Pages

Search This Blog

Monday, January 2, 2017

CSRF ATTACK

CSRF ATTACK :

Csrf stands for cross site request forgery. In this attack a hacker sends a request to website from untrusted source and hence request is processed by web server. This may result in unexpected behaviour of application like incorrect information store in database, invalid financial transactions etc. The below picture demonstrate behaviour of csrf attack.



In above picture an attacker prepares a web page so that user click on button to get his win amount. After this he asks users information like email password etc.  If user enters his information thinking that he is entering in genuine site, And hence results in information stealing.

Prevention:

To prevent csrf attack web page sends an anti forgery token with request and this token later matches with in controller's action method. If token does not match, request will not process by web server. Below picture illustrates implementation of anti forgery token to prevent csrf attack.



In web page we need to send an antiforgery token. And this token matches with controller action method.

How attack takes place if anti forgery not implemented:

Here is the general gist: You are logged in to your bank's website. Your bank puts a cookie on your machine so it can authenticate you. Every time you make a request to (ie. load a page from) yourbank.com, the browser sends the cookie to the web server and the code on the web server checks the cookie to make sure you're authenticated. Great.
However, while the cookie hasn't yet expired, you check your mail and open an email from a Nigerian Prince telling you to click on a link. You click on it (who can resist) and instead of taking you to the page the Prince has described, the link takes you to this URL:
Because you're already authenticated at your bank (through the cookie), it thinks you're actually asking to transfer the money, so it does it.
This is obviously a bit of a contrived example, but it gets the point across. More realistically, the link might submit a request that changes your email address on a forum website that you belong to or something, so that they can get access to it.

Tuesday, December 6, 2016

Importance of Communication Skills In Business, Workplace & Professional Life

Importance of Communication Skills In Business, Workplace & Profession Life
Communication is a most important skill. Communication skills are not only needed in daily personal life, but also required in the profession, workplace and in business.
Depending on the nature of your profession. If you work in a team or interact with customers or other people, you often find the certain situations which are challenging to handle, this is where having best communication skills become handy.
These are kind of skills some are just born with it, one great example is Steve Jobs’ communication and negotiation style, and he is regarded as someone who had the best presentation and business negotiation skills. One of the great importance of having the best communication skills was the success of Steve Jobs and others, although it’s not the only factor which make them successful, but definitely it’s one of it.
You can’t be successful without great communication skills in professional life or in business. It is important for a good communicator to be a good listener. No one wants to be a good listener while everybody is extremely interested in a good communicator. Every person with great communication skills are in favour of listening.
Every good communicator stresses on the importance of listening. With this basic lesson, let’s learn more to enhance our communication skills.
Being successful at profession, workplace and in business with best communication skills
Let’s get all the basics sorted first which provide a skills for having best in communication, you can use these skills when interactive people in personal life, at workplace, in any profession and dealing with customers and others in business
The one thing every great communicator does is start with scratch. Nobody is born great. You have to start from somewhere. It is best to start with basics. Understand what communication is and how you can effectively say what you intend to.
  1. Practice makes a man perfect: Pretty old but yet valid, this can take you a long way. The best approach is to practice it a lot. Whatever you intend to do, rehearse it. While rehearsing you’ll be able to analyse your pros and fill in the gaps.
  2. Coordinate body and words: It is highly imperative that your body says whatever you are saying. Body language including gestures and overall posture must be reflecting what you are trying to communicate. It is very unsatisfying if your body and words don’t coordinate.
  3. Maintain eye contact: Eye contact also has a great value. When you maintain eye contact with audience while communicating with them, it reassures that you are honest and sincere. People tend to believe you more when you maintain eye contact with them.
  4. Speak slowly: It literally doesn’t mean that you bore the audience with your low pitch and drooling speed. You just have to ensure that your speed is balanced and people can clearly listen each word you are saying.
  5. Engage the listener: Engaging the listener means communicating in such a manner that people are interested in talking to you. This is essentially important if you want to become an exceptional communicator.
  6. Be a listener yourself: This will help you to understand what makes people listen. When you finally figure that out, you will be able to make people listen to you. Other than that, listening is focus of every communication related literature because listening has a unique value in making you a great communicator. Always listen what other person is saying, analyze it and then answer it. Listening completely prepares you for answering in an effective way.
  7. Tell stories (real ones): Nothing gets the audience like stories and meaningful examples. You totally sell it when you tell a story. People listen to you more carefully and they become more interested. However, don’t tell the fiction because come on, you are not 2 anymore. When you tell real life stories and examples people understand that you are experienced and know what you are saying.
  8. Let people participate: Be that friendly person who never gets offended when people ask questions. This not only makes the people interested but you get to learn and people value you more. Nothing can prove your authenticity like open question answer session.
  9. Polish it: At this stage you finally give that pro touch that differentiates you from all mediocre conversations. Remember that you can’t reach this stage without working on basics. Polishing is only required if you have certain skill.
  10. Use humour: Humour is important if you want to sell your stories. It helps in impressing listeners. It validates your stories and polishes your existing skill. You should never worry to be a little clever and use humour. You’ll shine more with humour.
  11. Maintain positivity: This comes with this great smile and exceptional attitude. People should feel comfortable and motivated when talking to you because you have this great attitude named positivity.
  12. Final word: There is always room for improvement when it comes to communication skills. Thus make sure that you never stop taking these skills to the next level of improvement.

