Some Web Security Readings

I have been reading some articles about web application security especially on SQL injections, and recently found this great source:

SecurityDocs.Com / Exploits / SQL Injection

http://www.english.iibit.edu.au/?biographical-dissertation Biographical Dissertation There is also a dedicated section for PHP and MySQL:

Ann Temkin Dissertation SecurityDocs.Com / Application Security / PHP and MySQL

Hope everyone would find beneficial things.

Stress test with apache ab

I didn’t know at all apache ab sine yesterday when a guy who is working with us told me about this tool included in apache distribution.
Then I used with my site on localhost using this command line:

ab -n 9000 -c 900 localhost:8080/index.php

I got this results:

 Completed 900 requests Completed 1800 requests Completed 2700 requests Completed 3600 requests Completed 4500 requests Completed 5400 requests Completed 6300 requests Completed 7200 requests Completed 8100 requests Finished 9000 requests

 Server Software:        Apache/2.0.55 Server Hostname:        localhost Server Port:            8080

 Document Path:          /index.php Document Length:        37949 bytes

 Concurrency Level:      10 Time taken for tests:   407.890625 seconds Complete requests:      9000 Failed requests:        25    (Connect: 0, Length: 25, Exceptions: 0) Write errors:           0 Total transferred:      342093375 bytes HTML transferred:       340598850 bytes Requests per second:    22.06 [#/sec] (mean) Time per request:       453.212 [ms] (mean) Time per request:       45.321 [ms] (mean, across all concurrent requests) Transfer rate:          819.03 [Kbytes/sec] received

 Connection Times (ms)               min  mean[+/-sd] median   max Connect:        0    0   2.7      0      78 Processing:   140  452 217.8    359    2265 Waiting:       31  402 194.0    328    2218 Total:        140  452 218.0    359    2265

 Percentage of the requests served within a certain time (ms)   50%    359   66%    390   75%    421   80%    515   90%    750   95%    968   98%   1156   99%   1281  100%   2265 (longest request)

Mmhh.. 25 errors with 9000 connection and 900 concurrency level?
I must admit I never used stress test tool at all by my own, just one time I see it used when working for a big java based project.
Do you use some kind of benchmarking tool?

AS3 SoundMixer, my turn

It seems everybody did a test with the ActionScript3 SoundMixer class 🙂
How many of you still remember the days of FlashKit spectrum analyzer?
It seems so long time ago when we had to find a way for extract spectrum informations from mp3 files..
Btw, now it’s my turn with a little experiment
Flash player 9 beta 3 is required

Get Adobe Flash player

Columbia University Admissions Essay P.S. The song is from Epica:
album: Consign to Oblivion album
track: Huban K’u “A new Age Dawns – prologue”

Sound Mixer Spectrum Analyzer source code
Title: sound mixer 2 (0 click)
http://www.rainbowmediasolutionltd.com/ghostwriter-preise-bachelorarbeit/ Ghostwriter Preise Bachelorarbeit Caption: Sound Mixer Spectrum Analyzer source code
Filename: sound_mixer2-2.zip
Size: 52 kB

DragController updated

Thanks to the hard work of Nicolas Zeh the component I did some time ago (draggable controller) has now lot of changes!

  • a new name: DragController
  • Quick Business Plan drag and drop multiple items at once if multipleSelection is set to true for a component
  • added the following methods to the DragEvent Object:
  • evt.checkType
  • evt.addItem
  • evt.removeItem
  • evt.addAndRemoveItem
  • the methods were renamed to fit Macromedias naming conventions for methods
  • i lowered the addReference restriction that both components have to be UIComponents. Now only the source has to be an UIComponent and the target suffices to be a MovieClip.
  • added a veto method for the “drag_start” event. So user can decide on this Event if he would like to allow dragging of this specific item.
  • added an onDropData method besides the Event handlers. So you can assign this method directly to a defined target component.
  • added flags similar to DragAndDropTree component. These are:
  • DENYDRAGFOLDER (only tree component)
  • DENYDRAGITEM (only tree component, as i makes no sense for other components)
  • DENYDROPINTOITEM (only tree component)
  • DENYDROPINTOFOLDER (only tree component)
  • DENYDROPINTO (only tree component)
  • DENYDROPINBETWEEN this option disallows setting a specific target index position and will add the item at the end of the List, DataGrid, Tree
  • removed some bugs concerning Focus on Component and selectedItems. But i am not sure if there aren’t some left due to Flash’s strange Focus mechanisms. (sure, I still haven’t understood the focus mechnism of MM components)

There’s also a very comprehensive help of the component (just look in the F1 flash help panel)

Source code for the DragController Flash Component
Title: DragController Source (0 click)
Caption: Source code for the DragController Flash Component
Filename: source-2.zip
Size: 624 kB

Open Source ActionScript 3 Libraries Updated

Macromedia (ops.. Adobe) has just released a new beta version (3rd beta) of Flex, Flex Charting Components, Flex Data Service Components and Flash Player 9 (was 8.5).
In addition to new beta builds the open source ActionScript 3 libraries have been updated too.
These libraries include a number of changes:
* Updated to work with beta 3
* Some API renaming (mostly in corelibs : com.adobe.utils)
* Removed some redundant APIs (mostly in com.adobe.utils)
* Fixed bug where events where not being documented in docs
Libraries available are:
* corelib
* FlexUnit
* Flickr
* Mappr
* RSS and Atom libraries
* Odeo
* YouTube
also available for download via SVN using:

svn checkout http://labs.adobe.com/subversion/flashplatform/

For more informations see adobe labs
http://labs.adobe.com/svn/flashplatform/?/projects/