DOCSLIB.ORG

Master Thesis Test-Suite for Automated Invariant-Based Testing of Ajax Web-Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Master Thesis Test-Suite for Automated Invariant-Based Testing of Ajax Web-Applications Master Thesis Test-suite for automated invariant-based testing of Ajax web-applications Sven Rohde, 10378782 [email protected] March 14, 2015, 69 pages This thesis is submitted to the University of Amsterdam in partial fulfilment of the requirements for the degree of Master of Science in Software Engineering Supervisor: Vadim Zaytsev, [email protected] Host organisation: Guidion ICT Nederland B.V., http://guidion.nl Host organisation contact: Mike Out (Manager IT department), [email protected] Universiteit van Amsterdam Faculteit der Natuurwetenschappen, Wiskunde en Informatica Master Software Engineering http://www.software-engineering-amsterdam.nl Contents Abstract iii Preface iv 1 Introduction 1 1.1 Host organization....................................... 2 1.2 Thesis document structure.................................. 3 2 Problem statement and motivation4 2.1 Evaluation of the proposed ATUSA approach....................... 4 2.2 Manual testing at Guidion.................................. 5 2.3 Thesis Motivation ...................................... 6 3 Research method 8 3.1 Replication of case studies in confirmatory form...................... 8 3.2 Web developer survey research ............................... 9 3.3 Case Study: Effectiveness of the integration of ATUSA.................. 10 3.4 Summary ........................................... 10 4 Background and Context 11 4.1 Why is AJAX so interesting? ................................ 11 4.2 Challenges in testing AJAX based web application.................... 11 4.3 FSM based web application testing............................. 13 4.4 Invariants........................................... 14 4.5 Crawljax............................................ 15 4.6 Automatically Testing UI States of Ajax (ATUSA).................... 16 4.6.1 Core functionality .................................. 16 4.6.2 Plug-ins........................................ 18 4.7 Continuous Integration (CI)................................. 19 5 Research 21 5.1 Cases study setup and default configuration........................ 21 5.1.1 Crawljax - ATUSA default configuration...................... 21 5.1.2 Required plug-ins for the replication........................ 22 5.2 Case study 1 Introduction.................................. 23 5.3 Case study 1.A \The Organizer" .............................. 23 5.4 Case study 1.B \TaskFreak"................................. 26 5.5 Case study 1.C \HitList" .................................. 28 5.6 Case study 1.D \The Tunnel"................................ 30 5.7 Case Study 2 \Tudu" .................................... 30 5.8 Case Study 3 \Finding real bugs".............................. 34 5.9 Invariant research....................................... 38 5.10 Tool Development ...................................... 42 5.10.1 ATUSA stack reimplementation........................... 43 5.10.2 Plug-in implementation required by the replications ............... 46 i 5.10.3 Invariant provider, collector and violation reporting ............... 47 5.10.4 CI integration..................................... 53 5.11 Case study “Effectiveness of the integration" ....................... 54 6 Analysis and Conclusions 59 6.1 Conclusion .......................................... 59 6.2 Threats to validity...................................... 60 6.2.1 Internal threats to validity.............................. 60 6.2.2 External threats to validity............................. 61 6.3 Contributions......................................... 61 6.4 Future Work ......................................... 62 Bibliography 63 7 Appendix 65 7.1 Questionnaire......................................... 