Scripting in Java, Dejan Bosanac covers key aspects of scripting with Java, from the exciting new Groovy scripting language to Java’s new Scripting and Web Scripting APIs.Bosanac begins by reviewing the role and value of scripting languages, and then systematically introduces today’s best scripting solutions for the Java platform. He introduces Java scripting frameworks, identifies proven patt
As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code [...]
Batch files have been around since the early Ms DOS days. They are text files that contain a list of command-line executables. They can be compared to UNIX shell scripting, but are much simpler. For a file to be recognized by command.com (Microsoft’s DOS shell) it needs to have a .bat extension.
To print a message [...]
Tool changes are handled by a tool change script defined in the ToolChange.cfg file. This file should be edited in a standard Windows Text Editor. During a Tool Change, any valid GCode Block sequence can be executed. There are separate commands for picking up and putting back each tool so that each tool can be picked/placed at any location. If a tool is called for and there is not a valid tool se
Front End Drupal: Designing, Theming, Scripting (Developer’s Library) (Paperback)By Konstantin Käfer
Buy new: $26.39 First tagged “javascript” by K. Käfer Customer tags: design, drupal, javascript, front end, theme
Technorati Tags: design, [...]
This How To shows how you can help protect your ASP.NET applications from cross-site scripting attacks by using proper input validation techniques and by encoding the output. It also describes a number of other protection mechanisms that you can use in addition to these two main countermeasures. Cross-site scripting (XSS) attacks exploit vulnerabilities in Web page validation by injecting clien
The AT command is the tool that was historically used to schedule tasks through the command-line in previous versions of Windows. Call it nostalgia, but for some reason Microsoft hasn’t removed the at.exe command from Vista even though it has replaced it with the schtasks.exe command. What does this mean? Well, if you have worked [...]
Product DescriptionThe most comprehensive book on the market, Windows Scripting Secrets uncovers the never-before-documented features and hidden system functions that make the new Windows Scripting Host a more powerful tool. The book includes more than 200 ready-to-use scripts, and the CD-ROM contains ready-to-use libraries and examples from the book, as well as numerous scripting tools.A few of t
Vi segnalo,quella che secondo me, è la miglior guida per capire Bash e il suo utilizzo nello scripting. E’ (ovviamente) in inglese, ma risulta di facile lettura.
Bash-Beginners-Guide
Buoni script
Mediante questa tecnica, un hacker potrebbe eseguire porzioni di codice in linguaggi di scripting lato-client, come Javascript, al fine di carpire cookie o altri dati sensibili.
Il cross-site scripting non è affatto complesso da realizzare: basta inserire dati grezzi nell'HTML del sito. Per esempio, l'hacker potrebbe digitare:
<script language="javascript">alert();</script> in una ca
Phishing schemes are about to get a whole lot easier. Targeted attacks are much more likely to work now than ever before. Cookies stored on your computer can be retrieved by bad guys half a world away. Even big search engine companies like Google and Yahoo are shaking in their boots. What happened? The bad guys have discovered Cross-Site Scripting (XSS) and the Internet has sudden become a lot
A common home user may not be aware or familiar with the Windows Command Line; but power users & systems administrators, just cannot do without it. There are two basic features involving a command line. One is the entry 'Run" (or "Start Search" in Vista) that is in the Start menu and the other is the command prompt window. . .
Now available in local stores near you… I’m kinda 3 days off, but just today took the time to take a look on the feeds I follow, and came across this interesting article back at F-Secure’s blog -> Internet Explorer 6 Cross-Domain Scripting Vulnerability… I bet some of you will find it very useful… Anyway [...]
The Inidan Insitute of Management, Ahmedabad (IIM-A) on Sunday released a book scripting stories of 25 of its alumni who chose the less trodden path to make their mark as successful entrepreneurs.
The book — “Stay Hungry, Stay Foolish“ — written by Rashmi Bnasal, herself alumnus of IIM-A, describes how 25 alumni of the premier [...]
javaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scripting and Ajax is an essential guide for modern JavaScript programming, its practical but comprehensive. It covers everything you need to know to get up to speed with JavaScr
Mastering Unix Shell Scripting: Bash, Bourne, and Korn Shell Scripting for Programmers, System Administrators, and UNIX Gurus (Paperback)By Randal K. Michael
Buy new: $45.0013 utilised and new from $40.95 Customer Rating: First tagged “unix” by [...]
