DOCSLIB.ORG

24 DEADLY SINS of SOFTWARE SECURITY Programming Flaws and How to Fix Them

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

REVIEWS FOR 24 DEADLY SINS OF SOFTWARE SECURITY “We are still paying for the security sins of the past and we are doomed to failure if we don’t learn from our history of poorly written software. From some of the most respected authors in the industry, this hard-hitting book is a must-read for any software developer or security zealot. Repeat after me–‘Thou shall not commit these sins!’” —George Kurtz, co-author of all six editions of Hacking Exposed and senior vice-president and general manager, Risk and Compliance Business Unit, McAfee Security “This little gem of a book provides advice on how to avoid 24 serious problems in your programs—and how to check to see if they are present in others. Their presentation is simple, straightforward, and thorough. They explain why these are sins and what can be done about them. This is an essential book for every programmer, regardless of the language they use. It will be a welcome addition to my bookshelf, and to my teaching material. Well done!” —Matt Bishop, Department of Computer Science, University of California at Davis “The authors have demonstrated once again why they’re the ‘who’s who’ of software security. The 24 Deadly Sins of Software Security is a tour de force for developers, security pros, project managers, and anyone who is a stakeholder in the development of quality, reliable, and thoughtfully-secured code. The book graphically illustrates the most common and dangerous mistakes in multiple languages (C++, C#, Java, Ruby, Python, Perl, PHP, and more) and numerous known-good practices for mitigating these vulnerabilities and ‘redeeming’ past sins. Its practical prose walks readers through spotting patterns that are predictive of sinful code (from high-level application functions to code-level string searches), software testing approaches, and harnesses for refining out vulnerable elements, and real-world examples of attacks that have been implemented in the wild. The advice and recommendations are similarly down-to-earth and written from the perspective of seasoned practitioners who have produced hardened—and usable—software for consumption by a wide range of audiences, from consumers to open source communities to large-scale commercial enterprises. Get this Bible of software security today, and go and sin no more!” —Joel Scambray, CEO of Consciere and co-author of the Hacking Exposed series This page intentionally left blank 24 DEADLY SINS OF SOFTWARE SECURITY Programming Flaws and How to Fix Them Michael Howard, David LeBlanc, and John Viega New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2010 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval sys- tem, without the prior written permission of the publisher. ISBN: 978-0-07-162676-7 MHID: 0-07-162676-X The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-162675-0, MHID: 0-07-162675-1 All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trade- mark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at [email protected]. Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. To Jennifer, who has put up with many days of my working on a book, and to Michael for improving my writing skills on our fifth book together. —David To my family for simply putting up with me, and to David as he continues to find bugs in my code! —Michael This page intentionally left blank ABOUT THE AUTHORS Michael Howard is a principal security program manager on the Trustworthy Com- puting (TwC) Group’s Security Engineering team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Howard is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software. Howard began his career with Microsoft in 1992 at the company’s New Zealand office, working for the first two years with Windows and compilers on the Product Support Services team, and then with Microsoft Consulting Services, where he provided security infrastructure support to customers and assisted in the design of custom solutions and development of software. In 1997, Howard moved to the United States to work for the Windows division on Internet Information Services, Microsoft’s web server, before moving to his current role in 2000. Howard is an editor of IEEE Security & Privacy, is a frequent speaker at security-re- lated conferences, and regularly publishes articles on secure coding and design. Howard is the co-author of six security books, including the award-winning Writing Secure Code (Second Edition, Microsoft Press, 2003), 19 Deadly Sins of Software Security (McGraw-Hill Professional, 2005), The Security Development Lifecycle (Microsoft Press, 2006), and his most recent release, Writing Secure Code for Windows Vista (Microsoft Press, 2007). David LeBlanc, Ph.D., is a principal software development engineer for the Microsoft Office Trustworthy Computing group and in this capacity is responsible for designing and implementing security technology used in Microsoft Office. He also helps advise other developers on secure programming techniques. Since joining Microsoft in 1999, he has been responsible for operational network security and was a founding member of the Trustworthy Computing Initiative. David is the co-author of the award-winning Writing Secure Code (Second Edition, Microsoft Press, 2003), 19 Deadly Sins of Software Security (McGraw-Hill Professional, 2005), Writing Secure Code for Windows Vista (Microsoft Press, 2007), and numerous articles. John Viega, CTO of the SaaS Business Unit at McAfee, is the original author of the 19 deadly programming flaws that received press and media attention, and the first edition of this book is based on his discoveries. John is also the author of many other security books, including Building Secure Software (Addison-Wesley, 2001), Network Security with OpenSSL (O’Reilly, 2002), and the Myths of Security (O’Reilly, 2009). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mail- ing list manager. He has done extensive standards work in the IEEE and IETF and co-in- vented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds an MS and a BA from the University of Virginia. vii viii 24 Deadly Sins of Software Security About the Technical Editor Alan Krassowski is the Chief Architect of Consumer Applications at McAfee, Inc., where he heads up the design of the next generation of award-winning security protection products. Prior to this role, Alan led Symantec Corporation’s Product Security Team, helping product teams deliver more secure security and storage products.
Recommended publications
  • Ultumix GNU/Linux 0.0.1.7 32 Bit!