65 ii Abstract Manual testing of complex AJAX based web applications can require a significant amount of time and effort. At Guidion the time limitations for manual testing leads to the identification of errors after live deployment of a new release. The web applications of Guidion were used by around 700 users for their daily work, errors in the web applications can impact the work of these users. Automated testing of dynamic AJAX based web applications was researched by the work of Mesbah et.al in [MvDR12] using the open-source crawler Crawljax. This thesis replicates the case studies described in [MvDR12] and evaluates their findings on performance, invariant creation, required manual effort and fault revealing capabilities using Crawljax and the proposed plug-in suite called ATUSA. Furthermore is included a survey research which investigates how web developer can be supported to provide invariants for ATUSA. The results of the research forms the basis for the proposed invariant collector Chrome plug-in and web application. The effectiveness of the ATUSA approach and the invariants delivered from web developers is investigated in the last case study with the ATUSA stack integrated in a Jenkins deployment pipeline at Guidion. Based on the observations the re-implemented and proposed ATUSA plug-in suite is capable to be used for automatic invariant based testing of AJAX web applications. The proposed invariant support integrated in the web developer development process, stimulates and separates the invariant creation process apart from ATUSA. Web developers are able to create invariants without Java, Crawljax or ATUSA knowledge. The integration in a sample Jenkins deployment job enables to trigger the test execution after actual test deployment. The case study reveals that the ATUSA stack integration at Guidion augments the testing phase of the web applications. iii Preface This thesis was written as part of the requirements for the Master Software Engineering of the Uni- versity of Amsterdam. The study was conducted at Guidion B.V., in Amsterdam. This thesis would never be possible without the help and support of my supervisors Vadim Zaytsev and Mike Out. Furthermore I would like to thank the whole Guidion developer team for their support and feedback during the research. Furthermore I would like to thank my family, the love and support I received from my mother Marion Rohde and my twin brother Philip Rohde. Another special thanks goes out to my father Reinhard Rohde, a lost resource of support and geniality R.I.P 2007. "One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." Hunter S. Thompson iv Chapter 1 Introduction Interactive \Web-2.0" [Mes09] applications are a well-known part of the world-wide-web. Still more and more known services as well as desktop applications move to the web. This reflects the trend to move applications to the web to provide more flexibility and require less effort from the end user. Reasons for this move to the web are [MvDR12]: • No installation effort. • Up to date software, reduction of maintenance and support costs. • Unbounded access to user data with any device. (Assume Internet Connectivity) • New ways of communication and collaboration. • Better chances for an international user audience. These Web-2.0 applications are wide spread and are an inherent part in the personal and business domain. Popular examples for that are Microsoft Office 3651, the Google Service Stack (with GMail, Google+)2, Atlassian Stack (Jira, Bitbucket, Confluence)3 and Social Media platforms4. The host organization realized this trend and is using different web applications to operate. Besides using existing web applications, develops and maintains the host organization own web applications for supporting their business processes. To provide more flexibility, information sharing and collaboration possibilities, the host organization started to change existing traditional web applications to interactive, responsive and complex web applications. This includes new features and constant refactoring to move existing functionality into the same direction. One of the technologies that supported and enabled this enormous change in the domain of the web is AJAX [MvD07]. AJAX is an abbreviation and stands for \Asynchronous JavaScript and XML" [Gar05]. It enables browsers to provide more functionality than only loading, rendering and navigating through static pages. It enables the browser to provide a more dynamic and interactive user experience through respon- siveness and the use of user interface (UI) components [MvDR12]. These components are also known as partial site updates through asynchronous client-server communication and client-side JavaScript execution. Despite the fact that AJAX positively impacts the