By Christian Heilmann "Beginning JavaScript with DOM Scripting and Ajax"
ISBN: 9781590596807 | Publisher: Apress | English | 512 pages | PDF | Wed Jun14 2006 | 9Mb
javaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scri
McAfee, Symantec and VeriSign plagued by XSS flaws
Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed.…
Read more…
Descrição:Este não é um programa, é informação em como programando seus próprios manuscritos para Gratificação de Mensageiro! Viva.Agora aquele Patchou atualizou a versão de Windows o Mensageiro Ao vivo nós temos uma versão deste documento em scripting.Nós poderemos estender as possibilidades de Mensageiro até onde a imaginação nos localiza.A documentação está em inglês e poss
These are some usefull links for VBscript programmer, which will help you a lot in learning WSH & VBscript or even developing real projects using VBscript, Jscript, Dictionary Object, File System Object (FSO), encoder etc. I personaly prefer CHM format since it is portable and by default able to run in basic windows installation, and [...]
Author: Ed Wilson
Publisher: Microsoft Press
Date: February 5, 2008
Pages: 687
PDF | 30.7 MBDescription: Get practical guidance for using Windows PowerShell to manage Windows Vista and Windows Server 2008. Written by Ed Wilson, a leading scripting expert and trainer at Microsoft, this reference offers a task-based approach to help you find the information you need for day-to-day tasks. It offers
Lo scorso fine settimana, il ricercatore finlandese Harry Sintonen ha individuato sul noto sito per i pagamenti online PayPal una vulnerabilità di tipo cross-site scripting che potrebbe essere sfruttata da malintenzionati per inserire nelle pagine del servizio contenuti malevoli al fine di rubare le credenziali degli utenti.L'immagine mostra un messaggio "iniettato" sul sito di PayPalSecondo Sint
Un serio error de scripting ha sido descubierto en Paypal y permitiría a los atacantes crear convincentes páginas spoof (copias) para robar credenciales de autotentificación de usuarios.
El bug de cross-site scripting (XSS) es tanto más crítico porque reside en una página que se usa para extender la validación de certificados seguros. El nuevo, y vanamente [...]
Beginning Portable Shell Scripting: From Novice to Professional (Beginning: from Novice to Professional) (Paperback)By Peter Seebach
Buy new: $34.99$23.09 First tagged “linux” by Julie Miller Customer tags: shell scripting, apress, unix, linux [...]
IOActive, security research firm reports that Earthlink and several ISPs are using advertising servers to collect revenue on misspelled URLs, but alleges that in so doing, they may have mistakenly exposed users to cross-site scripting.
Dan Kaminsky, the group’s director of penetration testing, reported that a bug on Earthlink servers may have allowed hackers to launch phishing [...]
The majority of viruses recently have been email-based. They are often written in VBScript which is a scripting language used to automate tasks without user intervention (or perhaps, one even knowing the script is running). Microsoft built the Windows Scripting Host (WSH) as an application to run vbscript programs. It ships as an integral part of Windows 2000 and Windows XP. WSH is also included when one downloads Internet Explorer 5. WSH can be used to get access to the Windows commandshell, file system, and registry. Lots of people know vbscript. Its complexity is low, at least, the complexity to write virus code.To find out if the Windows Scripting Host is enabled on your PC: * Click Start | Run | cmd * Type wscript in the command shellIf its enabled, the Windows Script Host Setting
"A Bourne Shell Programming/Scripting Tutorial for learning about using the Unix shell. Learn Linux / Unix shell scripting by example along with the theory."
Steve-Parker.org
Investigadores de seguridad han encontrado una falla de seguridad en las hojas de cálculo de Google que permiten el robo de cookies. La vulnerabilidad cross-site scripting (XSS) habilitad a los atacantes a que usen los cookies robados como un modo para acceder a cualquier servicio de Google que un usuario ha registrado, incluyendo el acceder [...]
