Dec 04 2022

8 Reasons Why Enterprises Use Java

Category: Security programDISC @ 11:53 am

What is an enterprise application in java?

An enterprise application in Java is a software program whose backend was created with the help of the Java programming language. Java is an excellent choice for creating back-end functionality.

In addition, the use of Java microservices enables the creation of large-scale, complex but well-performing solutions, that’s why it is often chosen by enterprises that are dealing with large amounts of data and need to create multi-functional complex solutions for their business.

What is Java used for?

8 Reasons Why Enterprises Use Java

8 Reasons Why Enterprises Use Java

Tags: Java

Dec 13 2017

Top 5 Programming Languages In 2018

Category: App Security,data securityDISC @ 6:14 pm

English: A selection of programming language t...

English: A selection of programming language textbooks on a shelf. Levels and colors adjusted in the GIMP. Français : Une étagère en bois de houx naturel lacqué : Prgrammé en java pour avoir l’AIR réel. Ainsi que quelques livres (Photo credit: Wikipedia)

Top 5 Programming Languages In 2018

Programming world is rising exponentially with every passing year. With over 600 unique programming languages. The main question which comes to everyone’s thought is which language is most appropriate given the current and future market needs.

Let’s see which programming languages are popular enough today to deserve your attention:

1. Java:
There is no doubt that Java is keeping its place as the most popular language from long time. It is still the most favored language for building the backends for modern applications.

2. Python:
One of the main reasons as to why python became so common is the tons of frameworks available for actually anything ranging from web applications to text mining.

3. JavaScript:
Every web browser supports JavaScript, it’s used by over 80% of developers and by 95% of all websites. With the ability of node.js, even the backend can also be developed using JavaScript.

4. C++:
This language is regularly used for application software, game development, drivers, client-server apps and embedded firmware. According to Coding Dojo, C++ continues in use in several legacy systems at large enterprises,

5. C#:
An object-oriented language from Microsoft designed to run on the .NET platform, This language is designed for use in developing software and it is also massively used in video game development.

Tags: C++, Java, JavaScript, Python

Jan 24 2013

Controls against Mobile Code

Category: ISO 27k,Mobile SecurityDISC @ 12:16 pm

ISO 27002 control A 10.4.2 of the standard requires that mobile code execution should be restricted to an intended environment to support an authorized organization mobile code policy.

What is a mobile code so let’s first start with the definition: ‘Program or a code that can execute on remote locations without any modification in the code can travel and execute from one machine to another on a network during its lifetime.’ Some of the computer languages used for mobile code include but not limited to Java, JavaScript, Active x, VB script, C++, C#, ASP.NET, macros and postscripts.

Mobile code could be use for some benign to a very malicious activity which basically depend on coder intentions. Malicious activities may include collection of personal and private information, patient healthcare information, introducing Trojans & worms, and sometime used to modify or destroy information.

Different mobile code languages are used to achieve various goals by the the coder, most pop-ups are coded in JavaScript, Active x for downloading apps and patches. Only If a coder/hacker is enable to execute a mobile code on an organization infrastructure (PC, router, switch, server..) will make it possible to download, collect personal and private information and for that matter any other malicious activity.

example, if one window or frame hosted on one server tries to access the properties of a window or a frame that contains a page from a different server, then the policy of the browser comes into play and restricts that type of action from happening. The idea behind such restrictions is to prevent hackers from putting their pages inside the original page and extract unauthorized information where codes inside their pages are written for that purpose

Protections for Mobile Code
One of the solutions to secure the JavaScript from using it to write a mobile code and run it on the client-side is to perform parsing of the code before execution. If the code can be parsed before execution i.e. having access to the stack, where control over the execution of the code can be achieved the malicious virus can be prevented.

The best and the easiest way to block mobile code is to have an authorized policy to ban or restrict the mobile code into your organization. To implement this policy, an organization can build a rule set on their firewall to block all the mobile code at the perimeter and stop entering into the organization. At the same this may not be feasible for many organizations since languages like JavaScript and active x are used heavily in building website to add bells and whistles. This takes us back to familiar risk assessment question, how much and what mobile code should be allowed into the organization. Organization should assess the related risk to each mobile code and allow or disallow based on the risk it pose to business. If there’s an exception make sure the business owner sign off the exemption form.

Ongoing user awareness to mobile code policy and risk assessment process will be necessary to minimize risk. Block mobile code should be monitored or scanned based on the policy and appropriate measures should be taken if rogue mobile code is detected.

Do you check your verdors or partners are not downloading malicious mobile code on your website?

To know more about Mobile Code….
Titles on eBay
Titles on DISC InfoSec Store

Tags: ActiveX, Business, ISO/IEC 27002, Java, JavaScript, Mobile code, Personal computer, VBScript