whole user experience when brows- ing the web, or using web based applications, it comes with new challenges for the developers. The main challenge is testability of these modern web applications, which stands in the main focus of this thesis. Testability of the AJAX UI components is a challenging task because of the asynchronous, event-driven and stateful nature of AJAX, and of client-side JavaScript based manipulation of the Document Object Model (DOM) [MvDR12][vDM10]. In the host organization testing is a growing part of the development process, and besides functional testing of server-side components, client-side testing and UI testing gain more interest. Through the 1Microsoft Office 365 http://office.microsoft.com/ 2Google website https://google.com 3Atlassian https://atlassian.com/ 4Facebook and Twitter https://facebook.com and https://twitter.com 1 fact that the host organization moves more and more new and existing features to a new and modern user interface with an implied move of server-side functionality
Load more

Recommended publications
  • Javascript Hijacking Brian Chess, Yekaterina Tsipenyuk O'neil, Jacob West
    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West March 12, 2007 Summary An increasing number of rich Web applications, often called AJAX applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed the 12 most popular AJAX frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET AJAX (a.k.a. Atlas), XAJAX and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles sensitive data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction1 Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
    [Show full text]
  • Ajax for Dummies (2006).Pdf
    01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page i Ajax FOR DUMmIES‰ 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iv Ajax For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
    [Show full text]
  • Copyrighted Material
    15_043067 bindex.qxd 6/15/06 7:38 PM Page 330 INDEX accessing XML on server, 172–173 A downloading and installing, 170–171, 176 absolute positioning, 288–289 downloading XML data, 174–175 add function, 40–41 stripping out whitespace, 172, 173, 174 addition function for XML data extraction, 82–83 URL encoding, 171 addition operator (+) (JavaScript), 40, 44, 45 alert boxes Ajax (Asynchronous JavaScript + XML). See also Ajax display by JavaScript function, 30–31 XMLHttpRequest frameworks; object displaying, 28–29 advantages, 2, 3, 62 displaying text from text fields, 37 attributes, 29, 262–263 aligning text in CSS, 278–279 downloading JavaScript, 94–95 AND logical operator (JavaScript), 53 event attributes, 29 anonymous JavaScript functions, 68 example of data Submit and fetch, 4–5 Apache Tomcat Java-based server, 231 XMLHttpRequest importance of object, 62 Apple Safari, 63 server-side scripts and PHP used with, 76–77 arguments, passing to functions, 38–39 Ajax frameworks arithmetic operators (JavaScript), 45 ! caution: importance of files and placement, 152 assignment operators (JavaScript), 44, 45 resultXML ! caution: naming global variable “ ”, 171, 175 asynchronous versus synchronous requests, ! caution: on use of global variables, 155, 159 178, 180 advantages, 152–153 attributes (Ajax), 29, 262–263 Ajax tag library, 236–239 autocomplete capability AJAXLib Ajax framework, 170–175 example demonstration site, 8–9 browser-based versus server-side, 152 support for, in Ajax tag library, 236–237 downloadable and free, 182 installing and allowing
    [Show full text]
  • Javascript Hijacking
    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West {brian, katrina, jacob}@fortifysoftware.com March 12, 2007 Summary An increasing number of rich Web applications, often called Ajax applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed 12 popular Ajax frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET Ajax (a.k.a. Atlas), xajax and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles confidential data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
    [Show full text]
  • Ajax, State of The