Taking the biscuit
Security researchers have unpicked a flaw in Google spreadsheets that allows cookie stealing. The cross-site scripting vulnerability enables attackers to use stolen cookies to access any Google service a user has registered, including accessing a victim’s Google mail account.…
Read more…
"Scripting language" has two apparently different, but in fact similar meanings. In a traditional sense, scripting languages are designed to automate frequently used tasks that usually involve calling or passing commands to external programs. Many complex application programs allow users to implement custom functions by providing them with built-in languages. Those which are of interpretive type, are often called scripting languages. More recently many of these applications have chosen to "build in" traditional scripting languages, such as Perl or Visual Basic, but there are quite a few "native" scripting languages still in use. Many scripting languages are compiled to bytecode and then this (usually) platform independent bytecode is run through a virtual machine (compare to Java). awk Ap
We'll be selecting four random posters in this forum to win a free copy of the book provided by the publisher, APress. Please see the book promotions page to ensure your best chances at winning!
"Shell Curses" is a library of script functions that provide the shell programmer the ability to perform text-based cursor movements to specified locations on the screen. This ability permits the creation of menuing and data-entry systems using shell scripts without the need for compiled binaries. These functions are similar to the "C" language "Curses" library.
"Shell Curses" is a library of script functions that provide the shell programmer the ability to perform text-based cursor movements to specified locations on the screen. This ability permits the creation of menuing and data-entry systems using shell scripts without the need for compiled binaries. These functions are similar to the "C" language "Curses" library.
Who says you have to use Perl to shell script? Jayesh definetly doesn't, and in this article he will show you how to shell script with PHP instead!I know that you all want to get rid of Perl Scripts because of their complexity and the fact that Perl is not an easy language to learn. With the introduction of PHP version 4.2, PHP has started supporting a new SAPI (Server Application Programming Interface) called CLI (Command Line Interface). This facility was introduced to help developers create small shell application (scripts) with PHP, meaning that you can kiss Perl goodbye forever! The CLI SAPI was released for the first time with PHP 4.2.0, but was still experimental back then and had to be explicitly enabled with --enable-cli when running ./configure. With PHP 4.3.0, the CLI SAPI will
The other day I found a way to script multiple objects using the "Object Explorer Detail" tab in Management Studio. To be honest, I never thought that this tab was useful. All you have to do is select the type object you want to script in the object explorer and do a multiple selection in the Object Explorer Detail window. Look at the example below: Hope this helps, Eric
Shockwave redirection ploy in mystery auction attack
Hackers have been caught using a malicious scripting scam in an apparent attempt to boost their rating on eBay.…
Read more…
The Windows Scripting Host (WSH) is a tool that will allow you to run Visual Basic Scripting Edition and JScript within the base Operating System, either on Windows 95 or Windows NT 4.0. Using the scripting languages you already know you can now write script to automate common tasks, and to create powerful macros and logon scripts. Windows NT 5.0 natively supports the Windows Scripting Host.
The major reason canned scripts fail is that they contain only words, a Text. To bring a script to life we need to orchestrate Three T’s: our Text, Tone and Timing. When you ask someone to write a script for you, make sure he includes a great tone guide, as well, advises this [...]
Dernièrement, une faille de sécurité de type Cross Site Scripting, a été découverte dans une version de développement de Bilboblog (qui n'a jamais été publiée, donc personne n'est concernée). J'ai donc profité de cette occasion pour me pencher sur le fonctionnement de ces dernières et des solutions existantes pour les contrer efficacement.
Cross Site Scripting was one of the major security threat faced by internet users. This security vulnerability may be exploited to allow code injection by malicious web users into the web pages viewed by other users.
Now Firefox users can stay safe as this vulnerability has been fixed in the latest release of the Firefox web browser. There are couple of other security fixes that are made in
Cross Site Scripting was one of the major security threat faced by internet users. This security vulnerability may be exploited to allow code injection by malicious web users into the web pages...
read more at >>
michal gabrukiewicz the author of webdevbros.net continue his efforts in developing ajax class for classic asp scripting, he has released the new version of ajaxed. here are the new features of ajaxed 0.3
now working with prototype 1.6
working with new version of JSON utility class 1.4 (JSON class for classic asp)
loading indicator bug fixed. on the prior version it used to disappear if page scroll
loading indicator now with no styles defined. so we should define our own style in the css class “ajaxLoadingIndicator”
more test have been added also for recordsets (thanks michal i was asked you about this before :))
AJAXED_DBCONNECTION now defined in the config
since the first release on July 2nd 2007 ajaxed has become a buzz word for classic asp fans (at least i realize that am not the only one who are not yet jumping out to .NET) and on the next version (ajaxed 0.2) michal has added a lot of cool functionality on it such as: Database class, stringOperations class and put
The fast, practical Oracle 9i/10g automation reference for every DBA!