Monday, December 5, 2016

What are Views in SQL and advantage of it?How to use it.

Views- It is a stored SQL statement that defines a virtual table. It takes the output of a query and                     makes it appear as a virtual table.

Advantages:-Here are the advantages of use view.

1.To hide the complexity of a query
  (i)  Provide different representations of same data.
  (ii) To ensure that exactly the same SQL is used throughout your application.

2.To improve security by restricting access to data
  (i)  Restrict the columns/rows which can be queried.
  (ii) Restrict the rows and columns that may be modified.

3.To isolate and application from any future change to the base table definition
  (i) Users formulate their queries on the views (virtual tables).

When and how to use:-
Suppose that we have a table which contain first name, middle name, last name and address of user
and somewhere is requirement of list of full name of users.



It will give following result


To get list of full name of user here is the view

LTRIM and RTRIM are SQL string functions.These funtions I have used to remove if any whitespace present left side or right side of FirstName,MiddleName,LastName.
Now whenever you need list of full name of users you can get it by executing this newly created view



















Thursday, November 17, 2016

THE 4 FACTORS WHICH SLOWDOWN DATA TRASFER AND HOW TO IDENTIFY THEM

The 4 factors which slowdown data trasfer and how to identify them
Every IT Operations team faces complaints indicating that the network is slowing down or poorly delivering applications. Their very first focus is on checking the network performance (latency, packet loss, etc.). 
Nevertheless, the network is not the sole driver of data transfer speed and of the end user experience.
Many other factors directly impact how fast application queries and responses will flow through the network. If one wants to troubleshoot performance degradation, this check list of the factors which can badly impact the transfer speed, will come in very handy. 
Let’s start with what may be network-led:
1.    NETWORK LATENCY
Network latency refers to the time needed to send a packet from the source to the destination. This time varies depending:
  • on the physical distance,
  • the number of network devices which have to be crossed (also referred to as number of hops)
  • and to a lesser extent, to the performance of each of the devices.
The relationship between latency and transfer rates depends on the protocol which carries the data. To keep the focus on the most common ones: for a UDP flow, latency may not have an impact. As for TCP applications, generally the most commonly used protocol, it will have a drastic impact.
2.    NETWORK CONGESTION
Network congestion refers to the saturation of a path used by packets to flow between the source and the destination. The element on the path can be either an active device (e.g. Router or Switch) or a physical link (e.g. cable).
When the maximum capacity of the element is reached, the packet cannot be transferred in a timely manner as it is either put in a queue (e.g. in a router) or dropped if a no queue system is available to retain them. It may even become impossible to setup new sessions.
The consequence will then vary, depending on the level of delay generated by the congestion:
  • Packets are delayed for a short period of time.
    • The latency will increase.
    • Some re transmissions will occur (for TCP flows) as the acknowledgment packets are not received fast enough by the sender.
    • Duplicate acknowledgment packets will also be received.
  • Packets are lost or dropped (packet loss).
    • The re transmission increases significantly: as packets are not acknowledged, they will then be massively resent.