    Ultumix GNU/Linux 0.0.1.7 32 Bit!

    Welcome to Ultumix GNU/Linux 0.0.1.7 32 Bit! What is Ultumix GNU/Linux 0.0.1.7? Ultumix GNU/Linux 0.0.1.7 is a full replacement for Microsoft©s Windows and Macintosh©s Mac OS for any Intel based PC. Of course we recommend you check the system requirements first to make sure your computer meets our standards. The 64 bit version of Ultumix GNU/Linux 0.0.1.7 works faster than the 32 bit version on a 64 bit PC however the 32 bit version has support for Frets On Fire and a few other 32 bit applications that won©t run on 64 bit. We have worked hard to make sure that you can justify using 64 bit without sacrificing too much compatibility. I would say that Ultumix GNU/Linux 0.0.1.7 64 bit is compatible with 99.9% of all the GNU/Linux applications out there that will work with Ultumix GNU/Linux 0.0.1.7 32 bit. Ultumix GNU/Linux 0.0.1.7 is based on Ubuntu 8.04 but includes KDE 3.5 as the default interface and has the Mac4Lin Gnome interface for Mac users. What is Different Than Windows and Mac? You see with Microsoft©s Windows OS you have to defragment your computer, use an anti-virus, and run chkdsk or a check disk manually or automatically once every 3 months in order to maintain a normal Microsoft Windows environment. With Macintosh©s Mac OS you don©t have to worry about fragmentation but you do have to worry about some viruses and you still should do a check disk on your system every once in a while or whatever is equivalent to that in Microsoft©s Windows OS.
  • Ubuntu Kung Fu

    Ubuntu Kung Fu

    Prepared exclusively for Alison Tyler Download at Boykma.Com What readers are saying about Ubuntu Kung Fu Ubuntu Kung Fu is excellent. The tips are fun and the hope of discov- ering hidden gems makes it a worthwhile task. John Southern Former editor of Linux Magazine I enjoyed Ubuntu Kung Fu and learned some new things. I would rec- ommend this book—nice tips and a lot of fun to be had. Carthik Sharma Creator of the Ubuntu Blog (http://ubuntu.wordpress.com) Wow! There are some great tips here! I have used Ubuntu since April 2005, starting with version 5.04. I found much in this book to inspire me and to teach me, and it answered lingering questions I didn’t know I had. The book is a good resource that I will gladly recommend to both newcomers and veteran users. Matthew Helmke Administrator, Ubuntu Forums Ubuntu Kung Fu is a fantastic compendium of useful, uncommon Ubuntu knowledge. Eric Hewitt Consultant, LiveLogic, LLC Prepared exclusively for Alison Tyler Download at Boykma.Com Ubuntu Kung Fu Tips, Tricks, Hints, and Hacks Keir Thomas The Pragmatic Bookshelf Raleigh, North Carolina Dallas, Texas Prepared exclusively for Alison Tyler Download at Boykma.Com Many of the designations used by manufacturers and sellers to distinguish their prod- ucts are claimed as trademarks. Where those designations appear in this book, and The Pragmatic Programmers, LLC was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. The Pragmatic Starter Kit, The Pragmatic Programmer, Pragmatic Programming, Pragmatic Bookshelf and the linking g device are trademarks of The Pragmatic Programmers, LLC.
  • How-To Gnome-Look Guide

