The Uniface Lectures are an ongoing series of free monthly technical webinars that cover a wide range of useful topics. In this Lectures webinar on Application & Infrastructure Security we cover the following topics:
• Introduction
• Tomcat hardening
• Closing remarks
Full webinar video recording can also be found on: youtube.com/unifacesme
Uniface Lectures Webinar - Building Responsive Applications with Uniface: Dep...Uniface
Building Responsive Applications with Uniface: Deployment, part 3 or a 3 part series. In this presentation you will learn:
• Web Deployment Architecture
• Considerations
• Tomcat Servlet Engine Configuration
• Uniface Server Configuration
• Deployment Demo (View on our YouTube channel)
Webinar recording on: www.youtube.com/unifacesme
Uniface Lectures Webinar - Building Responsive Applications with Uniface: Dev...Uniface
Building Responsive Applications with Uniface: Development (Part 2 of 3). In this webinar you will learn:
• Dynamic Server Page (DSP) Coding Recap
• User Interface Techniques
• Demo WebStart Application
• Code Walkthrough (View on our YouTube channel)
Uniface Lectures Webinar - Building Responsive Applications with Uniface: Dep...Uniface
Building Responsive Applications with Uniface: Deployment, part 3 or a 3 part series. In this presentation you will learn:
• Web Deployment Architecture
• Considerations
• Tomcat Servlet Engine Configuration
• Uniface Server Configuration
• Deployment Demo (View on our YouTube channel)
Webinar recording on: www.youtube.com/unifacesme
Uniface Lectures Webinar - Building Responsive Applications with Uniface: Dev...Uniface
Building Responsive Applications with Uniface: Development (Part 2 of 3). In this webinar you will learn:
• Dynamic Server Page (DSP) Coding Recap
• User Interface Techniques
• Demo WebStart Application
• Code Walkthrough (View on our YouTube channel)
Uniface Lectures Webinar - Building Responsive Applications with Uniface: Get...Uniface
Building Responsive Applications with Uniface: Getting Started (Part 1 of 3)
In this webinar you will learn:
• Requirements for a new project
• Development Environment walkthrough
• Application architecture considerations
RSVP Node.js class at www.nycdatascience.com
NYC data science academy's free workshop, given at NYC Open Data Meetup, http://www.meetup.com/NYC-Open-Data/events/163300552/
SockJS is a browser JavaScript library that provides a WebSocket-like object. It gives a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication channel between the browser and the web server.
Under the hood SockJS tries to use native WebSockets first.
SockJS is intended to work for all modern browsers and in environments which don't support the WebSocket protocol. In this slide a real time chat application using SockJS (sockjs-1.1.1.min.js as SockJS-client, SockJS-node as SockJS-server) step by step development is also shown.
Learn how to build RESTful API using Node JS with Express Js Framework. Database used is Mongo DB (Mongoose Library). Learn Step by step what is Node JS, Express, API and Mongo DB. Explain and sample code step to build RESTful API
Node.JS is a popular server-side JavaScript framework for handling real-time and distributed data processing. In this session you'll learn what Node.JS is, how it works under the hood, and what scenarios it's useful for. You'll also learn how to deploy it to Windows Azure and manage it inside of IIS 7.
Slides presented at the Vue.js meetup in Paris the 3rd of December 2016.
Nuxt.js is a minimalist framework for server-rendered Vue.js applications.
https://nuxtjs.org
The presentation slide for Vue.js meetup
http://abeja-innovation-meetup.connpass.com/event/38214/
That contains mainly about SSR (Server side rendering) + SPA with isomorphic fetch and client hydration
Uniface Lectures Webinar - Building Responsive Applications with Uniface: Get...Uniface
Building Responsive Applications with Uniface: Getting Started (Part 1 of 3)
In this webinar you will learn:
• Requirements for a new project
• Development Environment walkthrough
• Application architecture considerations
RSVP Node.js class at www.nycdatascience.com
NYC data science academy's free workshop, given at NYC Open Data Meetup, http://www.meetup.com/NYC-Open-Data/events/163300552/
SockJS is a browser JavaScript library that provides a WebSocket-like object. It gives a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication channel between the browser and the web server.
Under the hood SockJS tries to use native WebSockets first.
SockJS is intended to work for all modern browsers and in environments which don't support the WebSocket protocol. In this slide a real time chat application using SockJS (sockjs-1.1.1.min.js as SockJS-client, SockJS-node as SockJS-server) step by step development is also shown.
