Snow
Forest
Mountains
Snow
Snow

Monthly Archives: October 2019

Benefits of learning java programming language

Category : Blog

Benefits of learning java programming language

 

Java is a general-purpose, high-level programming language developed by Sun
Microsystems. who initiated the language in 1991.
Java is a widely-used programming language. It is also among the most favored for the development of edge devices and the internet of things.
It can also be used to build a small application module or applet for use as part of a webpage.Java can be used to create complete applications that may run on a single computer or be distributed among servers and clients in a network.

Why Became Popular?

Java source code is compiled into Java byte code, which can run anywhere in a network, on a server or on a client environment that we are called Java virtual machine (JVM).
The JVM interprets convert to byte code into code that will run on computer hardware. In contrast, most programming languages, such as COBOL or C++, will compile code into a binary file. Binary files are platform-specific. The JVM includes an optional just-in-time (JIT) a compiler that dynamically compiles byte code into executable code. In many cases, the dynamic JIT compilation is faster than the virtual machine interpretation.

Features of Java

Object-oriented Concept

 

An object is made up of data as fields or attributes and code as procedures or methods. An object can be a part of a class of objects to inherit code common to the class. The main aim of OOP is to bind together the data and the functions that operate on them so that no other part of the code can access this data except that function.

Exception Handling in Java

To make a robust and well-behaved application, Java offers an exception handling mechanism using to maintain the normal execution control flow when an exception occurs. The Java exception-handling mechanism contains five keywords: try, catch, throw, throws, and finally.

Interpreted language

Java byte code is translated on the fly to native machine instruction & it’s not stored anywhere. The development process is more rapid and analytical since linking is an incremental and light-weight process.

 

Benefits of Java

Data Security

Unlike C++, Java does not use pointers concept, which can be unsecured. but in java environment Data converted to byte code, this code is not possible to read by humans. Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs, and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.

Desktop GUI applications

A java GUI application uses the standard java components GUI set, swing & is deployed to the desktop. Java Swing is a lightweight graphical user interface that means a GUI toolkit that includes a rich set of widgets. It includes packages that let you make GUI components for your java applications & it is platform-independent.

Scientific Applications

Java supports scientific application development, because of it is security very powerful, robustness features, much scientific application based on java technology.
Web Applications These are the main component of java which helps to develop the web-based applications. We can develop can kind of web-based application which helps with these technologies.

Mobile Applications

In Today’s world, every second phone has an android OS which is based on Java. Java is the technology of choice for building applications using managed code that can execute on mobile devices.

 


10 Reasons to why should you became a Microsoft Azure Certified

Category : Blog

10 Reasons why should you become a Microsoft Azure Certified

 

In recent years, the entire concept of computing has seen a drastic change and
seen a lot of improvement and evolved from traditional computing to cloud
computing. So the important aspect of cloud computing is that the data is shared
across the cloud and the data is available on the demand.

With the help of cloud computing facilities, all the computing resources are shared
across so that the data can be accessed from any part of the world with minimal
effort. With cloud computing got into the pictures, users and enterprises have the
possibility to store the data in the cloud.

It has seen a lot of attraction because it is one of the cost-effective solutions where
the companies don’t have to invest in any of the infrastructure cost personally.
However, if you don’t have any experience using cloud services, you should first
get Azure training and become a certified expert. Here are ten reasons why you
should get a Microsoft Azure certification training before using cloud services.

 

 

 

1. Career flexibility :

Microsoft Azure certifications are very important when pursuing a career
in cloud computing, and it offers flexible career options. Microsoft Azure
certifications help secure credible roles such as cloud administrator, developer,
security engineer, AI engineer, data engineer, solutions architect, and DevOps
engineer. Microsoft Azure offers nine role-based certifications that not only
increase your versatility in the role you are in, but also in the industry you are
working in.

The best part about using Microsoft Azure is that you don’t have to learn
how to operate so many different tools. Azure offers all the commonly used
tools including Hadoop, Xcode, Eclipse, Github, etc. to make it easier for
newcomers to adapt and start using this platform. Additionally, with a concise
learning process, you can get your certification faster and start your career. You
can find lots of study material available online in the form of detailed guides
and tutorial videos, as well.

