Month: July 2014

How to install and configure Jaspersoft in Linux Server(RHEL/Centos/Fedora)

Posted on by Jay

Jaspersoft is a commercial open source software vendor focused on business intelligence, including data visualization, reporting, and analytics. It provides commercial as well as open source software, support services and licensing around the Jasper report, Jasper report server, Jaspersoft Studio, i-report and ETL products.

Jaspersoft is offered the communities open source edition as well as several commercial editions with broad support for various databases and data sources, including NoSQL and other big data sources. Jaspersoft’s main related product is JasperReports Server, a Java web application that provides advanced report server capabilities such as report scheduling, permissions, ad hoc reporting, dashboards, and multi-tenancy.

Unlike other traditional BI tools, it allows anyone to easily self-serve and get the answers they need inside their preferred app or on their favorite device. Our platform, unlike desktop visualization tools, scales architecturally and economically to reach everyone.

jaspersoft

Steps to Install ‘Jaspersoft Server’

STEP:1 Install JAVA 1.7 or above

STEP:2 Install Mysql server

# yum install mysql-server mysql php-mysql

STEP:3 Install tomcat 6 or tomcat 7
# yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps

STEP:4 Download jaspersoft war file from “http://sourceforge.net/projects/jasperserver” by issuing the below command

# wget http://sourceforge.net/projects/jasperserver/files/JasperServer/JasperReports%20Server%20Community%20Edition%205.6.0/jasperreports-server-cp-5.6.0-bin.zip/download

STEP:5 Unzip zip file and move to “ opt “ directory

[sourcecode language=”plain”]# unzip jasperreports-server-cp-5.6.0-bin.zip
# mv jasperserver-ce-3.7.0-linux-installer.bin /opt/[/sourcecode]

STEP:6 Start Mysql service and Stop the tomcat service.

[sourcecode language=”plain”]# /etc/init.d/mysqld start
# /etc/init.d/tomcat6 stop[/sourcecode]

STEP:7
Go to this directory /opt/jasperreports-server-cp-5.6.0-bin/buildomatic
Then COPY “mysql_master.properties” file from this directory jasperreports-server-cp-5.6.0-bin/buildomatic/sample_conf/mysql_master.properties and Rename the “mysql_master.properties” to “default_master.properties”

STEP:8 Edit the default_master.properties file with vi editor

[sourcecode language=”plain”]# vi default_master.properties[/sourcecode]

Uncomment this below line

[sourcecode language=”plain”]# appServerType = tomcat6[/sourcecode]

Go to Tomcat app server root dir and modify“Catalina home and base “path as below
# If linux package managed tomcat instance, set two properties below

[sourcecode language=”plain”]CATALINA_HOME = /usr/share/tomcat6/
CATALINA_BASE = /var/lib/tomcat6/[/sourcecode]

# Change database location and connection settings setup as your own mysql passwd.

[sourcecode language=”plain”]dbHost=localhost
dbUsername=root
dbPassword=passwd[/sourcecode/]
# web app name
# (set one of these to deploy to a non-default war file name) uncomment as below any one
[sourcecode language="plain"]webAppNameCE = jasperserver
# webAppNamePro = jasperserver-pro[/sourcecode]

STEP:9 Download the mysql connector jar file from

[sourcecode language=”plain”]# wget https://total-pos.googlecode.com/files/mysql-connector-java-5.1.17-bin.jar[/sourcecode ]

<strong>STEP:10</strong> Put the mysql-connector-java-5.1.17-bin.jar file in tomcat directory
[sourcecode language="plain"]# /usr/share/tomcat6/lib/mysql-connector-java-5.1.17-bin.jar[/sourcecode]

STEP:11 Install this file under this directory

[sourcecode language=”plain”]# cd /opt/jasperreports-server-cp-5.6.0-bin/buildomatic
# ./js-install-ce.sh[/sourcecode]

STEP:12 Start the tomcat service

[sourcecode language=”plain”]# /etc/init.d/tomcat6 start[/sourcecode]

STEP:13 Browse in url

[sourcecode language=”plain”]# http://<ip-address>:8080/jasperserver[/sourcecode]

STEP:14 Login username and password
User login: jasperadmin
Passwd: jasperadmin

Conclusion:  Jaspersoft is available under an open source license for use in conjunction with open source infrastructure such as MySQL and JBoss, or a commercial license for enterprise deployments involving commercial databases and application servers. Jaspersoft’s main related product is JasperReports Server, a Java EE web application that provides advanced report server capabilities such as report scheduling and permissions.