    How-To Gnome-Look Guide

    HHOOWW--TTOO Written by David D Lowe GGNNOOMMEE--LLOOOOKK GGUUIIDDEE hen I first joined the harddisk, say, ~/Pictures/Wallpapers. right-clicking on your desktop Ubuntu community, I and selecting the appropriate You may have noticed that gnome- button (you know which one!). Wwas extremely look.org separates wallpapers into impressed with the amount of different categories, according to the customization Ubuntu had to size of the wallpaper in pixels. For Don't let acronyms intimidate offer. People posted impressive the best quality, you want this to you; you don't have to know screenshots, and mentioned the match your screen resolution. If you what the letters stand for to themes they were using. They don't know what your screen know what it is. Basically, GTK is soon led me to gnome-look.org, resolution is, click System > the system GNOME uses to the number one place for GNOME Preferences > Screen Resolution. display things like buttons and visual customization. The However, Ubuntu stretches controls. GNOME is Ubuntu's screenshots there looked just as wallpapers quite nicely if you picked default desktop environment. I impressive, but I was very the wrong size, so you needn't fret will only be dealing with GNOME confused as to what the headings about it. on the sidebar meant, and I had customization here--sorry no idea how to use the files I SVG is a special image format that Kubuntu and Xubuntu folks! downloaded. Hopefully, this guide doesn't use pixels; it uses shapes Gnome-look.org distinguishes will help you learn what I found called vectors, which means you can between two versions of GTK: out the slow way.
  • Code Review Guide

    Code Review Guide

    CODE REVIEW GUIDE 3.0 RELEASE Project leaders: Mr. John Doe and Jane Doe Creative Commons (CC) Attribution Free Version at: https://www.owasp.org 1 2 F I 1 Forward - Eoin Keary Introduction How to use the Code Review Guide 7 8 10 2 Secure Code Review 11 Framework Specific Configuration: Jetty 16 2.1 Why does code have vulnerabilities? 12 Framework Specific Configuration: JBoss AS 17 2.2 What is secure code review? 13 Framework Specific Configuration: Oracle WebLogic 18 2.3 What is the difference between code review and secure code review? 13 Programmatic Configuration: JEE 18 2.4 Determining the scale of a secure source code review? 14 Microsoft IIS 20 2.5 We can’t hack ourselves secure 15 Framework Specific Configuration: Microsoft IIS 40 2.6 Coupling source code review and penetration testing 19 Programmatic Configuration: Microsoft IIS 43 2.7 Implicit advantages of code review to development practices 20 2.8 Technical aspects of secure code review 21 2.9 Code reviews and regulatory compliance 22 5 A1 3 Injection 51 Injection 52 Blind SQL Injection 53 Methodology 25 Parameterized SQL Queries 53 3.1 Factors to Consider when Developing a Code Review Process 25 Safe String Concatenation? 53 3.2 Integrating Code Reviews in the S-SDLC 26 Using Flexible Parameterized Statements 54 3.3 When to Code Review 27 PHP SQL Injection 55 3.4 Security Code Review for Agile and Waterfall Development 28 JAVA SQL Injection 56 3.5 A Risk Based Approach to Code Review 29 .NET Sql Injection 56 3.6 Code Review Preparation 31 Parameter collections 57 3.7 Code Review Discovery and Gathering the Information 32 3.8 Static Code Analysis 35 3.9 Application Threat Modeling 39 4.3.2.
  • Install Google Earth in Ubuntu 14.04 64Bit to Properly Install Google

