Author: Jay

Do what you do best in – that’s what I’ve always believed in and that’s what I preach. Over the past 25+ years (yup that’s my expertise ‘n’ experience in the Information Technology domain), I’ve been consulting to small, medium and large companies ‘About Web Technologies, Mobile Future as well as on the good-and-bad of tech. Blogger, International Business Advisor, Web Technology Expert, Sales Guru, Startup Mentor, Insurance Sales Portal Expert & a Tennis Player. And top of all – a complete family man!

Grow Your Business For Your Mobile App With Google Analytics

Posted on by Jay

In this digital era, information or data plays pivotal role in the process of development. The more information you have, more precise and accurate decision you can take. And this is also applies to mobile apps.

As per report comes from Portio “1.2 billion people worldwide were using mobile apps at the end of 2012. This is forecast to grow at a 29.8 percent each year, to reach 4.4 billion users by the end of 2017.” This simply indicates industry’s future growth potential; but to stand out this industry is not an easy job. Good news is that Google has its own free analytics tool that helps you to find out insight details of your mobile app which can be your vital part of our app development process.

In June 2012, Google introduced beta version of mobile app analytics ; but now it becomes the part of Universal Analytics. Today our purpose is to educate those developers or users who are not familiar with this influential API(Application Program Interface)

How To Setup Google Analytics for Mobile App?

Step 1:

Set up a new app property in your analytics accounts.
First login into your google analytic profile. Here you get two options:

  • Option One: You can create new account for your mobile app. For this go to admin section, then create new accounts from the account tab and choose “mobile app” tab. Now just provide details like Account name, App name, Industry category and time zone and you will get your tracking code. This option is more suitable if you want to see your analytic data of your mobile apps only.
  • Option Two: Here you can create a new property from your existing account. For this simply go to account where you want to add your new property and then select “Create new property” tab under property section and rest is similar to option one.This option is more suitable if you want to see analytic data of your web application as well as corresponding mobile application.

Step 2:

Download the Google Analytics SDK for Android or iOS from the same account screen that provides the tracking ID. Suggest to take help of mobile developer to implement tracking via SDK.

Never miss an update from us. Join 10,000+ marketers and leaders.

Once you setup your analytic for mobile app you can analyze your data through lots of cool features and out of them I have listed few features here:

  • Enhance your customer base by knowing who utilizes your app, on what platform, where they come from and what they looking for from Traffic Source report and Google play integration.Note: If you link your Google Analytics account to Google Play then your android apps will be automatically recognized in Google Analytic; but you have to associate each application separately with an analytic account.
  • Event tracking, Flow visualization, and Real time reporting helps you to identify scope of improvement for better customer engagement. With in-built crash and exception reporting, you can prioritize the issues which are impacting your visitors, helping you to serve better user experience. More you engage your visitor, better chance to achieve your objective.
  • Every single application has certain goals such as purchase, leads, signup or simply spending time on app. This helps you to setup and track those goals.
  • Google Analytics is now available on Admob. So you can get full analytic data either from Google Analytics or from Analyze tab of Admob account.

Recently, Google also released official Google Analytic app for iphone user (https://itunes.apple.com/app/google-analytics/id881599038). In future we may review this app for you.

See Also : Tips to increase your app download through App Store Optimization(ASO)

Andolasoft has been successfully delivered lots of iOS and Android app for his worldwide customer. You can check out our portfolio page. I would love to hear how you are using, or plan to use, this powerful Google API.

Comparison between ASP.NET MVC or ASP.NET Web Forms

Posted on by Jay

When it comes to web development using Microsoft’s .NET framework, two popular approaches are ASP.NET MVC (Model-View-Controller) and ASP.NET Web Forms.

Both have their strengths and weaknesses, and the choice between them depends on the specific needs of your project.

In this blog post, we’ll compare ASP.NET MVC and ASP.NET Web Forms in terms of architecture, development style, flexibility, and other key factors to help you make an informed decision.

When developing web apps using Microsoft’s .NET framework, the two most popular approaches that developers employ are the ASP.NET MVC and the ASP.NET Web Forms.

Both have their strengths and weaknesses; the choice between which one is best depends on the specific needs of the projects. 

