT in a manner safely from a privacy (and) confidentiality perspective, not a specific program or a specific application,” he said.

Employees must understand what confidential data is, so when they are on these sites, they understand the ramifications of what they are doing, he said. “A lot of these tools are very immature with social media today, but once we fix that social media site, there will be another … at some point, you have to start to retrain users,” he said.

“The risk with social media is all about the leakage of information,” said James Quin, lead analyst at London, ON-based Info-Tech Research Group Ltd.

While traditional risks are about people pulling data out of the organization, often by breaking into the network illicitly to steal information, social media is a push problem. And because a lot of social media is created on-the-fly, organizations don’t necessarily review the material, he said.

“They don’t have the time to make sure that information that shouldn’t be leaked isn’t being leaked by actively reviewing the content that is being posted, so the risk is that employees are either maliciously or accidentally sharing information that they shouldn’t,” he said.

The early technical response was to just block social media and put tools in place to disallow that kind of traffic across the network. Many organizations are still doing that, Quin said. But an increasing number of organizations are starting to make use of social media for business purposes, and in doing so, they have to open up the network, he said.

Source