Learn how to build RESTful API using Node JS with Express Js Framework. Database used is Mongo DB (Mongoose Library). Learn Step by step what is Node JS, Express, API and Mongo DB. Explain and sample code step to build RESTful API
Node.JS is a popular server-side JavaScript framework for handling real-time and distributed data processing. In this session you'll learn what Node.JS is, how it works under the hood, and what scenarios it's useful for. You'll also learn how to deploy it to Windows Azure and manage it inside of IIS 7.
Slides presented at the Vue.js meetup in Paris the 3rd of December 2016.
Nuxt.js is a minimalist framework for server-rendered Vue.js applications.
https://nuxtjs.org
The presentation slide for Vue.js meetup
http://abeja-innovation-meetup.connpass.com/event/38214/
That contains mainly about SSR (Server side rendering) + SPA with isomorphic fetch and client hydration
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
This talk will show esoteric web application vulnerabilities in detail, these vulnerabilities would be missed in a quick review by most security consultants, but could lead to remote code execution, authentication bypass and purchasing items in merchants using Paypal as their payment gateway without actually paying. SQL injections are dead, and I don’t care: let's explore the world of null, nil and NULL; noSQL injections; host header injections that lead to phone call audio interception; paypal’s double spent and Rails’ MessageVerifier remote code execution.
--- Andres Riancho
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like BlackHat (USA and Europe), SEC-T (Sweden),DeepSec (Austria), PHDays (Moscow), SecTor (Toronto), OWASP (Poland),CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada),PacSecWest (Japan), T2 (Finland) and Ekoparty (Buenos Aires).
Andrés founded Bonsai Information Security, a web security focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems.
I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest
(=attack) painful, or just rendered the scenarios irrelevant.
Configuring SSL on NGNINX and less tricky serversAxilis
Sergej Jakovljev explains how to setup different levels of security over SSL. What's the difference between different SSL certificates and how to set them up on NGINX, Heroku and Node.js.
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraWebExpo
Jak nejlépe uchopit komunikaci mezi mobilním zařízením a síťovými službami, jak nastavit spolupráci, pokud server a klient vyvíjí různé, často vzdálené organizace, a proč vůbec psát webové služby, když máme mobilní internet...
In this session, attendees will learn how to secure JSR-168 Portlets using the latest version of Acegi Security, called Spring Security 2.0. The 2.0 release of Spring Security includes new support for JSR-168 Portlet development. In this session we'll cover how the Acegi security model translates into the Portlet world, show how to configure the authentication provider for JSR-168 Portlets, and discuss the special interceptors for processing Portlet requests and for storing the security context in the Portlet session. Finally we'll show how Portlets and Servlets in the same webapp can share security context, which allows for secure AJAX calls and dynamic images from within Portlets.
Sharing our agency experience of developing secure web applications for some of the UK's leading high street banks and brands with a focus on the pitfalls you face when developing code in PHP. The talk will contain specific details on the many attack vectors that hackers will use to attempt to access and exploit your site and how you can improve your development process to avoid them.
Topics covered will include some old chestnuts like XSS (Cross Site Scripting) and SQL injection through to issues like aSession Hijacking.
The talk is aimed at developers who have perhaps not truly considered security of their applications before to developers who would like to extend their knowledge. The talk is aimed at software developers and will contain practical code-based examples and solutions.
The Uniface Lectures are an ongoing series of free monthly technical webinars that cover a wide range of useful topics. In this edition of the Lectures webinar on Application & Infrastructure Security - JSON Web Tokens we cover the following main topics:
• The JWT standard
• Applying JWT to Uniface
• Uniface technology to support JWT
• Sample application of JWT
• And more…
Session video recording is on: youtube.com/unifacesme
Webinar video recording archive: go.uniface.com/Lectures-page
Uniface Lectures Webinar - Extending Applications for Mobile Uniface
The Uniface Lectures are an ongoing series of free monthly technical webinars that cover a wide range of useful topics. In this Lectures webinar on extending applications for mobile we cover the following topics:
• Development approaches for mobile
• Using native mobile features
• Demo & code walk-through
Full webinar video recording can be found on: youtube.com/unifacesme
The Japanese IT services company Synapse Innovation found that Uniface was the smart way to carry out package customizations, as well as standalone development.
For the full case study go to: www.uniface.com/customer-story/
In this addition of the Uniface Lectures Webinar we cover:
• Introduce the concepts behind Uniface Mobile
• Explain how we have brought the strengths of Uniface to mobile platforms
• Describe how to develop and deploy cross-platform, responsive mobile apps with Uniface
• Show you a Uniface mobile app including:
- How to use the Uniface Previewer App
- How to use the cloud-based build service
- How to use standard & custom plug-ins to utilize native device functionality.