  • Disconnections: sessions are dropped as too many packets are lost:
    • You might see TTL exceeded, session time-outs.
    • TCP sessions not being terminated properly. 
3.    INFRASTRUCTURE PARAMETER (QOS, FILTERING, ROUTING)
Although the overall network path is free of any congestion (lack of bandwidth or system resources), some devices apply policies:
  • Prioritization: some traffic is either more strategic (critical applications) or more performance sensitive (real time applications, VoIP, video conferencing) and gets allocated a higher priority than the rest of the applications using a given network path. In case the maximum capacity on the network path is reached, lower priority flows will start experiencing re transmission, packet loss or disconnection depending on how long and important the congestion is.
  • Filtering / encryption: there may be many kinds of filtering’s in place to scan viruses, to prevent users to reach non-recommended sites, to prevent threats on web servers, etc. Filtering has an impact on data transfer: depending on how much processing time it requires. This might have an impact on the latency between the client and the server. If the processing time becomes excessive, it can generate re transmission and packet loss.
  • Routing / load balancing: some devices distribute the load across a group of servers / devices or route the traffic to the most adequate path from a performance and / or an economic standpoint. The devices may also be overloaded or misconfigured which could lead to re transmission, packet loss or disconnection issues.
While troubleshooting slow transfer rates, it is important to list the devices on the path between clients and servers. You can then identify at which point in time and for which flow: re transmissions, duplicate acknowledgments, packet loss, TTL expired and session time-out or incomplete TCP start can be observed.
4.    CLIENT OR SERVER HEALTH
It is probably the last item you will consider if you are focused on network performance. But these systems also have limited resources which can lead to a congestion situation and slowdown the data transfer rates.
If a server lacks hardware resources, such as RAM, CPU, I/O, it will process user queries slower.
At a given moment, a client or a server reaching a congestion point will slow down the transfer using standard TCP mechanisms.
Here is how you can identify that situation:
  • 0 window events: one of the parties is asking to reduce the throughput. You can interpret this indicator as a sign of lack of resources and investigates on the host to identify which resource is not sufficiently available.
  • RST – Resets events: one of the parties disconnects the session abruptly. Keep in mind that some applications may use RST as a standard way to terminate a session, even if it is not a best practice! 
 It is easy to gather this information from your network traffic and to quickly pinpoint where your data transfer slowdowns are coming from. 





Wednesday, November 9, 2016

Add Query Rule to SharePoint Search with Powershell for ignoring specific lists and libraries from being searched

If you are using SharePoint Search for your portal, you will observe that there may be many lists/libraries which gets searched, although you might not want the content for those libraries to be searchable. As an example, workflow history lists, custom lists containing master data.

A better way to exclude these lists is to identify the lists/libraries and add them in ignore rule for search. I have created a powershell script for the same. This can be helpful in case we want to add the rule in multiple server farms. Copy below code and paste it in file with extension - .ps1

#_____________________________Add Ignore Rule to Search_____________________________________

#Add SharePoint PowerShell SnapIn if not already added
if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
       Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}

# just append the list or library name in the variables below which you want to be ignored in search
$ListNames = ("NintexWorkflowHistory","Links","Test List")
$LibraryNames = ("Pages", "Test Library")

$CrawlPaths = ("[SITE_URL]/.*([LIBRARY_NAMES])/.*", "[SITE_URL].*/Lists/([LIST_NAMES])/.*")


