Web Applications

14K

Solutions

40

Articles & Videos

14K

Contributors

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
Salesforce Has Never Been Easier
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Hello Experts,

Somehow on some of our websites, the redirect to 443 was shut down.

How would you go about finding the missing redirects?

This is on Windows IIS.

The only thing I can think of is running scans on 80 and 443 and compare the two, but I don't think that will address the missing redirect. We do not have a Web Application Firewall to determine this.

Would the firewall reporting tools work? What the SIEM?

Thank you, your recommendations are appreciated.

Steph
0
Hello,

In  a web application, we have a horizontal area of the screen displaying various metrics. e.g. (scrubbed)

Temperature     Humidity     Wind Direction  Wind Speed  Barometer
        74                    53%                 SW                         10 MPH        29.86


It's not a toolbar or ribbon b/c it's display-only. Accordingly, is there a more concise name than "screen area"?  I suppose I could say "section", but I'm not thrilled with that word. :)

Thanks,
Steve
0
As this is a proprietary app developed some time ago, it does not come with
an audit logging & it became an audit finding.

I'm proposing a 'video-recording' of users session to be implemented as
compensating controls.

Anyone can suggest any tool to do such video recording such that when
the thick client is executed, it will start video capturing the screen &
upon exiting the app, the recording stops & gets saved.

2 tools below was found while browsing the Net but our applications
developer retorted they're not the right products:

Apps guy: VSTS below seems to be only applicable to web applications? True or False?
https://social.msdn.microsoft.com/Forums/vstudio/en-US/5f413bcd-3b5f-4e3b-bf21-f70bd08e4408/how-to-record-a-thick-client-application-with-vsts-ultimate-2013?forum=vstest

Apps guy: JMeter works by pushing thick client traffic through JMeter proxy which detect traffic
and record it into JMeter HTTP Requests & this JMeter proxy is located out there in the Internet
& using this solution means pushing sensitive data out there into Internet.   True or false?
http://www.jmeter-archive.org/Recording-Thick-Client-td5719409.html
0
Hi,

I'm documenting a time field that displays (e.g) 10;42:38.496
where .496 is 496 thousandths of a second.

So, if I say
HH:MM:SS.xxx, which are the letters to use for xxx?

Thanks,
Steve
0
Hello,

What is the proper terminology for a horizontal area at the top of a screen that contains not only menu choices, but also other options (e.g. change password, configure screen layout, etc.) I can't truly call it a menu, so what works? Panel? Bar? Something else?

Unfortunately, I cannot provide a screenshot b/c the software's proprietary.

Thanks,
Steve
0
I have a customer who wants to add a live chat feature to their web site (I think mostly for people who are having technical issues, or questions about enrolling in their courses, etc.)  Compatibility with various browsers would be a plus too.

Anyone have particular chat software/function that they recommend?

Thanks.
Dave
0
Hi Experts,
I need help writing HTML for a specific page layout.  I am building dashboard and I need it to look like the image below.
How would I write the HTML to get this layout?

HTML LAYOUT NEEDED

Thanks in advance,
mrotor
0
Dear Sirs,

I am moving to Spring MVC for my web applications, and I would like to confirm if the change I made to my DAO class is right when it comes to transaction management, try/catch of exceptions.
I have a global exception handler annotated with @ControllerAdvice on the class, @ExceptionHandler on the methods. From the lecture, I understand that this will handle all the exceptions.

I make use of @Service for my Services class, add @Transactional at the Service class. From the lecture, I understand that Spring will handle Transactions management, meaning it will begin the transaction, commit or rollback it as needed.

I make use of @Repository for my DAO class.

From the @Controller class, I auto wired my Service class.
From the @Service class, I auto wired my DAO class.

And below is the change I have to my DAO class:
Before
 
@Override
    public boolean deleteRecord(long id) [b]throws Throwable[/b] {
        boolean execsql=false;
        Session session = null;
        Transaction tx = null;
        try {
            session = sessionFactory.openSession();
           [b] tx = session.beginTransaction();[/b]
            
            String sql = "UPDATE Account SET active=0 WHERE accountKey=:p_id";
            Query query = session.createQuery(sql);
            query.setParameter("p_id", id);
            query.executeUpdate();
            [b]tx.commit();[/b]
            execsql=true;

        } catch (Exception e) {
            if (tx != 

Open in new window

0
Hi all,

I am trying to convert PDFs which can have page turn look, is there a script or any free pdf software which can achieve this?

thanks,
0
Is Your DevOps Pipeline Leaking?
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

How can I figure out how many CALs are installed on my Lync Server 2010? I can run the get-csuser command and get a count of active licenses, but I can't figure out how many are installed, so I know how many open seats I have.

Every time I search for anything regarding licensing, its around how it works, not how to tell how many copies I have installed, or how to install new licenses.
0
any one knows a online service where I could insert and update website links and they would open in a browser say every 2-6 minutes, kinda it would rotate the pages on a the screen? Even better if they could be pulled from say Chrome or Firefox bookmarks. I just want to have an easy way to show news and saved articles on a big screen and auto rotate

Thanks
0
Hello,

I'm documenting a web application where the only way to exist is to exit the active browser window (tab?) in which the app is running.

Which is better terminology?

"To exit this application, close the active browser window"
"To exit this application, close the active browser tab""
<Something else>?

