Thursday, November 23, 2017

How can I open a cmd window in a specific location on Windows

Hi,

This hack will help you in many ways. And, shall help you many ways too!
This is a part of my initiative to post simple tricks aimed to Help/ease a QA Day to day life. These Tech Hacks are very handy but increase your efficiency much.

So, for our case today - How can I open a cmd window in a specific location on Windows; I provide two methods:

Trick 1:

If the folder is opened.
Click on address bar, alternatively press Alt+D
Now when address bar is highlighted, type cmd in the bar.
Press Enter key
You will notice that command prompt from that folder



Trick 2:

In the folder. Press Shift and then Right Click

A option appears -> Open Command Window here.


Press that. It will open a command window with present working directory as the selected hotel

Friday, November 17, 2017

Difference between Nuget and Chocolatey

NuGet is designed to allow you to easily add code libraries to your project. Things like JSON.NET, Entity Framework, etc.


Chocolatey is actually built on top of the NuGet package system, but it is designed to fill a different need. Chocolatey wraps up applications and other executables and makes it easy to install them on your computer. For example, tools like Git and Notepad++, etc. can be easily installed with a command like: cinst git.


To know more about chocolate and how to install it please refer my earlier blog post on W3LC : http://www.w3lc.com/2017/11/what-is-chocolatey-and-how-to-install.html


https://chocolatey.org/packages has a list of all the applications that can be installed.


If you have an open source project which is a library that is to be used in other developers' projects, then you should submit it to NuGet.


If it is an application that users would normally install, then create a Chocolatey package that users can easily install and update from the command line.


Details of different Package manager tools and where does Chocolate fits in:


OneGet has been renamed to Package management. It's core provides you with discovery and installation/uninstallation of various packages. OneGet is often referred to as a "package manager manager".

OneGet is a part of WMF 5 installation. Think of this as the "central concept" in the big picture. Now let's talk about packages.

Packages are fetched through package providers. E.g. PowerShellGet is one package provider for OneGet. Powershell gallery is a package source of of PowershellGet (PSGet). A provider can have multiple sources where it can search for it's packages.

E.g for the nuget-package provider; you can easily add the sources to the public nuget gallery and register your own e.g. myget source so it can be used when searching for packages.

Chocolatey is just another example of a package provider. Earlier it had to be installed and was a seperate module with it's own logic. The new Chocolatey provider conforms to the new framework of installing / managing packages.

So on a more conceptual level; a package provider itself contains information on how to install and search it's sources (sources can be registered/unregistered for each and every provider); whilst OneGet (Package management, package manager manager) works on the level above, managing package providers and interfacing this all for you.

OneGet glues it all together; while the providers itself knows how to handle packages based on it's registered sources.

Hope this explains it on the conceptual level.

See also this nice blogpost here explaining a few things more in detail:https://blogs.technet.microsoft.com/packagemanagement/2015/05/05/10-things-about-oneget-that-are-completely-different-than-you-think/

If you want to play around with package providers and sources :

 Get-PackageProvider # -Shows package providers installed on your machine)
 Find-PackageProvider # -Find online package providers you can pull down and install)
 Get-PackageSource # -List all package sources, with it's provider name)
 Register-PackageSource # -Register new package source for a provider)





Wednesday, November 8, 2017

What is Chocolatey and how to install : Step by step guide from W3LC.com about the new and cool Windows Package Manager

To start with, Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). You must have also heard in past about npm as a package manager for NodeJs.
It is much like similar thing - The package manager, to be specific!

Chocolatey is a decentralized framework for quickly installing applications and tools that you need. It is built on the NuGet infrastructure.

It includes all aspects of managing Windows software (installers, zip archives, runtime binaries, internal and 3rd party software) using a packaging framework that
understands both versioning and dependency requirements.



It is open source andyYou can host your own sources and add them to Chocolatey, you can extend Chocolatey's capabilities.

How to Install Chocolatey

It's easy, you know just like grabbing a Vodka Shot. But without a hole in pocket! It's free, in case you're wondering untill now.

Steps:

1. Ensure that you are using an administrative shell.

2. Copy the text specific to your command shell.
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

3. Paste in shell and press Enter

4. Wait for a few seconds and let the command execute.



5. [Optional] If you are using PowerShell.exe instead of Windows command prompt, there is an additional step. You must ensure Get-ExecutionPolicy is not Restricted.

a. Run Get-ExecutionPolicy. If it returns Restricted, then run Set-ExecutionPolicy AllSigned or Set-ExecutionPolicy Bypass -Scope Process.

b. Use following command istead of the earlier mentioned in point 2.
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))


And Voila! Its done!


References:
https://chocolatey.org/about
http://www.w3lc.com

Wednesday, November 1, 2017

Delete Cache & Cookies for specific website in Non-IE Browsers like Chrome and Firefox

At times, we may feel the need to delete or clear the Cache & Cookies for a specific website only – and not the entire Browsing History – especially if you face errors like 400 Error or Server / inaccessible errors.  Sometimes, for a .Net type of application, you also get errors like the constructor to deserialize an object of type 'Autofac.Core.DependencyResolutionException' was not found.


In all such cases, you have already seen how to Clear Internet Cache & Cookies for a particular domain in Internet Explorer. Now let us see how to do it in Chrome and Firefox browsers.

Normally, we simply the entire Cookie cache of that browser. This will mean that, when you exercise this option, you will be clearing all the Cookies. But if you don’t to do this, you will have to clear the Cookie for that particular domain only.