    Install Google Earth in Ubuntu 14.04 64Bit to Properly Install Google

    Install Google Earth in Ubuntu 14.04 64bit To properly install Google Earth (along with the required 32bit dependencies) in Ubuntu 14.04 (or 13.10) 64bit, use the following commands: sudo apt-get install libfontconfig1:i386 libx11-6:i386 libxrender1:i386 libxext6:i386 libgl1-mesa-glx:i386 libglu1-mesa:i386 libglib2.0-0:i386 libsm6:i386 cd /tmp && wget http://dl.google.com/dl/earth/client/current/google-earth- stable_current_i386.deb sudo dpkg -i google-earth-stable_current_i386.deb sudo apt-get install –f Some Commands To Get System Information In Linux For beginners, these commands are not that tough. Rate this news: (5 Votes) Tuesday, August 20, 2013: If you want information about your system on Linux, then these commands will help a lot. linux, open source, open source for you, linux system info, linux command info, linux open source, beginner commands linux. linux beginner commands pwd This command is short for ‘print working directory’, which is exactly what it does. hostname The machine that is currently being worked on is known as the local host. The command ‘netconf’ can be used to change the name of the local host and ‘hostname’ is used to print the local host’s name. whoami As the name suggests, this command prints the user’s login name. id username Unlike the above command, this one prints the user id of the user along with his group id, effective id and all the supplementary groups that are involved. date This command can be used for both printing and changing the date and time of the operating system.
  • Demostración De Entornos De Escritorio En Debian GNU/Linux

    Demostración De Entornos De Escritorio En Debian GNU/Linux

    DemostraciónDemostración dede EntornosEntornos dede EscritorioEscritorio enen DebianDebian GNU/LinuxGNU/Linux Desde la óptica del Usuario DemostraciónDemostración dede EntornosEntornos dede EscritorioEscritorio enen DebianDebian GNU/LinuxGNU/Linux Licencia: Atribución-NoComercial-CompartirIgual 3.0 Unported (CC BY-NC-SA 3.0) Eres libre de: Compartir: Copiar, distribuir, ejecutar y comunicar públicamente la obra. Remix: Hacer obras derivadas. Bajo las condiciones siguientes: Atribución: Debes reconocer los créditos de la obra. No Comercial: No puede utilizar esta obra para fines comerciales. Compartir bajo la Misma Licencia: Para alteraciones u obras derivadas de esta. Desde la óptica del Usuario DemostraciónDemostración dede EntornosEntornos dede EscritorioEscritorio enen DebianDebian GNU/LinuxGNU/Linux Atribuciones: Diseño de plantilla por Dayana Matos ([email protected]) bajo licencia Creative Commons Imagen de plantilla ©2008-2011 ~borysses Imágenes de Sistema Gráfico o X Window System por Jesús David Navarro (http://www.jesusda.com) Imágenes de Entornos de Escritorio y/o Gestores de Ventanas por Jesús David Navarro (http://www.jesusda.com) Esta ponencia esta basada en un trabajo previo de Daniela Matos (Poguis) Desde la óptica del Usuario DemostraciónDemostración dede EntornosEntornos dede EscritorioEscritorio enen DebianDebian GNU/LinuxGNU/Linux Contenido: ●Sistema de Ventanas X ●Entorno de Escritorio ●Gestor de Ventanas ●Algunos Entornos y Gestores: ✔ Gnome ✔ KDE ✔ Xfce ✔ LXDE ✔ Fluxbox ✔ Enlightenment Desde la óptica del Usuario
  • Aprende Fedora 12

    Aprende Fedora 12

    Aprende Fedora 12 Aprende Fedora 12 Guía de usuario no oficial de Fedora. Ultima actualización Noviembre de 2009 Piensa en Binario – Diego Escobar Embajador Fedora para Colombia http://proyectofedora.org/colombia http://piensa-binario.blogspot.com http://proyectofedora.org/wiki 1 Aprende Fedora 12 La vida es una oportunidad, aprovéchala. La vida es belleza, admírala. La vida es beatitud, saboréala. La vida es un sueño, hazlo realidad. La vida es un reto, afróntalo. La vida es un deber, cúmplelo. La vida es un juego, juégalo. La vida es preciosa, cuídala. La vida es riqueza, consérvala. La vida es amor, gózala. La vida es un misterio, desvélalo. La vida es promesa, cúmplela. La vida es tristeza, supérala. La vida es un himno, cántalo. La vida es un combate, acéptalo. La vida es una tragedia, domínala. La vida es una aventura, disfrútala. La vida es felicidad, merécela. La vida es la vida, defiéndela. Madre Teresa de Calculta. 2 Aprende Fedora 12 Presentación La presente es una pequeña guía de usuario simplificada que pretende hacer el mundo del software libre, Linux y en particular Fedora más fácil y cercano al usuario promedio. Aprende Fedora nació de recopilación en un solo documento de todos los tutoriales publicados en el antiguo blog bautizado Su Servidor WP (http://suservidorwp.blogspot.com) y que ahora se ha renovado convirtiéndose en Piensa Binario (http://piensa-binario.blogspot.com). Luego de unirme a la comunidad Fedora, acepté el compromiso de lograr una documentación centralizada y más amplia en la Wiki de Proyecto Fedora Latinoamérica (http://proyectofedora.org/wiki/index.php/Portada) junto con muchos más tutoriales, consejos y documentación que esperamos sea de utilidad para usted.
  • Ubuntu Kung Fu.Pdf