    AjAjaax,x, ststaattee ooff tthhee aarrtt Tarek Ziadé, Nuxeo [email protected] WWhhoo aamm ii ● I am engineer at Nuxeo ● I work on CPS, the famous ECM Plateform ;) ● I©ve been lately in charge of Ajax stuff in CPS ● I read Ajax related feeds before I go to bed WWhhaatt iiss AAjjaaxx ?? A dutch football club (a good one) A cleanser (really works) AA WWeebb 22..00 tteechchnnoollooggyy Asynchronous Javascript And XML WWhhaatt©©ss WWeebb 22..00 ?? TTiimm OO©©RReeiillllyy©©ss ©©ccoommppaacctt©© ddeeffiinniittiioonn:: Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an "architecture of participation," and going beyond the page metaphor of Web 1.0 to deliver rich user experiences. MMaarrkkuuss AAnnggeerrmmeeiieerr©©ss vviieeww ooff WWeebb 22..00:: (courtesy of Markus Angermeier) WWeebb 22..00 AAppppss ✔ del.icio.us ✔ flickr ✔ Voo2do ✔ Digg ✔ Google Mail (Gmail) ✔ Writely ✔ Basecamp ✔ ... AjAjaaxx bbiigg ppiictctuurere 11//22 (courtesy of J. J. Garett) AjAjaaxx bbiigg ppiictctuurere 22//22 (courtesy of J. J. Garett) TThhee LLiistst ooff tthhiinnggss AjAjaaxx rereaallllyy bbririnnggss ✔ Increases interactivity ✔ Save bandwidth ✔ Helps avoiding some interactive
    [Show full text]
  • Ingeniería Del Software II: AJAX Vs Silverlight
    Ingeniería del Software II: AJAX vs Silverlight Diego Martín-Serrano Fernández Francisco José Oteo Fernández Jesús Martínez-Campos Martínez Índice 1. Introducción a Ajax...............................................................................................................3 2. Profundizando en Ajax.........................................................................................................4 2.1. Frameworks para desarrollo Ajax.....................................................................................5 3. Conclusión sobre Ajax.........................................................................................................6 4. Introducción a Silverlight......................................................................................................7 5. Profundizando en Silverlight................................................................................................8 6. Conclusión sobre Silverlight..............................................................................................10 7. Comparativa Ajax vs Silverlight..........................................................................................11 8. Bibliografía..........................................................................................................................14 Índice de tablas Tabla 1. Posibles valores del atributo readyState del objeto XMLHTTPRequest....................4 Tabla 2. Frameworks para el lado del servidor, según el lenguaje de programación.............6 Tabla 3. Comparativa características
    [Show full text]
  • Il Framework XAJAX
    Il framework XAJAX Vincenzo Della Mea (PWLS 6.11, 6.12, 6.13) Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 1 Sommario • XAJAX – Principi e API • Un esempio semplice: – rivisitazione del cambio di colori dello sfondo della pagina corrente. • Un esempio complesso: – generazione “interattiva” del codice fiscale Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 2 XAJAX • http://xajaxproject.org/ • Framework in PHP per lo sviluppo di applicazioni AJAX: – generazione automatica delle funzioni Javascript che ruotano attorno a XmlHttpRequest; – codice PHP per l’accesso al DOM della pagina (tradotto ovviamente in Javascript); – non è richiesta nessuna conoscenza di Javascript. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 3 XAJAX: Oggetti principali • xajax_core: – xajax – xajaxRequest – xajaxResponse – xajaxControl – xajaxPlugin • xajax_js: – DOM, events, CSS, … • xajax_controls: validatori (X)HTML, … • xajax_plugins: GoogleMaps, HTML table Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 4 Tipico pattern di utilizzo • Solitamente si creano tre file PHP: – un file di configurazione, – un file per la componente lato server, – un file per la componente lato client. • Il file di configurazione viene incluso ed utilizzato dagli altri due. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 5 XAJAX: cosa fare • Configurazione: – si include la libreria di classi xajax per mezzo del file xajax.inc.php; – si dichiara ed istanzia un oggetto xajax; – si registrano i nomi delle funzioni fornite dal server e chiamate asincronamente dal client. • Server: – si include la configurazione; – si definiscono le funzioni registrate in modo che ritornino valori o modifichino il DOM; – si elaborano le richieste con apposito metodo processRequest.