# Grab the web app URL from User
write-host "Enter the Site Url:"
[string]$strSiteUrl = Read-Host


[string]$strListNames=""
[string]$strLibraryNames=""

try
{

    if ($strSiteUrl -eq $null)
    {
        Write-Host "Site URL is missing!" -foregroundcolor "magenta"
        return;
    }

    [string]$pipe = ""

    foreach ($List in $ListNames)
    {
        $strListNames = [string]::Concat($strListNames,$pipe,"(", $List ,")" )
        $pipe= "|"
    }
   
    $pipe=""   
    foreach ($Library in $LibraryNames)
    {
         $strLibraryNames = [string]::Concat($strLibraryNames,$pipe,"(", $Library ,")" )
         $pipe= "|"
    }

   

    $SearchApp = Get-SPEnterpriseSearchServiceApplication
  

    foreach ($CrawlPath in $CrawlPaths)
    {
        $CrawlPath = $CrawlPath.Replace("[SITE_URL]",$strSiteUrl);
        $CrawlPath = $CrawlPath.Replace("[LIBRARY_NAMES]",$strLibraryNames);
        $CrawlPath = $CrawlPath.Replace("[LIST_NAMES]",$strListNames);
        
        if ((Get-SPEnterpriseSearchCrawlRule -SearchApplication $SearchApp -Identity $CrawlPath -EA SilentlyContinue))
        {
            #Remove-SPEnterpriseSearchCrawlRule -SearchApplication $SearchApp -Identity $CrawlPath -confirm:$false
            Write-Host "Crawl Rule already exists:" + $CrawlPath -foregroundcolor "magenta"
        }
        else
        {
            $Rule = New-SPEnterpriseSearchCrawlRule -SearchApplication $SearchApp -Path $CrawlPath -Type ExclusionRule -CrawlAsHttp 0 -FollowComplexUrls 0 -IsAdvancedRegularExpression 1
            $Rule.Update()
        }
    }
     Write-Host "Completed successfully..." -foregroundcolor "green"
}
catch
{
    Write-Host  "An exception occurred. Aborting. Exception :" + $_.Exception.ToString()  -foregroundcolor "red"
}



Once deployed, you can view the added rule in SharePoint Search Application.




Create the price list item while importing product data in Microsoft Dynamics CRM

Whenever we import product data using XML spread sheet in Microsoft Dynamics CRM the "Default Price List" is set to blank so to make the imported products available to use in Opportunity we need to set the "Default Price List" so if we import thousand of products then we do not want to set price list manually one by one. So instead of manual approach we can create a plugin which will set default price list while importing products.

Below is the snippet code:



register the above plugin for product entity using plugin registration tool from SDK  as shown below:







Tuesday, November 8, 2016

How to fetch names of Table which contain a key or pattern from database(SQL Server) ?

First of all select your database using 'use' keyword in which you want to perform search operation













This query will give you all names of table which contain Aof.