Automate Oracle—and save your time for more important tasks! This is the Oracle automation reference every working Oracle DBA needs…concise, straightforward, and incredibly easy to use. Discover proven solutions for automating installation, database creation, management, monitoring, tuning, backup/recovery, and more. Keep this book by your desk, near your server…wherever you need fast, reliable automation solutions right now!
(more…)
What are cross-site scripting (XSS ) Attacks?Cross-site scripting attacks are attacks that target the end user instead of your actual site. Vulnerable web applications that don't check or validate properly incoming data let arbitrary code to run on a client computer (such as Javascript). The end result can be anything from stealing cookie data or redirecting to a different site, to embedding a browser exploit on a page. Anything that can be done with Javascript (a lot!).Example :Let us suppose that there is a comment form in the Michael's website of a section like photo gallary or article. He created a feature that let his viewers to comment on his photos or article by submitting a form. And he doesnot have much validation in this comment form.Now Sam (inturder) visits the Michael's website and he's jealous of Michael's website traffic and wants to steal some of his website's traffic. Then he can insert the follow code to his comment form Hi Michael, very gud job, keep it up! <
Description:
A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.
The problem is that the “jar:” protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive. This can be exploited to conduct cross-site scripting attacks on sites that allow a user to upload certain files (e.g. .zip, .png, .doc, .odt, .txt).
(more…)
Share This
A Bourne Shell Programming/Scripting Tutorial for learning about using the Unix shell. Learn Linux / Unix shell scripting by example along with the theory. We'll have you mastering Unix shell scripting in no time.---Scripting is very important when administering Linux servers, it will automate most of your repetitive works, this tutorial is very helpful to those who are starting to learn scripting, just like me.read more
In my previous article, "How to record a file saving, performed by user from browser page?", I shown that user's activities are not recorded by LoadRunner. This is a rule!LoadRunner records file transferring from server and does not record file saving.What to do, if you have to save transferred file to local disk?Continue reading, and you will get the solution :)So, Let's start.You can download file from a server with the web_url function.See an example:Image downloading:web_url("logo.gif", "URL=", "Resource=1", "RecContentType=image/gif", "Snapshot=t1.inf", LAST);This code downloads Google's logo image:To save this image as file to local disk, we have to perform these ste
In my previous article, "How to record a file saving, performed by user from browser page?", I shown that user's activities are not recorded by LoadRunner. This is a rule!LoadRunner records file transferring from server and does not record file saving.What to do, if you have to save transferred file to local disk?Continue reading, and you will get the solution :)So, Let's start.You can download file from a server with the web_url function.See an example:Image downloading:web_url("logo.gif", "URL=", "Resource=1", "RecContentType=image/gif", "Snapshot=t1.inf", LAST);This code downloads Google's logo image:To save this image as file to local disk, we have to perform these ste
A new chapter from Scripting Quicktest Professional - Error Handling!
In this chapter we cover the world of error handling in QTP and VBScript. We explore the concept of error handling from a code-design point of view, and clarify the governing concepts for doing it properly. Other than the conceptual overview, the chapter demonstrates the specifics of error handling in both QTP and VBScript.
It runs through working with the different recovery scenarios and dealing with the Err object, and how you can combine them both to make your script more robust and complete.
A must episode for anyone who needs to relay on his scripts and their results!
So go right ahead and get the chapter!
A new chapter from Scripting Quicktest Professional is available - Working with SVG!
This chapter deals with a very specific niche technology - SVG - Scalable Vector Graphics. It’s an XML markup language for describing two - dimensional vector graphics, both static and animated, and either declarative or scripted. It is an open standard created by the World Wide Web Consortium.
This chapter can be crucial for those of you who deal with this technology and its different implementations. It shows how to process the information, recognize the relevant objects, and perform common tasks, all with extensive source code examples and demonstrations.
So go right ahead and get the new chapter!
A new chapter from Scripting Quicktest Professional is upon us - Accessing PDFs.
