security | yenigün

Archive for the 'security' category

Kredi Kartı Sahteciliğini Belirleme Teknikleri

Jan 04 2016 Published by yalcin under fraud, security

“Kredi Kartı Sahteciliğini Belirleme Teknikleri” ile ilgili yazım Bilgisayar Mühendisleri Odası dergisinde yayınlandı:

Yazıya aşağıdaki bağlantıdan ulaşabilirsiniz:

http://dergi.bimo.org.tr/sayi05/#/64

Comments are off for this post

OWASP Antisamy Project

Aug 22 2012 Published by yalcin under security

Antisamy, kötü niyetli kullanıcıların web sitelerine zararlı HTML kodlarını göndermelerini engelleyen bir API’dir. Genellikle zararlı kodlardan kasıt Javascript kodlarıdır ve Antisamy kütüphanesi sayesinde zararlı Javascript kodlarının web sitemize gönderilmesini engelleyebiliriz. Bu kütüphaneyi bir Java projesinde kullanmak için, eğer Maven kullanıyorsak aşağıdaki bağımlılığı pom.xml dosyamıza eklememiz yeterlidir:

<dependency>
   <groupId>org.owasp</groupId>;
   <artifactId>antisamy<artifactId/>
   <version>1.4</version>
</dependency>

<groupId>org.owasp</groupId>;

<artifactId>antisamy<artifactId/>

</dependency>

(maven kullanmıyorsanız ilgili JAR dosyasını şu linkten indirebilirsiniz: http://mvnrepository.com/artifact/org.owasp/antisamy/1.4)

Antisamy’nin örnek kullanımı aşağıdaki sınıfta verilmiştir:

import org.owasp.validator.html.AntiSamy;

import org.owasp.validator.html.CleanResults;

import org.owasp.validator.html.Policy;

import org.owasp.validator.html.PolicyException;

public class XssCheckUtil {

  private static Policy policy;

  public static String cleanInputParam(final String param) throws PolicyException{

     final Policy policy = getPolicy();

     final AntiSamy as = new AntiSamy();

     if (param != null) {

        final CleanResults cleanResults = as.scan(param, policy);

        return cleanResults.getCleanHTML();

     } else {

        return null;

     }

  }

  public static Policy getPolicy() throws PolicyException{

     if (policy == null) {

        policy = Policy.getInstance(XssCheckUtil.class.getResource("antisamy-slashdot-1.4.4.xml"));

     }

     return policy;

  }

}

import org.owasp.validator.html.AntiSamy;

import org.owasp.validator.html.CleanResults;

import org.owasp.validator.html.Policy;

import org.owasp.validator.html.PolicyException;

public class XssCheckUtil {

private static Policy policy;

public static String cleanInputParam(final String param) throws PolicyException{

final Policy policy = getPolicy();

final AntiSamy as = new AntiSamy();

if (param != null) {

final CleanResults cleanResults = as.scan(param, policy);

return cleanResults.getCleanHTML();

} else {

return null;

}

public static Policy getPolicy() throws PolicyException{

if (policy == null) {

policy = Policy.getInstance(XssCheckUtil.class.getResource("antisamy-slashdot-1.4.4.xml"));

}

return policy;

}

Bir HTML input parametrenizin içerisindeki zararlı kodları şu şekilde temizleyebilirsiniz:

String myInput= XSSCheckUtil.cleanInputParam(myInput);

1	String myInput= XSSCheckUtil.cleanInputParam(myInput);

Comments are off for this post

Symantec Scan Engine Java API

Aug 17 2012 Published by yalcin under security

Web uygulamasına dosya yüklerken Symantec Scan Engine’in Java API’si ile virüs taraması yapabilirsiniz. Örnek virüs tarayıcı Java sınıfı şu şekildedir:

public class VirusScanner {

private final Policy scanPolicy;

private final String scanEngineIp;

private final int scanEnginePort;

private VectorscanEngines;

private ScanEngine.ScanEngineInfo scanEngineToUser;

private ScanEngine scanEngine;

public VirusScanner(final Policy scanPolicy,

final String scanEngineIp, final int scanEnginePort) {

super();

this.scanPolicy = scanPolicy;

this.scanEngineIp = scanEngineIp;

this.scanEnginePort = scanEnginePort;

}

public void init() throws ScanException {

this.scanEngines = new Vector();

this.scanEngineToUser = new ScanEngine.ScanEngineInfo(this.scanEngineIp, this.scanEnginePort);

this.scanEngines.add(this.scanEngineToUser);

this.scanEngine = ScanEngine.createScanEngine(this.scanEngines);