Share your thoughts with comments

Identify Cross Site Scripting (XSS) Vulnerabilities Threat

Posted on by Jay

Cross-site-scripting_xss

Do you know that almost every website or application has some security flaws which make them vulnerable to the possibility of being hacked or attacked. There are certain group, which are known as black hat hackers, take advantage of this security flaws and try to access or steal sensitive data, redirecting file and even shut down that application and lot more. There are various such types of vulnerabilities and one of them is Cross Site Scripting or alias ‘XSS’.

According to a recent survey conducted by White Hat Security, Cross Site Scripting remain top in the virus list in 2014. It happens when a web application accumulates data from a user which might be malicious, and then stores input in a data store for later use. Entered input that is stored is not correctly separated. Malicious data will be displayed to be part of the website and run within the user’s browser under the web application.

What attackers can do with this type of vulnerability?

  • Hack other browsers
  • Steal sensitive data viewed by application users
  • Fake damaging the appearance of the application
  • Direct delivery of browser-based work excessively hard and lots more.

Stored XSS does not need a malicious link to be exploited. A successful exploitation occurs when a user visits a page with a stored XSS. The following phases relate to a normal stored XSS attack scenario:

  • Attacker stores vicious code into the vulnerable page
  • User authenticates in the application
  • User visits vulnerable page
  • Vicious code is executed by the user’s browser

See Also: Serious threats from Heartbleed Bug

As a Web tester, I know that the technological foundation of Web applications consists of HTTP and HTML. The HTTP protocol is the delivery transport for HTML, the code used to layout and form the Web page.
Cross Site Scripting (XSS) vulnerabilities exist when a Web application that accepts user input through HTTP requests such as a GET or a POST and then redirected to display inputs somewhere in the output HTML code.

System testing or Black Box testing to identify stored XSS vulnerabilities

Input Forms
The first step is to identify all points where user input is stored into the back-end and then displayed by the application. User input can be found in the following sections:

  • User Profile page: The application allows the user to edit or change profile details such as first name, last name, picture & address, etc.
  • Online Shopping: The application allows the user to store items into the shopping cart which can then be reviewed later
  • File Management System: Applications where there is a option to upload files
  • Application settings/preferences: Options to set or allow users profile
  • Blog: If the blog gives permission to user for comments in the application
  • Log: Stores some users input into logs of the application

HTML code Analyze
Input stored by the application is normally used in HTML tags, but it can also be found as part of JavaScript content. At this stage, it is to understand if input is stored and how it is positioned in the context of the page.The pen-tester should also investigate differently through which the application receives and stores users input.
Example: Email id stored data in index1.php

In this case, the tester needs to find a way to inject code outside the <input> tag as below:

[sourcecode language=”html”]<input class="inputbox" type=text" name="email" size="40" value="johndoe@gmail.com"> MALICIOUS CODE <!-/>[/sourcecode]

Testing for Stored XSS

This involves testing the input validation and filtering controls of the application. Basic injection examples in this case:

[sourcecode language=”plain”]johndoe@gmail.com"><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" data-wp-preserve="%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E" data-mce-resize="false" data-mce-placeholder="1" class="mce-object" width="20" height="20" alt="&lt;script&gt;" title="&lt;script&gt;" />
johndoe@gmail.com%22%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E[/sourcecode]

Ensure the input is submitted through the application. This normally involves disabling JavaScript if client-side security controls are implemented or modifying the HTTP request with a web proxy such as Web Scarab. It is also important to test the same injection with both HTTP GET and POST requests. The above injection results in a popup window containing the cookie values.

 

The HTML code following the injection:

[sourcecode language=”html”]<strong><input class="inputbox" type="text" name="email" size="40" value="aaa@aa.com"><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" data-wp-preserve="%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E" data-mce-resize="false" data-mce-placeholder="1" class="mce-object" width="20" height="20" alt="&lt;script&gt;" title="&lt;script&gt;" /></strong>[/sourcecode]

The input is stored and the XSS payload is executed by the browser when reloading the page. If the input is escaped by the application, testers should test the application for XSS filters. For instance, if the string “SCRIPT” is replaced by a space or by a NULL character then this could be a potential sign of XSS filtering in action. Many techniques exist in order to evade input filters.