However I state it, I want to make it clear that you should not close the entire browser. :)

Thanks,
Steve
0
Hello all, I was wondering if anyone knew of any developer forums or communities of any kind for Barracuda WAF technologies? I've looked into courserra, cybrary and the like and can't find much. I'm a SIEM guy by trade (trade is relative as I have about 7 months of practical IT Security exp). Although at face value the technology seems very straightforward, let it be known that my firewall experience is limited to Dell SonicWALLs for small local businesses, with mostly a set-and-forget methodology. In my new role, i'll be in charge of the WAF and other than the Admin guides I've been drilling on, I was wondering if there is anything else? Google doesn't yield much for me either.


Thanks.
0
On my cell phone , I log into Skype using my work credentials, so I can stay attuned of uptime issues that occur off hours. So when someone Skypes me on my personal Skype, I only see it if I log into my PC.

Is there a way to resolve this? Or can Skype email me when a message is sent to me?

Thanks
0
Hello,

I have been trying to setup a Azure Web App with a custom domain name record and web.config file which can take care of http redirections for our domain.

I've configured the web app based on this technet article.

https://social.technet.microsoft.com/wiki/contents/articles/32229.azure-create-an-url-rewrite-azure-web-app.aspx

After following all the instructions I am unable to get the redirection to work. Here is the web.config file output which I am using.

<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name=”projects.domain.com” patternSyntax=”ECMAScript” stopProcessing=”true”>
                    <match url=”http://projects.domain.com” />
                    <action type=”Redirect” url=”https://domain.sharepoint.com/sites/pwa/default.aspx" appendQueryString=”false” redirectType=”Permanent” />
                </rule>
        </rules>
        </rewrite>
    </system.webServer>
</configuration>

When I try to connect to projects.domain.com I receive the following message.

The page cannot be displayed because an internal server error has occurred.

Can anyone please help me understand what I am doing wrong here?

Thanks.
0
Hi EE,

We are running a 3rd party web application using IIS Server. The issue is that some web pages work in compatibility view and others don't is there a method that would allow us to set either at the IE level or the IIS level when to execute the compatibility view function.

Any assistance is welcome. using IIS 7 and IE10.

Thank you.
0
Does anyone know of a good tutorial on building a survey system using PHP.

I'm having trouble wrapping my head around how branching on a survey works (where some questions are hidden unless the answer to another equals something), in particular how the concept would work in terms of storing that data in a table and then using it at run time.
0
I run a website for a nonprofit society and I'm looking for a reasonable cost forum host with good privacy policy for its subscribers.
0
Instantly Create Instructional Tutorials
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Hi,

One of our developers finished up with us today without any notice.

While I don't think they will cause any problems, they have full access to one of our major projects:

- root server
- database
- domain
etc...

Apart from changing the passwords for each of the above, can you advise on anything else we should consider / include in locking down the project?

Thank you in advance for your help.
0
I'm learning Django, and trying to see if I can come up with a simple app, that just keep track of text only pins.

I can access the admin and view and create objects there without problem. What I am having trouble with is understanding why the data isn't coming up in the template.

My code is below.

models.py
from django.db import models
from django.utils import timezone


class Pin(models.Model):
    created_at = models.DateTimeField(default=timezone.now)
    title = models.CharField(max_length=255, default="Untitled")
    description = models.TextField(default="")

    def __str__(self):
        return self.title

Open in new window


admin.py
from django.contrib import admin
from .models import Pin

admin.site.register(Pin)

Open in new window


urls.py
from django.conf.urls import url
from django.contrib import admin
from . import views

urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^$', views.pin_list),
]

Open in new window


view.py
from django.shortcuts import render
from . models import Pin


def pin_list(request):

    pins = Pin.objects.all()
    return render(request, "pin_list.html", {'pins': pins})

Open in new window


pin_list.html
{% load staticfiles %}

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Pins</title>
</head>
<body>


<img height = "50px" src = "{%  static "images/logo.jpg" %}" >

<ul>
{% for p in pins %}

    <li>{{ p.tile }}</li>

{% endfor %}
</ul>

</body>
</html>

Open in new window


When I runserver and look at the "view source" of the resulting html I get this
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Pins</title>
</head>
<body>


<img height = "50px" src = "/static/images/logo.jpg" >

<ul>

</ul>

</body>
</html>

Open in new window


Why isn't my data coming up? What am I missing?
0
Has anyone ever set up one of these before using an online template? I recently decided to take on a partner and need to draft something up. I found something on lawdepot.com that looked promising... Any suggestions is most appreciated!

Not sure exactly what topic this Q should fall under, please feel free to suggest topics or edit them.
0
One of our RSS feed URL's has been https://neighborsofchampaign.com/feed?cat=-4  originally set to pull our General News feed from a Wordpress site.  These RSS feeds are being used with MailChimp campaigns.

Other specific Wordpress categories are formatted  https://www.neighborsofchampaign.com/?cat=210&feed=rss2

Questions:
1. What is the -4 value effect on the RSS feed?  Note: the actual category ID for General News is 3 in our case.
2. Is the domain/?cat=xxx&feed=rss2  the formal way to format rev 2 of RSS?
0
Hi,

I have been using Optimizely (free account) for quite sometime. My account has stopped working and they are requesting that I upgrade. This was not a problem until they provided me with a €20,000 per annum quote.

Can anybody recommend a simple by reliable split testing service / software . I only need to provide simple spit tests such as:

- change the text on a button
- change the color of a button
- change the headline text

Thank you in advance for your help.
0
When users visit a particular internal website they get a message that the site is "Not secure" within Google Chrome (see the screenshot).

What can be done so that the connection to the website will be secure while the users visit this website within Google Chrome?
 
METTEAM08-NOT-SECURE
0

Web Applications

14K

Solutions

40

Articles & Videos

14K

Contributors

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.