    Ubuntu Kung Fu.Pdf

    Prepared exclusively for J.S. Ash Beta Book Agile publishing for agile developers The book you’re reading is still under development. As part of our Beta book program, we’re releasing this copy well before we normally would. That way you’ll be able to get this content a couple of months before it’s available in finished form, and we’ll get feedback to make the book even better. The idea is that everyone wins! Be warned. The book has not had a full technical edit, so it will con- tain errors. It has not been copyedited, so it will be full of typos and other weirdness. And there’s been no effort spent doing layout, so you’ll find bad page breaks, over-long lines with little black rectan- gles, incorrect hyphenations, and all the other ugly things that you wouldn’t expect to see in a finished book. We can’t be held liable if you use this book to try to create a spiffy application and you somehow end up with a strangely shaped farm implement instead. Despite all this, we think you’ll enjoy it! Throughout this process you’ll be able to download updated PDFs from your account on http://pragprog.com. When the book is finally ready, you’ll get the final version (and subsequent updates) from the same address. In the meantime, we’d appreciate you sending us your feedback on this book at http://books.pragprog.com/titles/ktuk/errata, or by using the links at the bottom of each page.
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb

    Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb

    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
  • Ultimate C#, .Net Interview Q&AE-Book

    Ultimate C#, .Net Interview Q&AE-Book

    Register your resume: www.terrafirmajobs.com _________________________________________________ www.terrafirmajobs.com Ultimate C#, .Net Interview Q&AE-book Free E-books available with Terra Firma Java Interview Q&A Terra Firma’s Interview Kit Are you stressed at your Desk Restore the rhythm of your life IT Resume writing tips Heart-Care Tips To get these free e-books, email to: [email protected] with the title of the e-book. Copy Right Note You are permitted to freely distribute/print the unmodified version of this issue/e-book/article. We are not attempting to obtain commercial benefit from the valuable work of the authors and the Editor/Publisher claims the ‘fair use’ of copyrighted material. If you think that by publishing a particular material, your copyright has been violated, please let us know. The Editor/Publisher is not responsible for statements or opinions expressed herein nor do such statements necessarily express the views of Editor/Publisher. 1 More Career Tips: http://www.terrafirmajobs.com/ITpros/IT_resources.asp?id=4 ______________________________________________________________________________ Register your resume: www.terrafirmajobs.com _________________________________________________ Index Chapter Name Page 1) C# interview Questions and Answers. 4 1.1) Advance C# interview Questions 2) General Questions 17 2.1 ) General Questions 2.2 ) Methods and Property 2.3) Assembly Questions 2.4) XML Documentation Question 2.5) Debugging and Testing 3) ADO.net and Database Question 26 4) C#, DOT NET, XML, IIS Interview Questions 28 4.1 ) Framework. 4.2 ) COM 4.3 ) OOPS 4.4 ) C# Language Features 4.5 ) Access Specifier 4.6 ) Constructor / Destructor 4.7 ) ADO.net 4.8 ) ASP.net 4.8.1) Session.
  • Інформаційна Система Аналізу Та Розподілу Задач Для Компанії ―Apptimized Operations‖»

    Інформаційна Система Аналізу Та Розподілу Задач Для Компанії ―Apptimized Operations‖»