If you find the above process is little bit complicated or you need some sort of support then don’t worry you can get a free testing report through our accomplished QA engineers.

Hope you liked it. Go ahead and post your comments what you think about this?

Tips To Increase Your App Download Through App Store Optimization

Posted on by Jay

App Store Optimization (ASO) is the process of improving the visibility of a mobile app (such as an iPhone, iPad, Android, or Windows Phone app) in an app store (such as iTunes or Google Play or windows marketplace).

App store optimization is just like search engine optimization to improve the app findings by users in an app store.

App store optimization includes the process of ranking highly in an app store’s search results and top charts rankings.

Ranking higher in search results and top charts will help in more downloads for an app

On-Page optimization:

  • App Title:

    It plays a vital role in ASO. The app title should clearly describes the app and what it does, but it should be short.

    Too long app titles are get truncated, this kills user experience.

  • App Description:

    This is the second most important part of ASO. This is the place where you sell your app based on the great features!Make sure to keep this section short and concise.

    As it is going to use in user’s cell phones and not on their desktop monitors.

  • App Logo:

    This is the way you can express what your app is all about.

    So the app logo should be designed by a professional designer to create a stunning app logo. This part should not be overlooked.

  • App Screenshot:

    Screenshots should be clear and with high resolution. You should highlight the best parts of your app with multiple screenshots.

    If possible add short text/explanation to the screenshots.

  • Category:

    Make sure to categorize your app appropriately. As a lot of searchers jump straight into specific categories if they are looking for something.

    There is also a  secondary category option in which your app fits into two categories, but the primary category does act as the most important.

  • Keywords:

    You need to know which keywords are relevant and used very often by your targeted users,  to improve your search rankings. It is very useful to monitor the other competitors.

Off-Page Optimization:

  • Overall App Ratings:

    This is an important factor for ASO. If most of the people who downloaded the app gave 5 out of 5 stars, then it must be a great app.

    Ratings are also a direct reflection of your app’s performance measurement – a great app will get great ratings. The front page placement likely to rely on a combination of downloads, ratings, reviews and Google pluses.

  • App Reviews:

    Like ratings, reviews play an important role in ASO. You want as many app users to leave out genuine reviews of your app.

    The conversion rate will grow depending upon the number of the favorable reviews your app receives.

    Always keep track of the users’ reviews and try to improve your app based on the feedbacks.

  • Total App Downloads:

    This certainly affects searcher physcology. If the app has good download number, it creates the impression of being popular, then the chances download of the particular app will be higher.

Verdict

Around 63% of apps are discovered via app store searches. ASO is the most used method for discovering and downloading new apps from the app stores.

So to boost your app’s search ranking and downloading make sure to follow these quick tips of ASO. ASO is just like a secret weapon to increase your app’s visibility, ranking and overall success.

Also See: How to monetize your Android application through In-App Billing?

You can also check out some of our free apps.

How did you like this blog? Please send me your comments, if any.

How To Setup CakePHP DataSource For Solr?

Posted on by Prakash S.

Imagine that you have millions of data and your SQL database is not optimized enough to handle them, then “Solr” is your best data source. Apache Solr is a fast search platform. It’s major features include full-text search faceted search, dynamic clustering, database integration, rich document handling. Solr is highly scalable and it is the most popular enterprise search engine.

This document will guide you through DataSource setup for Solr in CakePHP. Set-up the Solr DataSource in CakePHP and query Solr with your CakePHP model “find” function, just similar to querying any other SQL database.

/app/Config/database.php:

Configuring your the DataSource for Solr database connection:

  • host: Solr server address.
  • port: Solr server port.
  • datasource: This should match with your DataSource at /app/Model/Datasource/SolrSource.php

[php]class DATABASE_CONFIG {
public $solr = array(
‘datasource’ =&amp;amp;amp;gt; ‘SolrSource’,
‘host’ =&amp;amp;amp;gt; ‘192.168.2.131’,
‘port’ =&amp;amp;amp;gt; ‘9983’,
‘path’ =&amp;amp;amp;gt; ‘/solr/’
);
}[/php]

/app/Model/Solr.php:

Use the database config in your models like:

[php]class Solr extends AppModel {
 public $useTable = false;
 public $useDbConfig = ‘solr’;
 }[/php]

/app/Model/Datasource/SolrSource.php:

Below code describes only the most required functions.