2. Structured learning :

 


The structured learning methodology to get Microsoft Azure
certifications lead you to learn different tools easily. Candidates find many
common tools such as Hadoop, GitHub, Eclipse, etc. that are easy to learn, and
newly interested candidates can easily adapt to the Azure platform and services
with simplicity and ease.
Most importantly, fresh candidates can improve their Azure learning and
career path with a faster, more concise learning process. Many online resources
such as tutorials, ebooks, and courses are available to learn the theoretical and
practical concepts of Azure services. So the learning curve is not that hard
compared to the other competitors.

3. Higher Salaries :

As the skill is special compared to the other standard technologies, the
individuals who are into cloud computing gets more salary when compared
to others. The average salary for the individual who is into Azure is about

$53,602 per annum. IF you have made it to the senior level where you act as
a Senior Software Architect, then you can expect about $164,170.
Also comparing the industry standard across different companies, the
basic average salary per annum is about $40,914.

4. Progressive career development :

Microsoft Azure is one of the leading cloud service providers and offers nine
role-based Azure certifications based on market requirements. By earning
any or all of the Azure role-based certifications, you can ensure professional
career development and recognization in the market. Currently, most
businesses are adopting Azure cloud services and the demand for Microsoft
Azure certified professionals is increasing.

Azure certifications offer a wide range of professional tracks, including
Azure administrator, architect, developer, security engineer, AI engineer,
data scientist, and data engineer, enabling you to become a leading cloud
professionals in the market. There are currently 6,000,000+ government
employees who are using Azure cloud services. As a Microsoft Azure
certified professional, you have a better opportunity to land up a job in the
government sector.

5. Complete environment :

The main difficulty with most of the software applications is not having a
perfect environment for complete testing. Microsoft Azure Cloud has also
addressed this as it provides close integrations for the overall solutions. The
applications built using their platforms will help the organizations to
develop, test and deploy easily.
All the mobile and web applications are completely integrated using their
API and the teams can kick-start the development processes.
6. Beneficial cloud service provider :
Choosing the right cloud service provider is very important for businesses
because all of their data or processing is dependent on their availability.
Azure guarantees 99.9% uptime where there are no technical glitches are

seen. Also, Azure cloud services provide Paas, hybrid solutions and also an
array of beneficial services.
So the uptime of the applications is not at all compromised.

7. Certification will boost your career and salary:

With a Microsoft Azure certification, you can certainly become a
successful developer and earn a handsome salary. The demand for such
experts is on the rise with many top businesses switching over to cloud
services. The following are a few certifications you can get to kick start your
career in this industry :
o Microsoft Certified Solutions Expert (MCSE)
o Microsoft Certified Solutions Developer (MCSD)
o Microsoft Certified Solutions Associate (MCSA)

 

8. Hybrid Capabilities :

 

Microsoft Azure is packed with hybrid services that permit your data
to be accessed from all over the world. The hybrid connections include
Content Delivery Networks (CDN), Virtual Private Networks (VPN), and
ExpressRoute, which improve user experience and performance. Many other
cloud service providers are still unable to offer such protocols.

9. Security offering :

Microsoft Azure is packed with hybrid services that permit your data
to be accessed from all over the world. The hybrid connections include
Content Delivery Networks (CDN), Virtual Private Networks (VPN), and
ExpressRoute, which improves user experience and performance. Many other
cloud service providers are still unable to offer such protocols.

10. Enterprise agreement Advantage :

All the organizations that are already using Microsoft software for
their development activities then they are automatically enrolled under the
“Enterprise Agreement” advantage. So the use of this agreement will help
the organizations to get competitive prices and extra discounts on the new

software products and on the Azure cloud services. This is a boon for all the
organizations so that they can try out all different services from Microsoft
without actually paying a hefty amount. Using this facility small companies
can also afford cloud services at minimal prices and offer a great value-
added product to the market.