To view the video recording of this presentation please visit our Uniface YouTube channel.
Uniface Lectures Webinar - Uniface 10 Technical Deep DiveUniface
In this addition of the Uniface Lectures Webinar we cover:
• Understand Uniface adoption and the need for Uniface 10
• Learn about the new capabilities in Uniface 10
• Codify your company standards to accelerate development and consistency.
Uniface 10 is made by developers for developers. Uniface 10 gives you all the functionality and benefits of previous versions of Uniface, such as the model-driven development concept, combined with a totally new, leading-edge integrated development environment that’s even more productive to use.
Ever wished you could combine Uniface’s strengths with a leading-edge development environment? Now you can!
Uniface Lectures Webinar: An Introduction to Uniface 10Uniface
Meet Uniface 10, where all of Uniface’s traditional strengths combine with a totally new integrated development environment to make teams even more productive. In this presentation you will learn about:
• The Uniface 10 Concepts
• The New Uniface IDE
• Increased Productivity Using Uniface 10
• Changes in Terminology
• Repository Changes.
During this presentation there will be a demo showing the interface of the new Uniface 10 IDE while building a small sample.
Uniface 10 is made by developers for developers. Uniface 10 gives you all the functionality and benefits of previous versions of Uniface, such as the model-driven development concept, combined with a totally new, leading-edge integrated development environment that’s even more productive to use.
Ever wished you could combine Uniface’s strengths with a leading-edge development environment? Now you can!
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
6. “I don’t need to worry…”
...it’s an internal application
…our team would never
…we’ve never had a attack
…we’re not that interesting to hackers
…our data is public record
…I’m not doing web, I’m okay
…my password is strong
…it is too complicated
7. “…everyone needs to worry”
Accidental hacker
Cyber criminals
Not just a privacy issue
Increasingly connected, integrated and exposed
Desktop, web, mobile, {x} as a service
Developers must be aware
9. These alone are not the solution
This Photo by Unknown Author is licensed under CC BY-NC-SA
This Photo by Unknown Author is licensed under CC BY-NC-ND
Firewall
Antivirus
The “IT infrastructure” guy
Automatic updates
10. Not just applicable to web applications
Uniface Web
Application Server
(WASV)
Desktop
API
Mobile
Web
HTTP
HTTPS
SOAP
REST
Web
USP, DSP
Desktop
HTML container
Mobile
Hybrid, Web
API
SOAP, REST, UHTTP
12. What is hardening?
Enhancing the security
Closing loopholes
Turning off developer/debug options
Removing non-essential objects
Not volunteering information
Patching
A ‘process’ not just an ‘event’
13. Technical Architecture
Desktop
API
Mobile
Web
e
Uniface
Virtual
Machine
Server - Tomcat
e
Service
Engine - Catalina
e
Host
e
Context
Servlet - WRDServlet - WRD*
Servlet - WRDServlet – SRD*
Port (8009)<> Connector (AJP) <> Valve
Port (443) <> Connector (HTTPS) <> Valve
Port (80)<> Connector (HTTP) <> Valve UVM Connector
* WRD: Web Request Dispatcher, SRD: SOAP Request Dispatcher
19. Harden the defaults
Remove default applications
‘Examples’, ‘docs’, ‘host-manager’, content of ‘root’
Switch off the shutdown port
<Server port="-1" shutdown="SHUTDOWN">
Do not volunteer information
<Connector Server=" " port="443“ ……..
Prevent malicious deployments
<Host name="localhost" appBase="webapps“
unpackWARs="false" autoDeploy="false">
20. Harden the defaults (2)
Remove unused connectors e.g the AJP1.3
<!--Connector port="8009" protocol="AJP/1.3"
redirectPort="8443" / -->
Bind connectors to specific network cards
<Connector Secure="true" Server=" " address=“192.64.10.11"
port="8080“ protocol="HTTP/1.1" connectionTimeout="20000"
redirectPort="8443" />
Note: repeat whole connector block for each address and
create matching virtual hosts if multiple subdomains used.
31. Uniface Application Errors
Application errors (i.e. Yellow Error Screens)
You can replace USYSHTTPBODY with the same html
that is used in the index and error pages referred to in
previous sections.
35. Summary
Coach, train, mentor team
Continual monitoring and improvement are essential
A few simple steps greatly improve security
Server hardening is just one step along the path to security
Do not assume higher (or lower) layers provide adequate security
A 100% secure system is practically impossible
A 100% secure system would be unusable!