}

public Result scanFile(final File file) throws ScanException, IOException {

final File virusScanOutputFile = File.createTempFile("scanresult", ".tmp");

final FileOutputStream output = FileUtils.openOutputStream(virusScanOutputFile);

final FileInputStream virusScanInputStream = FileUtils.openInputStream(file);

Result result = null;

byte[] buffer = new byte[512];

final StreamScanRequest streamScanRequest = this.scanEngine.createStreamScanRequest(file.getAbsolutePath(), file.getName(),
output,
this.scanPolicy);

long bytesToRead = file.length();

int buffCapRead = buffer.length;

int bytesRead = 0;

do {

if (bytesToRead == buffCapRead) {

buffCapRead = buffer.length;

} else {

buffCapRead = (int) bytesToRead;

}

// Refresh data buffer.

buffer = new byte[buffCapRead];

bytesRead = virusScanInputStream.read(buffer, 0, buffCapRead);

// Send the bytes to scan engine

streamScanRequest.send(buffer);

bytesToRead = bytesToRead - bytesRead;

} while (bytesToRead, 0);

virusScanInputStream.close();

result = streamScanRequest.finish();

output.close();

return result;
}
}

public class VirusScanner {

private final Policy scanPolicy;

private final String scanEngineIp;

private final int scanEnginePort;

private VectorscanEngines;

private ScanEngine.ScanEngineInfo scanEngineToUser;

private ScanEngine scanEngine;

public VirusScanner(final Policy scanPolicy,

final String scanEngineIp, final int scanEnginePort) {

super();

this.scanPolicy = scanPolicy;

this.scanEngineIp = scanEngineIp;

this.scanEnginePort = scanEnginePort;

}

public void init() throws ScanException {

this.scanEngines = new Vector();

this.scanEngineToUser = new ScanEngine.ScanEngineInfo(this.scanEngineIp, this.scanEnginePort);

this.scanEngines.add(this.scanEngineToUser);

this.scanEngine = ScanEngine.createScanEngine(this.scanEngines);

}

public Result scanFile(final File file) throws ScanException, IOException {

final File virusScanOutputFile = File.createTempFile("scanresult", ".tmp");

final FileOutputStream output = FileUtils.openOutputStream(virusScanOutputFile);

final FileInputStream virusScanInputStream = FileUtils.openInputStream(file);

Result result = null;

byte[] buffer = new byte[512];

final StreamScanRequest streamScanRequest = this.scanEngine.createStreamScanRequest(file.getAbsolutePath(), file.getName(),

output,

this.scanPolicy);

long bytesToRead = file.length();

int buffCapRead = buffer.length;

int bytesRead = 0;

do {

if (bytesToRead == buffCapRead) {

buffCapRead = buffer.length;

} else {

buffCapRead = (int) bytesToRead;

}

// Refresh data buffer.

buffer = new byte[buffCapRead];

bytesRead = virusScanInputStream.read(buffer, 0, buffCapRead);

// Send the bytes to scan engine

streamScanRequest.send(buffer);

bytesToRead = bytesToRead - bytesRead;

} while (bytesToRead, 0);

virusScanInputStream.close();

result = streamScanRequest.finish();

output.close();

return result;

}

Kullanmak için VirusScanner sınıfını initialize edip scanFile(File file) metoduna java.io.File sınıfını parametre olarak geçmeniz yeterlidir. Result olarak da Result.CLEAN sonucunu aldığınızda yüklediğiniz dosya virüssüz demektir. Symantec Scan Engine’in 30 günlik trial versiyonunu indirip içinden çıkan JAR’ı projenize eklediğinizde yukarıdaki sınıfları kullanabilirsiniz. (http://www.symantec.com/scan-engine) Detaylı bilgi için: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_scan_engine/5.1/manuals/GettingStarted.pdf

Comments are off for this post

"On ne voit bien qu'avec le cœur. L'essentiel est invisible pour les yeux." Le Petit Prince
Search
Recent Posts
Categories
- book
- fraud
- machine learning
- music
  - concert
- other
- software development
  - agile
  - bdd
  - java
  - mobile
  - python
  - scala
  - security
- wireless sensor networks
Tag Cloud

agile android antisamy antivirüs c chat dart design patterns dosya tarama framework google gözlemci h2o istanbul devlet klasik türk müziği korosu jabber java java 8 java api jconsole jmx machine learning makale ml observer owasp antisamy paper python restful web services ruby on rails scala scrum seam security smack api spark spring symantec scan engine sûzidil tasarım desenleri unix upload user story uyms web xmpp
Monthly
Calendar

March 2021

M T W T F S S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31

« Oct

Archive for the 'security' category

Kredi Kartı Sahteciliğini Belirleme Teknikleri

OWASP Antisamy Project

Symantec Scan Engine Java API

Search

Recent Posts

Categories

Tag Cloud

Monthly

Calendar