In this blog post we will compare the ASP.NET MVC and ASP.NET Web Forms in terms of architecture, development style, flexibility and other key factors to help to make the right decision. 

ASP.NET MVC ASP.NET Web Forms
Architecture:
  • MVC is a design pattern that separates an application into three components: Model, View, and Controller.
  • This separation of concerns provides a more organized and maintainable codebase.
  • Developers have fine-grained control over the HTML, enabling them to create SEO-friendly and responsive web applications.
  • Web Forms follow a more traditional event-driven model, where you design pages with server controls and handle events on the server.
  • The architecture is more tightly coupled, making it easier for beginners but less flexible for complex scenarios.
Development Style:
  • Promotes a test-driven development (TDD) approach, which is ideal for writing unit tests.
  • Developers have more control over the markup, making it easier to customize the HTML and CSS.
  • Offers a rapid application development (RAD) style, which is well-suited for small to medium-sized projects with quick turnarounds.
  • It provides a more event-centric programming model, making it easier for developers with a background in Windows Forms development.
Flexibility
  • Highly flexible and extensible, allowing developers to use third-party libraries and frameworks as needed.
  • It is a good choice for building RESTful APIs, and it can be used to create single-page applications (SPAs).
  • Less flexible when it comes to integrating third-party libraries and frameworks.
  • Best suited for traditional web applications with server controls and postbacks.
Learning Curve:
  • Has a steeper learning curve, especially for developers who are new to the MVC design pattern.
  • Requires a good understanding of web development concepts, making it a better choice for experienced developers.
  • Easier for beginners to grasp, particularly those with a background in Windows Forms development.
  • Offers a more visual and event-driven approach that can be more intuitive for some.
SEO and Performance:
  • Provides better control over HTML markup and URLs, making it easier to create SEO-friendly web applications.
  • Generally offers better performance, as it reduces the overhead associated with the ViewState in Web Forms.
  • SEO can be more challenging due to the nature of server controls and View State.
  • In some cases, it may result in slower performance, especially when handling complex forms.
Community and Support:
  • Has a strong and active community, with a plethora of resources, documentation, and third-party extensions available.
  • Regular updates and improvements have been made to the framework.
  • Although still supported, its popularity has waned compared to ASP.NET MVC.
  • The community and resources are not as vibrant as they once were.

Let’s compare and figure out:

Following are the advantages of ASP.NET MVC over Web Forms:

  • Absence of statefulness and ViewState makes the page lighter compared to WebForms
  • Shorter page life-cycle makes it easy to understand and less complex
  • Higher control over HTML, JavaScript(DOM elements) and CSS makes customization and accessibility easier
  • Higher control over HTML means compliance with evolving standards like Web2.0
  • Higher control over HTML also means developers find it easier in building Ajax applications, and adding more interactivity and responsiveness to existing applications
  • Modification takes less time to implement as there is separation between UI and business layers
  • Having option to accommodate more than one form in a single page is a clear advantage
  • TDD is easier to implement as it does not relies on event handlers which are only fired in web contexts, when a form is posted or a page is requested
  • MVC framework decouples the components and makes use of interfaces, which makes it easier to test individual components in isolation from the rest of the framework
  • It’s efficient for large application specially those follows agile methodologies for development
  • URLs tend to be much more SEO-friendly, if you design your controllers and actions properly

Following are the advantages of Web Forms over ASP.NET MVC:

  • Easy to learn for most of the developers regardless of their background in development
  • Higher number of active developers compared to ASP.NET MVC as the technology is relatively old
  • Since it uses controls, it is easier to inherit that means you can reuse controls made for other application
  • For developers increase in productivity is a definite plus
  • Developer with higher competence in HTML,DOM, and CSS is not mandatory as most of it is handled by controls
  • Easier to achieve data persistence between requests due to statefulness and ViewState
  • RAD(Rapid Application Development) with drag & drop controls means you do not need to code much
  • It is faster to implement validation on controls as they are generated automatically
  • Lots of third party component makes it easier to generate the HTML and JavaScript for the developer
  • Programmatic access to the UI elements makes it easier to implement SharePoint

The framework chosen should be based upon the requirements and resources of the company doing the development.

