In my latest post I introduced my summer project, the coat programming language.
The idea was to merge concepts from design by contract and BDD or TDD to build a descriptive language to tell the world the constraint your code will fullfill.
Coat will be used to write ruby class skeleton with method pre and post conditions, builtin data type checks, documentation and test cases.
Building a compiler is fascinating and a very self learning task but it’s not that easy.
It was fall 1999 when I first met Eiffel programming language and the Design by contract concept it introduced.
Mixing pre-conditions, invariants and post-condition, an Eiffel class creates a sort of contract with other classes on about its behaviour, the data it can deal with and which kind of output you may expect.
As an aside, universities here in Italy are great but there is too much theory and very few applications of what you have just learnt.
When teacher introduced a formerly unknown programming language, no used in the “real”1 world I got the blues. I thought those was yet another useless thing I had to study to pass my exams but I won’t use it anymore in the “real” world.
What an idiot.
When I planned the Hackers @ Work serie post, I had no doubt for the post #1.
Simon Bennetts is growing up in the Owasp community as great contributor and outstanding project leader. Its Owasp Zap proxy is becoming a superb opensource alternative to commercial application proxy (like paros, or burp) to be used in real world web application penetration tests.
This post start with the latest vulnerability CVE-2012-1675 about Oracle TNSListner.
A Man in the Middle attack is possible against the Oracle TNSListner to hijack regular users connections. The advisory says also that it is possible to make denial of services and full compromise the remote database integrity.
The attacker does not need a pair of valid credentials, it has just to reach the listener via network.
A funny way to start the week.
Writing a blog to fill the gaps between application developers and security professionals may sound too much primetime diva boosting her knowledge.
It may sound a bit pretentious to me talking about filling a gap in two differents IT fields. I have a lot of things yet to learn. That’s why I asked other professionals from both the worlds to join the ride and helping me in saying building a bridge between those two worlds is somewhat very easy.