    МІНІСТЕРСТВО ОСВІТИ ТА НАУКИ УКРАЇНИ СУМСЬКИЙ ДЕРЖАВНИЙ УНІВЕРСИТЕТ ФАКУЛЬТЕТ ЕЛЕКТРОНІКИ ТА ІНФОРМАЦІЙНИХ ТЕХНОЛОГІЙ КАФЕДРА КОМП’ЮТЕРНИХ НАУК СЕКЦІЯ ІНФОРМАЦІЙНИХ ТЕХНОЛОГІЙ ПРОЕКТУВАННЯ КВАЛІФІКАЦІЙНА РОБОТА МАГІСТРА на тему: «Інформаційна система аналізу та розподілу задач для компанії ―Apptimized Operations‖» за освітньою програмою 8.122.00.02 «Інформаційні технології проектування» Виконавець роботи: студент групи ІТ.м.п-71 Будник Олександр Сергійович Кваліфікаційну роботу захищено на засіданні ЕК з оцінкою « » грудня 2018 р. Науковий керівник к.т.н., доц., Гайдабрус Б.В. (підпис) Голова комісії к.т.н. Дорошенко С. О. (підпис) Засвідчую, що у цій дипломній роботі немає запозичень з праць інших авторів без відповідних посилань. Студент _________________ (підпис) Суми-2018 Сумський державний університет Факультет електроніки та інформаційних технологій Кафедра комп’ютерних наук Секція інформаційних технологій проектування Спеціальністьго 122 «Комп’ютерні науки» Освітньо-професійна програма «Інформаційні технології проектування» ЗАТВЕРДЖУЮ Зав. секцією ІТП В. В. Шендрик « » 2018 р. ЗАВДАННЯ на кваліфікаційну роботу магістра студентові Будник Олександр Сергійович (прізвище, ім’я, по батькові) 1 Тема проекту Інформаційна система аналізу та розподілу робочих задач для компанії ―Apptimized Operations‖ затверджена наказом по університету від «20» листопада 2018 р. №2458-III 2 Термін здачі студентом закінченого проекту «_12__» ___грудня___ 2018 р. 3 Вхідні дані до проекту Для розробки продукту даного проекту – інформаційної системи аналізу
  • Linux En Desktop Y Su Entorno Gráfico

    Linux En Desktop Y Su Entorno Gráfico

    LINUX EN DESKTOP Charla realizada el 02/06/2009 Lic. Mariano Acciardi – Instructor grupo CATI http://www.marianoacciardi.com.ar Esta charla constituye un complemento de la anterior realizada el año pasado que puede encontrarse en http://www.marianoacciardi.com.ar/textos_gnulinux/bienvenidos.pdf , pero centránda en esta oportunidad en las particularidades del entorno gráfico y la disponibilidad de aplicaciones. Historia e Introducción Erase una vez un Sistema Operativo, poco amigable, de tristes consolas de texto, alejado de los usuarios.... Por fortuna, gracias a Mandriva (ex mandrake) y Ubuntu ello cambió y bastante. Afortunadamente hoy un usuario medio de una PC de escritorio no debería tener demasiadas dificultades para utilizar GNU/LINUX. Los instaladores han evolucionado radicalmente a apartir de knoppix y Ubuntu y esos cambios se han portado a las grandes distribuciones tradicionales como Debian. El reconocimiento de hardware no es ya un problema. La rápida evolución del kernel no ha sido indiferente en esta mejora. Hoy prácticamente no hay hardware que no sea reconocido por el kernel. Y la mayoría de los dispositivos tienen drivers genéricos aportados por la comunidad que funcionan OK. Algunas empresas se niegan aún inexplicablemente a liberar el código de sus drivers. Sin embargo siempre hay genios hackers que realizan ingeniería inversa del código y finalmente logran armar los drivers correspondientes. Este fue una de las mayores limitaciones de las primeras distribuciones, hoy en gran parte, completamente superada. La otra falsa limitación que se profesa por ignorancia es que no existen muchas aplicaciones en GNU/LINUX como si existen en Windows. Es una realidad que hay más aplicaciones para Windows que para Linux, sin embargo si tratamos de hacer un balance entre calidad y cantidad, por lejos salen ganando las aplicaciones para LINUX, hechas por hackers enamorados de la programación y por tanto adscriptos a la ética de programar bien.