    [Show full text]
  • XAJAX: Una Librería De AJAX Para PHP (Parte 1)
    XAJAX: una librería de AJAX para PHP (parte 1) AJAX es el acrónimo de Asynchronous Javascript And XML o Javascript y XML asíncronos dicho en nuestro idioma. Se trata de una combinación de tecnologías que se ha popularizado muchísimo desde hace unos años con la irrupción de la Web 2.0 y lo podemos encontrar en infinidad de páginas y servicios web como Gmail, Google Maps, Hotmail, Flickr y un largo etcétera. La clave de AJAX está en que es asíncrono, es decir, permite que la página del cliente realice peticiones al servidor sin recargar la página. Sólo se actualizan las partes de la página que nos interesan pero sin tener que recargar la página entera, lo que proporciona una sensación de navegación mucho más fluida. Para introducirnos en el mundo de AJAX vamos a utilizar una librería llamada XAJAX que nos permite aprovechar las capacidades de AJAX en nuestras páginas PHP. Podéis descargar esta librería en la página del proyecto http://xajaxproject.org/ A continuación, unos de códigos de ejemplo que se presentarán en diferentes capítulos para que sean más fáciles de leer. También se puede descargar la versión PDF con todos los ejemplos aquí. Y un Zip con los códigos fuente. Ejemplo 1. Introducción a la librería. Comencemos con un simple ‘Hola, mundo’ para ir calentando. En esta ocasión lo ponemos todo en el mismo archivo PHP llamado ‘holaAjax.php’. ‘holaAjax.php’ <?php require ('xajax/xajax.inc.php'); $xajax = new xajax(); function cambia_texto($mensaje){ $respuesta = new xajaxResponse(); $respuesta->addAssign("mensaje","innerHTML",$mensaje); return $respuesta; } $xajax->registerFunction("cambia_texto"); $xajax->processRequests(); ?> <html> <head> <?php $xajax->printJavascript("xajax/"); ?> </head> <body> <input type="button" onclick="xajax_cambia_texto('Hola Ajax);" value="Pulsa" /> <div id="mensaje"></div> </body> </html> Explicación: Lo primero que debemos hacer es importar la librería de xajax y crear una instancia de xajax: require ('xajax/xajax.inc.php'); xajax = new xajax(); A continuación definimos las funciones que se van a utilizar.
    [Show full text]
  • Overall Score for Your Score Is 56% | Grade B
    SeoSiteCheckup Report Overall score for http://www.powerpumpconcrete.com/ Your Score is 56% | Grade B 28 Important Fixes 0 Semi-Important Fixes 31 Passed Checks Title The title of your page have a length of 47 characters. Most search engines will truncate titles to 70 characters. Concrete Leveling & Repair - Powerpump Concrete Description The meta-description tag is missing from your page. You should include this tag in order to provide a brief description of your page which can be used by search engines or directories. HOW TO FIX In order to pass this test you must include a meta-description tag in your page header (<head> section): <head> <meta name="description" content="type_here_your_description"> </head> Note that in HTML the <meta> tag has no end tag but in XHTML this tag must be properly closed. Meta description can have any length but a good practice is to keep this up to 160 characters (search engines generally truncate snippets longer than this value). Keywords The meta-keywords tag is missing from your page. You should include meta-keywords to help indicate what your page is about to search engines. HOW TO FIX In order to pass this test you must include a meta-keywords tag in your page header (<head> section): <head> <meta name="keywords" content="keyword1, keyword2, keyword3"> </head> Separate keywords with commas and don't use any other punctuation beyond commas. Note that in HTML the <meta> tag has no end tag but in XHTML this tag must be properly closed. Most Common Keywords Test It appears that you can further optimize the density of your keywords above.
    [Show full text]
  • Copyrighted Material
    02_102633 ftoc.qxp 2/23/07 9:42 PM Page vii Preface................................................................................................................................xiii Acknowledgments ............................................................................................................xvii Part I: Fundamental Ajax 1 Chapter 1: Essential Ajax . 3 What Does “Ajax” Mean? ......................................................................................................6 What Can You Do with Ajax? ................................................................................................8 Create Ajax live searches..............................................................................................8 Create an Ajax-enabled calculator................................................................................9 Talk with Ajax chat applications ................................................................................10 Crunch numbers with spreadsheets ..........................................................................12 Browse Amazon ........................................................................................................12 Get the answer with Ajax autocomplete ....................................................................13 Log in with Ajax ........................................................................................................15 Download images ......................................................................................................17 Drag
    [Show full text]
  • Hacking Exposed-Web
    Hacking Exposed ™ Web 2.0 Reviews “In the hectic rush to build Web 2.0 applications, developers continue to forget about security or, at best, treat it as an afterthought. Don’t risk your customer data or the integrity of your product; learn from this book and put a plan in place to secure your Web 2.0 applications.” —Michael Howard Principal Security Program Manager, Microsoft Corp. “This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites. The authors give solid, practical advice on how to identify and mitigate these threats. This book provides valuable insight not only to security engineers, but to application developers and quality assurance engineers in your organization.” —Max Kelly, CISSP, CIPP, CFCE Sr. Director, Security Facebook “This book could have been titled Defense Against the Dark Arts as in the Harry Potter novels. It is an insightful and indispensable compendium of the means by which vulnerabilities are exploited in networked computers. If you care about security, it belongs on your bookshelf.” —Vint Cerf Chief Internet Evangelist, Google “Security on the Web is about building applications correctly, and to do so developers need knowledge of what they need to protect against and how. If you are a web developer, I strongly recommend that you take the time to read and understand how to apply all of the valuable topics covered in this book.” —Arturo Bejar Chief Security Officer at Yahoo! “This book gets you started on the long path toward the mastery of a remarkably complex subject and helps you organize practical and in-depth information you learn along the way.” —From the Foreword by Michal Zalewski, White Hat Hacker and Computer Security Expert This page intentionally left blank HACKING EXPOSED™ WEB 2.0: WEB 2.0 SECURITY SECRETS AND SOLUTIONS RICH CANNINGS HIMANSHU DWIVEDI ZANE LACKEY New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2008 by The McGraw-Hill Companies.
