Rahul Shar

Greenhorn
+ Follow
since Jul 01, 2014
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
(keep public parts private until JForum day)
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt
Moderation Tools

Recent posts by Rahul Shar

JBI provides a platform for integration & management services, mostly used in a SOA env.

You may refer blog link for more details.
Correctly said. You may refer XSS prevention cheat sheet link for more details.
2 years ago
Based on my experience, I think choice of infrastructure and platform depends on,

1. NFRs
2. Direction from enterprise architecture group (unless NFRs demands new HW/platform)

Where EA group is not established, you are free to your choice.

In my solution, I assumed about platforms and kept conventional hardware. Please do mention assumptions in your deployment diagram notes & assumption section.
Thanks Amritendu for your valuable input!!

I have been trying to realize my next goal after SCEA.

Here are couple of options I am looking at Togaf, ITIL and COBIT 5.

I guess there is some overlapping between them but researching on the major differences.

TIA
Rahul
Grade indicator has not changed yet. I guess it would take around 48 hours to update.

Though, I cleared Java EE 6 Enterprise Architect Certified Master exam but the result screen display Java Enterprise Edition 5 Enterprise Architect - Not sure if this is same for you.

Thanks
Rahul
Congratulation Aditya!!

I don't think you will get detailed score report in order to maintain test security(mentioned in my result )



Cheers,
Rahul

Got my result today - Secure 141 marks.

I started my preparation last year and took almost a year. It had been a great learning experience.

Thanks Ranchers for your support!!

Key takeaway for me – Be aware and conscientious in your choice.

Thanks
Rahul
Thanks Oli for posting this topic.

I was also wondering the interaction between application and scheduling system.

Please share if you have any latest update. Appreciate your help!

Thanks
Rahul

I am wondering how load balancer, DMZ, cluster and RAC can be depicted in UML 2.0 compliant deployment diagram. And if it should be in deployment or network diagram?

I am referring these sites,
1. http://www.uml-diagrams.org/web-application-clusters-uml-deployment-diagram-example.html?context=depl-examples

2. http://www.uml-diagrams.org/web-application-load-balancing-uml-deployment-diagram-example.html?context=depl-examples

3. http://docs.oracle.com/cd/B28359_01/rac.111/b28254/admcon.htm


It seems I can consolidate 1 and 2 UML diagram and create deployment diagram depicting load balancer, cluster and RAC (similar to cluster). But how should I depict DMZ and http server proxy plugin.

TIA
Rahul

I think embedded parameter is related to the example given in Owasp site -

https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet#Stored_Procedure_Examples
3 years ago
Hi Jeanne,

Yes, "embedded parameters" is not on OWASP page but was actually referred some other article related to SQL injection.

I think it is related to ORACLE Execute_Immediate or procedure where dynamic query or proc is generated.

Thanks
Rahul
3 years ago
Hi All,

I am referring OWASP for SQL injection prevention and have two queries,

(1) Whats is "embedded parameters" related to parameterized stored procedures? - I couldn't find any difference between parameters and embedded parameters.

(2) Which one is better -
(a) Parametrized stored procedures with the principle of least privilege //Clubbing additional defense & high priority defense
(b) Parameterized stored procedures with the embedded parameters

- I think option (a) depends on the policy where you use stored procedures everywhere, so unless specified option (b) is more correct.

OWASP - https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Least_Privilege

TIA
Rahul

3 years ago
Security at transport layer can be achieved by SSL/TLS which encrypts data between client and server. I think, session hijacking is not possible if data is encrypted. It completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack.

Thanks
Rahul
Hi All,

I am preparing for OCMJEA 6 retake exam.
Just wondering if questions for retake would be same or diferent...😶
Any pointers will be helpful.
TIA.
3 years ago