Clear Cache & Cookies for specific website in Chrome

Open your Google Chrome browser and then open its Settings. Click on Show advanced settings and the scroll down till you see Privacy.

Now click on the Content settings button. You will see a new panel pop-up with settings for Cookies right on the top. In newer versions, scroll down some bit and you will see this screen.

Search here for the website whose cookies you want to neutralize. Click on the All cookies and site data button to open the following panel.


Delete Cache & Cookies for specific domain in Firefox

Open your Mozilla Firefox web browser and then open its Options. Select Privacy next. Here under History, you will see ‘You may want to clear your recent history or remove individual cookies‘. Click on the ‘remove individual cookies‘ link to open the following panel.


Search for the domain, select the Cookies you want to delete and then remove those Cookies.


You can also use CookieSpy a freeware that lets you manage Cookies of all Browsers in one place. Use it to delete Cookies from a particular domain.



Monday, October 16, 2017

Some examples of Cyber Security Firms and what they do



This article is a part of my series 'Security is our duty and we shall deliver it'

Following are some examples of Cyber Security Firms and what they do:


IBM Security: Services include- security intelligence and analytics; identity and access management; application security; advanced fraud protection; data security and privacy; and infrastructure protection.


Symantec Software: World's largest security product vendor, largest antivirus (Norton) and a variety of backup and asset management systems manufacturer


Cisco - Products range from advanced malware protection; next generation firewalls; security management; cloud security; next generation prevention systems; VPN security clients; email security; policy and access; web security; network visibility and enforcement; and router security, to name a few.


BAE Systems - It operates through five segments: the electronic systems; the cyber and intelligence systems; intelligence and security systems; applied intelligence; and the platforms and services.


McAfee - One of the biggest antivirus and anti-malware provider in the world.


Palo Alto Networks - It works on Next-Generation Firewall, Advanced Endpoint Protection and Threat Intelligence Cloud. The company’s Next Generation Security Platform was built for breach prevention with threat information shared across a range of security functions that can operate over mobile networks.


Apart from these, there are hundreds of companies around the globe that manufacture security products or provide their services. We have relations with some of the companies fast emerging in these arena and some having good clientele and reputation in terms of Software security implementations. We are close to building one own Software Security product.



You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/

Threat hunting, mitigation and Vulnerability Management




This article is a part of my series 'Security is our duty and we shall deliver it'

Threat hunting is a very deep and strong method to deal with security issues in markets and solutions that need stringent regulations, policies and have risks involved. It is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. According to SANS institute, the threat hunters are actively searching for threats to prevent or minimize damage. The formal process of threat hunting should not be confused with an attempt to prevent adversaries from breaching the environment or for defenders to eliminate vulnerabilities in the network. 


We employ SIEM tools typically only provide indicators at relatively low semantic levels. There is therefore a need to develop SIEM tools that can provide threat indicators at higher semantic levels. As the industry itself is developing around it, we also have our feets wet in the process. We have our Chief Security consultant actively involved in all the three methods viz. Analytics-Driven, situational-Awareness Driven and Intelligence-Driven. As an accompalished engineer he is a master of monkey and fuzzy tests as well.


For bug logging and defect tracking we use home grown technologies as well as Atlassian tools like Jira. For the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities, i.e Vulnerability management we have adept leaders to lead and guide teams in teams in using vulnerability scanners. We have successfully employed Coverity and various checkstyles and PMD level rules. 


We have a set of our own scripts and systems to analyze and investigate for known vulnerabilities such as open ports, insecure software configurations, and susceptibility to malware infections. Like stated above, we have masters of fuzzer techniques who can work with us 24x7. Unknown vulnerabilities, such as a zero-day, and complex threats are all under our hand. We have consultants worked with a variety of antivirus software and heuristic analysis mechanisms. You remember we said, we have smartest of security consultants!


You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/

Security is our duty and we shall deliver it! - A White Paper For Software Security Organizations

Recently, I wrote a White paper. It is titled as - 'Security is our duty and we shall deliver it!'


This paper could be best described in following words-

Quality Management, Information Security, Threat Hunting and Mitigation Plans for a Software Company or a Technology Start-up engaged in building, deploying or consulting in Software and Internet Applications.


The chief sections of the document would be:

  1. Introduction to Enterprise Risk & Cyber Security
  2. The technologies we employ in
  3. Types of Software testing
  4. Some examples of Cyber Security Firms and what they do
  5. How we achieve a secure product
  6. InfoSec and Managed Security Service Provider
  7. Training and development
  8. Safeguarding against Phishing and Multi-Factor Authentication
  9. Threat hunting, mitigation and Vulnerability Management
  10. The denouement


You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/



Following blog posts are must read for any Software Quality and Security Professional or an organization working in this field:

http://www.w3lc.com/2010/05/veracode-as-new-whitebox-testing-tool.html

http://www.w3lc.com/2012/02/analysis-of-valgrind-still-reachable.html

http://www.w3lc.com/2011/07/stress-testing-what-how-when.html

http://www.w3lc.com/2011/02/types-of-software-testing.html

http://www.w3lc.com/2010/10/dos-and-ddos-clarification-on-hacking.html

http://www.w3lc.com/2010/05/baseline-and-traceability-matrix.html

Cheers my readers.
You are my reason to be motivated.

- M. Anwar Jamal Faiz