  • You can find other required functions at http://book.cakephp.org/2.0/en/models/datasources.html
    Like: calculate($model, $func, $params) and others create(), update(), delete().
  • Below DataSource only implements read() function.
  • Create a file called SolrSource.php and use below code:

[php]App::uses(‘HttpSocket’, ‘Network/Http’);
require_once($_SERVER[‘DOCUMENT_ROOT’].’/root_folder/app/Vendor/Apache/Solr/Service.php’);
class SolrSource extends DataSource {

protected $_schema = array();
protected $_host;
protected $_port;

public function __construct($config){
parent::__construct($config);
$this-&amp;amp;amp;gt;Http = new HttpSocket();

$this-&amp;amp;amp;gt;host = $config[‘host’];
$this-&amp;amp;amp;gt;port = $config[‘port’];
$this-&amp;amp;amp;gt;_schema = $config[‘path’];

$this-&amp;amp;amp;gt;solr=new Apache_Solr_Service($this-&amp;amp;amp;gt;host, $this-&amp;amp;amp;gt;port, $this-&amp;amp;amp;gt;_schema);
}

public function read(Model $model, $queryData = array(), $recursive = null) {
$results = array();
$query = $queryData[‘conditions’][‘solr_query’];
if (Configure::read(‘log_solr_queries’) === true) {
CakeLog::write(‘debug’, $query); /* Logs the solr query in app/tmp/logs/debug.log file */
}

try {
$solr_docs = $this-&amp;amp;amp;gt;solr-&amp;amp;amp;gt;search($query, $queryData[‘offset’], $queryData[‘limit’], array(‘sort’ =&amp;amp;amp;gt; $queryData[‘order’]));
} catch (Exception $e) {
CakeLog::write(‘error’, $e-&amp;amp;amp;gt;getMessage()); /* Logs the solr errors message in app/tmp/logs/error.log file */
CakeLog::write(‘error’, $query); /* Logs the solr query in app/tmp/logs/error.log file */
}
$model-&amp;amp;amp;gt;params = $solr_docs-&amp;amp;amp;gt;responseHeader-&amp;amp;amp;gt;params;
$model-&amp;amp;amp;gt;numFound = $solr_docs-&amp;amp;amp;gt;response-&amp;amp;amp;gt;numFound;
$docs = $solr_docs-&amp;amp;amp;gt;response-&amp;amp;amp;gt;docs;
foreach ($docs as $doc) {
$document = array();
foreach ($doc as $fieldName =&amp;amp;amp;gt; $fieldValue) {
$document[$fieldName] = $fieldValue;
}
$results[] = $document;
}
return array($model-&amp;amp;amp;gt;alias =&amp;amp;amp;gt; $results);
}
}[/php]

/app/Controller/UsersController.php:

Getting data from Solr server by using above SolrSource.

[php]App::uses(‘AppController’, ‘Controller’);
class UsersController extends AppController {

public $name = ‘Users’; //Controller name
public $uses = array(‘Solr’); //Model name

function beforeFilter(){
parent::beforeFilter();
$this-&amp;amp;amp;gt;Auth-&amp;amp;amp;gt;allow(‘index’);
}

public function index(){
$cond = "active:1";
$sort = "timestamp desc";

$params = array(
‘conditions’ =&amp;amp;amp;gt;array(
‘solr_query’ =&amp;amp;amp;gt; $cond
),
‘order’ =&amp;amp;amp;gt; $sort,
‘offset’ =&amp;amp;amp;gt; 0,
‘limit’ =&amp;amp;amp;gt; 1
);

$result = $this-&amp;amp;amp;gt;Solr-&amp;amp;amp;gt;find(‘all’, $params);
$this-&amp;amp;amp;gt;layout = ‘ajax’;
header(‘Content-Type: application/json; charset=utf-8’); /* To send response in json format */
echo json_encode($result);
die;
}
}[/php]

See Also : How to use ‘neighbors’ with ‘find’ method

Debugging:

The above code has been tested and validated with CakePHP 2.2.3, PHP 5.3.1 .
Incase you face any problems:

  • First check the DataSource configuration in /app/Config/database.php.
  • Check /app/Model/Solr.php for this line: public $useDbConfig = ‘solr’;
  • Make sure Solr Service Vendor loaded in /app/Model/Datasource/SolrSource.php.
  • Check the path is correct for the Solr vendor.

Hope you liked this. Let me know if you want to add anything?