    [Show full text]
  • Autocompletar Con Php Y Xajax
    AUTOCOMPLETAR CON PHP Y XAJAX Crearemos un autocompletar o buscador en línea de personas desde cero con php y mysql, usaremos la librería xajax para llenar y mostrar los datos de forma dinámica desde la base de datos, javascript para controlar algunos eventos, sobre todo para permitir el desplazamiento por la lista de coincidencias del autocompletar. Primero creamos nuestra tabla Persona: CREATE TABLE `persona` ( `IdPersona` int(11) NOT NULL auto_increment, `Nombres` varchar(50) collate utf8_spanish_ci NOT NULL, `Apellidos` varchar(50) collate utf8_spanish_ci NOT NULL, `NroDoc` varchar(10) collate utf8_spanish_ci NOT NULL, PRIMARY KEY (`IdPersona`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_spanish_ci AUTO_INCREMENT=17 ; Luego insertamos algunos datos: INSERT INTO `persona` (`IdPersona`, `Nombres`, `Apellidos`, `NroDoc`) VALUES (1, 'KARLA', 'KASOS', '2047957052'), (2, 'ANGELINA', 'JOLIE', '2053134335'), (3, 'CESAR', 'PISFIL PECHE', '43825485'), (4, 'GEYNEN', 'MONTENEGRO COCHAS', '12345678'), (5, 'VARIOS', 'CLIENTE', '-'), (6, 'JUAQUIN', 'ALVARADO', '33'), (7, 'VILMA', 'PALMA', '77'), (8, 'VLADIMIR', 'ZEÑA', '66'), (9, 'PEDRO', 'PERES PEÑA', '1111111111'), (10, 'PEÑA', 'PEÑA', '1111111111'), (11, 'JUAN', 'PERES', '33'), (12, 'JUANA', 'PERES', '33'), (13, 'ANDREA', 'TORRES', '33'), (14, 'MEGAN', 'FOX', '1111111111'), Geynen Rossler Montenegro Cochas Página 1 (15, 'KAREN', 'DEJO', '1111111111'), (16, 'JUITIJUITI', 'LA', '1111111111'); Estableceremos la conexión a la base de datos usando la extensión del php conocida como PDO (Objeto de datos del php), creamos un archivo con el nombre cado.php. <?php $manejador="mysql"; $servidor="localhost"; $usuario="root"; $pass=""; $base="bdautocompletar"; $cadena="$manejador:host=$servidor;dbname=$base"; $cnx = new PDO($cadena,$usuario,$pass,array(PDO::ATTR_PERSISTENT => true)); ?> Ahora crearemos nuestro archivo autocompletar.php, en el manejaremos el xajax (asumo que manejas el xajax), las funciones que me permitirán llamar al xajax, a las funciones del autocompletar y la vista.
    [Show full text]