 

Conclusion:

Microsoft Azure is an all-around cloud service that allows
users, both businesses and individual developers, to maximize the efficiency
of their processes and benefit from its cost-effectiveness. It is recommended
that you invest time and energy in acquiring a certification in this technology
to streamline your business operations and reach new heights of success.

 


AWS: Expectation vs. Reality

Category : Blog

AWS: Expectation vs. Reality

 

 

Amazon Web Services(AWS) is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy any type of application in the cloud. These services or building blocks are designed to work with each other, and result in applications that are sophisticated and highly scalable.

AWS is hitting the markets big time. Today the stability and demand of engineers in this niche are at its all-time high. However before diving in it completely it is imperative to understand what exactly it does and how beneficial it is. Putting it in simpler words it is important to understand the difference between expectations and reality. There is no denial of the fact that more and more companies are now moving towards cloud-based solutions. This huge shift of pendulum has benefited AWS tremendously as no other solution comes close to what they offer. This is the reason why engineers today are enrolling in AWS Training in Kolkata to better understand it.

 

 

 

Set-Up

Expectation: Setting it up will not be difficult as Amazon wants more and more companies to use its solution. So they would have made it as simple as possible.

Reality: Yes Indeed, setting it up is actually quite simple. All kinds of tutorials are available online to ensure engineers are able to go about their stuff smoothly. From running the database to hosting a website there is a tutorial available for each of these services.

 

Cost

Expectation: Since it is an Amazon product so it will be on a higher side of the budget. Also at the minute, it is enjoying a good monopoly so amazon can price it as per its liking.

Reality: Contrary to the expectations, AWS is actually very cost-effective. Not only you will be able to save money by notching up your productivity but overall also the cost of its deployment and usage is not much as compared to other available marketing solutions.

 

Security

Expectation: No doubt cloud based solutions are effective but you have to compromise on security. AWS security can easily be breached, so developers have to be careful while using it.

Reality: When it comes to security, they are second to none. Amazon at its own end has done quite a bit to ensure proper security to its users. No doubt developers have to be careful while deploying their solutions still services offered by Amazon in this regard is awesome, all the more reason why it is a perfect time to be in AWS Training.

 

Future

Expectation: AWS is good and in demand but this is the best it can offer so it is good to get into in now and look for options later

Reality: Though AWS enjoys a great market hold but its story doesn’t end here. In fact, every few months they are adding on to their current set of services. Working hard to their already successful system and helping their customers to grow even bigger. The best thing about these solutions is the more you use them the better they get. This is the reason why more and more people are using it. These solutions are going to stay, so if you are interested to join an AWS Course in Kolkata today and make a difference.

 

Conclusions:

AWS offers the largest global footprint in the market. No other cloud provider offers as many regions with multiple Availability Zones, with 69 Availability Zones (AZs) within 22 geographic regions around the world, and announced plans for 10 more AZs and three more AWS Regions in Indonesia, Italy, and South Africa.

AWS Regions each have multiple AZs that are physically separated and isolated from each other and are connected by low latency, high throughput, and highly redundant networking. The AWS Region/AZ model has been recognized by Gartner as the recommended approach for running enterprise applications that require high availability.


Introduction to DevOps

Category : Blog

 

Introduction to DevOps

 

DevOps is not a tool or a team, it is the process or a methodology of using various tools to solve the problems between the Developers and the Operations team in an organization, hence the term came “Dev-Ops”.

The development team always had the pressure of completing the old, pending work that was considered faulty by the operations team. With DevOps, there is no wait time to deploy the code and getting it tested. Hence, the developer gets instantaneous feedback on the code, and therefore can close the bugs, and can make the code production ready faster!

 

The business Values of DevOps

 

2018 was proclaimed the year of enterprise DevOps by Forrester, as more than 50% of enterprises worldwide have already done their DevOps transformation or are in the process of it. Here We will explain this below, with some examples of how DevOps helps companies across various industries succeed.

In short, implementing DevOps best practices and workflows helps businesses save time and money, increase software lifecycle predictability, build a corporate culture around innovation and keep motivation levels high. We will discuss it in detail.