Monday, November 7, 2016

Business and Technical Writing: How to Write a Business Email



Email revolutionised the world of business communications, giving you the ability to send messages and documents instantly to different people all over the world. This way of communicating, however, has also become a common way to interact socially, leading to a blurring of the fine line between corporate and personal writing. How should you write business emails and how can you best avoid problems?
  • Business Emails Need Different Writing Skills: You may not think that you have a problem to solve here. If you regularly use personal mail to communicate with friends and family, then you may feel that you know how to write for this medium already. Business emails are corporate documents, however, and should be written in a language appropriate to this environment. What you say and how you say it matters.
  • How to Structure Work Emails: Every email you send at work should have a purpose. You may be sending a quick internal message to remind colleagues of a meeting; you may be sending business-critical information to a customer. Your writing should always be concise and laid out in a logical order so that the recipient gets the message. Tell them why you are writing, say what you need to say, give a call to action if appropriate and then sign off.
  • The Art of Business Conversation in Emails: You do not have to use formal business language in every email you send. This can sometimes be as inappropriate as being too informal. You will be having a business conversation here, often with people with whom you have a relationship. It helps to take your cue from the emails they send you. If a customer begins every message with ‘Dear Mr So and so’, then your cue is to use ‘Dear’ as a greeting. If they open with a Hi or a Hey, then you can be a little more informal too.
  • But, do remember that your words represent your company. You can inject personality, be friendly and chat if your relationship is at that level, but you should always be professional. Jokes, pictures and attachments are best kept to social emailing. Keep in mind that it’s better to work from formal to informal than to be forced back because you got too friendly too soon. In business writing, formality is still viewed by many as a sign of respect.
  • Email Spelling and Grammar Issues: Just because email can use a more informal writing style, don’t assume that you can slack off on the basics. You and your business may be perceived negatively if you misspell words or use incorrect grammar. Don’t rely on automated checkers as they won’t pick up some simple glaring errors such as their/there, two/too and it’s/its. Learn what you need to know or have someone double-check what you write.
  • The easiest way to get a message across in an email is to be straightforward, especially if you are dealing with people overseas. Telling a contact who does not have English as a first language that your new product adds innovative benefits is very different to saying that it pushes the envelope, for example. You don’t want your contact to have to look up what you have written to understand what you are trying to say. You don’t want to leave them bemused, amused or confused.
  • Tone and Meaning in Business Email: Compared to face-to-face meetings and phone conversations, the written word cannot always reproduce tone and meaning. If you can’t see the face or hear the voice of the person at the other end of your business conversation, you can’t read them 100% accurately. This works the other way, so be careful of your language and tone. A simple rebuttal, worded too strongly, can come across as criticism or defensiveness. A throwaway one-liner may not read like a joke on the page. Think about what you are saying, how well you know the reader and how they are likely to react.
  • Acceptable Use Policies for Company Email Accounts: You should make sure to check if your employer has a policy that dictates how you should be using your company email account. Although these are often weighted towards general usage, some will include clauses that could affect what you write. You may not, for example, be allowed to copy or refer to confidential information when communicating outside of your company or you may not be supposed to circulate certain types of material.
  • Finally, it is also worth considering how appropriate an email can be in certain situations. Sometimes, you shouldn’t just be thinking about how you write it but whether it should be sent. It is often wise, for example, to avoid this type of communication for sensitive and confidential issues that might be better handled by a meeting or phone call.



Why SharePoint 2013 Cumulative Update takes 5 hours to install?

We can complete SharePoint cu update within 30 mins, for this we need to follow below mention steps below run cu exe.

Step 1:  Stop IIS
                Open command prompt run : IISReset \stop
Step 2:  Stop SharePoint timer service
                Go to run: services.msc
Step 3: Run CU exe file
Step 4: after complete exe start IIS
                Open command prompt run: IISReset \start
Step 5: Run SharePoint timer service
                Go to run: services.msc
Step 6: Restart the server
Step 7: Run SharePoint config wizard (after start server)

Step 8: Installed SharePoint CU update within 30 mins

SharePoint 2013 SP or CU error install error: An error occurred while running detection

While installing SP1 or any other CU, the error pops up saying that an "error occurred while running detection".

so i decided to unpack the SP1 or CU and create a batch file and run the msp files on all the servers, then run the configuration.
 
Everything works (installing the CU, or SP no more problems).  

Here is the example for CU:  the contents of the batch files that i created with CU:

Copy all file in one folder like: D:\CU\
than create more folder in CU folder : D:\CU\extract|
run below mention command:  CU-kb2880552-fullfile-x64-en-us.exe /extract:"D:\CU\extract \"

Requirement Traceability Matrix

It is basically a table which specifies all the requirements and that maps with the corresponding Test case
Suppose we have 'n' no. of requirements and bunch of test cases associated with these requirements.
Imagine a table with requirement and it's corresponding test case and that is Traceability Matrix