In this chapter Dani manages what I thought was impossible - automating PDF operations and validations in a robust and maintainable way! Dani takes us through the PDF run-time object model and shows how to use the different properties and methods to perform pretty much anything you can imaging.
To make things clearer and more understandable, Dani expands the syntax examples to full blown code snippets that achieve real-world functionality, providing both cut-and-paste value, as well as excellent self-learning reference.
If your application has any connection to PDFs, I STRONGLY advise reading this chapter. Actually, I advise it regardless of your AUT, it's just too good to skip.
So go right ahead and get the chapter!
Enjoy.
Presenting a new chapter from Scripting Quicktest Professional - Win32 API.
In this chapter we explore dozens of windows functions and extension which could make our scripts ever so richer and powerful. These functions and extension could be linked to your script via the Extern.Declare method, and be used in various ways in your script from then on (somewhat like DotNetFactory).
As always the chapter is filled with detailed example as to the syntax and demo uses of Extern.Declare.
So go right ahead and get the chapter!
A new chapter from Scripting Quicktest Professional is available - Using DotNetFactory!
In this chapter, we examine what I think is the biggest unspoken killer-feature of QTP - DotNetFactory.
DotNetFactory allows you to create instances of .Net classes within your QTP script, and use them to your liking. I've previously discussed some of the uses of DotNetFactory, but in this chapter, Dani takes things much further.
The chapter shows, step by step, the advantages of using DotNetFactory via two main examples. It takes you through detailed code-walkthroughs and shows you just how simple life could be when using the .Net world. As always, the examples are crystal-clear, and the code walkthroughs as extremely detailed, including screen shots and footnotes.
So go right ahead and download the full chapter!
Enjoy :)
A new chapter from Scripting Quicktest Professional is now available : Working with Shell32.
In this chapter, we explore windows Shell32 interfaces and objects, which allow us to access special folders and functions, and execute basic user network tasks.
As we’ll see, we can easily mimic basic user actions with the Shell32 object, without dealing with QTP’s problematic abilities to operate windows screens and submenues.
Enjoy :)
Web 2.0 has enabled a broad array of Websites to be more engaging for users. It has also enabled a new and now very common attack, namely cross site scripting, commonly referred to as XSS attacks (define).
Mozilla is aiming to put an end to XSS attacks in its upcoming Firefox 3 browser. The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data.
(more…)
Share This
Arsene in the post match conference talked about how such a late victory could change our season. I really hope it does since we looked pretty ordinary out there against Fulham.
I have seen many matches when Arsenal keep shooting and don’t score. But there was one thing unique to this match. Fulham was creating chances at will, expecially in the second half and hence, we never held the high line in defence that we generally manage to hold just some yards of the half line. There were many instances that the attacks by Fulham, which were essentially on the break, were keeping us close to our D. This is what frightens me the most. And I for one do not think it is a coincidence that goalkeepers come up with ‘great’ performances against us. If you look at our chances and see the number of shots towards the near post it is astounding. At this level, I don’t think we can expect keepers to be bet at their near post. (Exception- Almunia, especially when he is
A new chapter from Scripting Quicktest Professional is now available : WSH - Windows Script Host.
In this chapter, we dive into the depths of the windows host mechanism. We’ll learn how to use windows script objects to manage the computer, pop-up messages to the user, and even run scripts on remote meachines.
The chapter is quite advanced, but it can open a world of possibilities you never thought of.
Happy reading! :)
Today Nenest Scripting functionality is released to public. This feature allows users to do some scripting. Some users ask us why not just allow javascript in their form, the answer is security. With general javascript, it's hard to make the form safe and secure.Here is Nenest Script Language manual page: is a demo form which uses scripts:
Dimitri Popov shows how to use OpenOffice.org and a little known tool JODConverter to do document conversion in batch format. Dimitri hows how to start the relevant processes and how to define the input and output formats.
His one page article comes handy when you want to convert a large number of documents into a new format, lets say some spreadsheets into PDF.
My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer. It’s a neatly done attack (just a small noticeable error on the [...]
Book Description
JavaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scripting and Ajax is an essential guide for modern JavaScript programming; it's practical but comprehensive. It covers everything you need to know to get up
PHP can also be run as a command line script like c, c++, java, etc. This article provides an introduction to command line scripting in PHP and emphasise on its significance in PHP applications.