DevOps Saving time and money: DevOps principles of IaC, CI, and CD help ensure the uniformity of task scenarios and infrastructure immutability, so automation becomes 100% efficient and helps greatly reduce the amount of time and effort spent on routine and repetitive tasks.

DevOps Training in Kolkata

 

 

DevOps Tools

 

Tools you’d use in the commission of these principles. In the DevOps world, there’s been an explosion of tools in release (Jenkins, Travis, TeamCity), configuration management (puppet, chef, ansible, cfengine), orchestration (zookeeper, Noah, Mesos), monitoring, virtualization and containerization (AWS, OpenStack, vagrant, docker) and many more. While, as with Agile, it’s incorrect to say a tool is “a DevOps tool” in the sense that it will magically bring you DevOps, there are certainly specific tools being developed with the express goal of facilitating the above principles, methods, and practices, and a holistic understanding of DevOps should incorporate this layer.

 

 

Most Influential Benefits Of DevOps

 

Speed: DevOps practices let you move at the velocity you need to innovate faster, adapt to changing markets better, and become more efficient at driving business results.

Rapid delivery: When you increase the pace of releases, you can improve your product faster and build a competitive advantage.

Reliability: DevOps practices like continuous integration and continuous delivery can ensure the quality of application updates and infrastructure changes so you can reliably deliver at a more rapid pace while maintaining an optimum experience for end-users.

Improved collaboration: Under a DevOps model, developers and operations teams collaborate closely, share responsibilities, and combine their workflows. This reduces inefficiencies and saves time.

Security: You can adopt a DevOps model without sacrificing security by using automated, integrated security testing tools.

 

 

 

 

Conclusion

 

DevOps is a revolution that aims at addressing the wall of confusion between development teams in big corporations having large IT departments where these roles are traditionally well separated & isolated.

Now, what about smaller corporations that don’t necessarily have split functions between developers & operations?

Adopting DevOps principles & practices, such as deployment automation, continuous delivery and flipping still bring a lot.


ICSS Saved Harvard University from Hackers.

Category : Uncategorized

ICSS Saved Harvard University from Hackers.

 

ICSS team member Pritam Mukherjee has founded a vulnerability on the website of Harvard University and it is resolved now from their end. It is a proud moment for ICSS.

 

What is cross-site scripting (XSS)

 

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data.

 

Cross-Site Scripting (XSS) attacks occur when:

 

  1. Data enters a Web application through an untrusted source, most frequently a web request.
  2. The data is included in dynamic content that is sent to a web user without being validated for malicious content.

 

The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash, or any other type of code that the browser may execute. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.

 

How to find and test for XSS vulnerabilities

The vast majority of XSS vulnerabilities can be found quickly and reliably using any web vulnerability scanner.

Manually testing for reflected and stored XSS normally involves submitting some simple unique input (such as a short alphanumeric string) into every entry point in the application; identifying every location where the submitted input is returned in HTTP responses; and testing each location individually to determine whether suitably crafted input can be used to execute arbitrary JavaScript.

Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser’s developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable. However, other types of DOM XSS are harder to detect. To find DOM-based vulnerabilities in non-URL-based input (such as document.cookie) or non-HTML-based sinks (like setTimeout), there is no substitute for reviewing JavaScript code, which can be extremely time-consuming. Any web vulnerability scanner combines static and dynamic analysis of JavaScript to reliably automate the detection of DOM-based vulnerabilities.

 

How to Protect Yourself

 

The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet.

Also, it’s crucial that you turn off HTTP TRACE support on all web servers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported by the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user’s cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all web servers.

 

How to Determine If You Are Vulnerable

 

 

XSS flaws can be difficult to identify and remove from a web application. The best way to find flaws is to perform a security review of the code and search for all places where input from an HTTP request could possibly make its way into the HTML output. Note that a variety of different HTML tags can be used to transmit a malicious JavaScript. Nessus, Nikto, and some other available tools can help scan a website for these flaws, but can only scratch the surface. If one part of a website is vulnerable, there is a high likelihood that there are other problems as well.