PURPOSE OF TRACEABILITY MATRIX

  • Before starting of the execution if we create this matrix, we will come to know  whether all the requirements have been covered by the test cases or not
  • It helps us to achieve 100% test coverage without missing any requirement.
  • Before assigning the module if we go through this matrix, we will come to know if we have lost some requirement and we can cover that up.
  • It is better to start Traceability Matrix in the initial phase rather than the later phase
  • This provides a mapping  b/w actual requirements and the test cases written
  • Easy to determine the impacted test cases for regression
  • Can be used as a tracker in case of requirement change
TYPES OF TRACEABILITY MATRIX

  • Forward  traceability - It maps requirements to test cases, it helps us see which requirements are covered in which test cases? Or whether a requirements is covered at all.
  • Backward traceability - It maps test cases to requirements it  helps us see which test cases are mapped against which requirements.
  • Bi directional traceability -  It ensures that we are building the product right. A bi-directional traceability matrix contains both forward and backward traceability.



CRUD Operations Without Writing Code In ASP.NET MVC

Introduction

This article explains how to perform CRUD database operations from .NET application without writing any code. This is possible by strong features provided by Microsoft in ASP.NET MVC. You just need to follow the steps given below.

Background

Before starting with this article, we must have knowledge of database and MVC architecture. Here we are going to use database first approach. If you don't have knowledge of database, MVC architecture and database first approach, please learn these first.

Steps

Step 1. First create a database and table tblData. In this table Id field is primary key with auto increment.

ai

Step 2. Open Visual Studio, Click on File - New Project - ASP.NET MVC4 Application. Name your project CrudOperationsWithoutCode or anything else. Click OK.

web app

Step 3. In the next window select Internet Application template and click OK,

internet app

Step 4. Right Click in your solution. Click Add - New Item. A popup window will appear.

Add - New Item

Step 5. Click ADO .NET Entity Data Model. Name it CrudEntities. Click Add, next window will appear.

ADO .NET Entity Data Model

Step 6. Select EF Designer from Database. Click Next

EF Designer from Database

Step 7.

In the next window click New Connection, a popup window will appear. Fill the required entries to connect to database. Test your connection and click OK.

New Connection

Step 8. Check Save connection settings in Web.Config as : and assign a meaningful name to it. Click Next,

config

Step 9. In the new window select Entity Framework 5.0 and click Next.

Entity Framework 5.0

Step 10. In the next window expand Tables - dbo – tblData and click Finish.

table

Step 11.

Build your solution by right clicking in solution and clicking Build. (This is necessary step because if you don't build, it will not show your model class while adding controller)

Build

Step 12. Right click in Controller folder. Click Add-Controller. New popup window will appear.

Add-Controller

Step 13. Give a meaningful name to controller. I've given CrudController Under Scaffolding option.

Template : MVC controller with read/write actions and views, using Entity Framework.
Model Class : tblData (CrudOperationsWithoutCode)
Data context class : CRUDDBEntities (CrudOperationsWithoutCode)
Views: Razor (CSHTML) and click Add

add

Step 14.

All your CRUD operation code done automatically at this stage. Now your code is ready to execute. Just Press F5 or click on execute icon as shown in screen.

execute

Output 1.

This will redirect you to Index view of HomeController. We have to hit Index view of CrudController. To do this change url at you browser as localhost:**** */Crud/Index.

index

Here you can see all records of the database are being displayed in the screen. So Read operation has been performed. Also you can see there are options like Create New , Edit, Details and Delete.

Output 2. To perform Create operation just click Create New. This will redirect you to localhost:**** */Crud/Create. You have a form to perform Create operation in database from MVC application

create

Fill the form and click Create. It will save your data to database.

Output 3. Similarly, you can perform Update and Delete operations by clicking on Edit and Deleteoptions in Index view of CrudController.

edit

delete

Points of Interest


Here you can see I've not written even a single line of code and I used powerful features of Scaffolding options provided by Microsoft and performed all create, read, update and delete operation in database from a .NET web application.