If you want to have a faster development cycle than Web Forms might be the best option.

If time, money, and energy to develop an application from the scratch is not a constraint then MVC could potentially be the better option.

Andolasoft has extensive experience with both frameworks and would be more than happy to help you to decide your development decisions.

Recommended Blog: Rails-Things you must know about TDD and BDD

Do you like this blog? I’d love to hear something from you. Thanks for sharing your comments.

How to install and configure Jaspersoft in Linux Server(RHEL/Centos/Fedora)

Posted on by Jay

Jaspersoft is a commercial open source software vendor focused on business intelligence, including data visualization, reporting, and analytics. It provides commercial as well as open source software, support services and licensing around the Jasper report, Jasper report server, Jaspersoft Studio, i-report and ETL products.

Jaspersoft is offered the communities open source edition as well as several commercial editions with broad support for various databases and data sources, including NoSQL and other big data sources. Jaspersoft’s main related product is JasperReports Server, a Java web application that provides advanced report server capabilities such as report scheduling, permissions, ad hoc reporting, dashboards, and multi-tenancy.

Unlike other traditional BI tools, it allows anyone to easily self-serve and get the answers they need inside their preferred app or on their favorite device. Our platform, unlike desktop visualization tools, scales architecturally and economically to reach everyone.

jaspersoft

Steps to Install ‘Jaspersoft Server’

STEP:1 Install JAVA 1.7 or above

STEP:2 Install Mysql server

# yum install mysql-server mysql php-mysql

STEP:3 Install tomcat 6 or tomcat 7
# yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps

STEP:4 Download jaspersoft war file from “http://sourceforge.net/projects/jasperserver” by issuing the below command

# wget http://sourceforge.net/projects/jasperserver/files/JasperServer/JasperReports%20Server%20Community%20Edition%205.6.0/jasperreports-server-cp-5.6.0-bin.zip/download

STEP:5 Unzip zip file and move to “ opt “ directory

[sourcecode language=”plain”]# unzip jasperreports-server-cp-5.6.0-bin.zip
# mv jasperserver-ce-3.7.0-linux-installer.bin /opt/[/sourcecode]

STEP:6 Start Mysql service and Stop the tomcat service.

[sourcecode language=”plain”]# /etc/init.d/mysqld start
# /etc/init.d/tomcat6 stop[/sourcecode]

STEP:7
Go to this directory /opt/jasperreports-server-cp-5.6.0-bin/buildomatic
Then COPY “mysql_master.properties” file from this directory jasperreports-server-cp-5.6.0-bin/buildomatic/sample_conf/mysql_master.properties and Rename the “mysql_master.properties” to “default_master.properties”

STEP:8 Edit the default_master.properties file with vi editor

[sourcecode language=”plain”]# vi default_master.properties[/sourcecode]

Uncomment this below line

[sourcecode language=”plain”]# appServerType = tomcat6[/sourcecode]

Go to Tomcat app server root dir and modify“Catalina home and base “path as below
# If linux package managed tomcat instance, set two properties below

[sourcecode language=”plain”]CATALINA_HOME = /usr/share/tomcat6/
CATALINA_BASE = /var/lib/tomcat6/[/sourcecode]

# Change database location and connection settings setup as your own mysql passwd.

[sourcecode language=”plain”]dbHost=localhost
dbUsername=root
dbPassword=passwd[/sourcecode/]
# web app name
# (set one of these to deploy to a non-default war file name) uncomment as below any one
[sourcecode language="plain"]webAppNameCE = jasperserver
# webAppNamePro = jasperserver-pro[/sourcecode]

STEP:9 Download the mysql connector jar file from

[sourcecode language=”plain”]# wget https://total-pos.googlecode.com/files/mysql-connector-java-5.1.17-bin.jar[/sourcecode ]

<strong>STEP:10</strong> Put the mysql-connector-java-5.1.17-bin.jar file in tomcat directory
[sourcecode language="plain"]# /usr/share/tomcat6/lib/mysql-connector-java-5.1.17-bin.jar[/sourcecode]

STEP:11 Install this file under this directory

[sourcecode language=”plain”]# cd /opt/jasperreports-server-cp-5.6.0-bin/buildomatic
# ./js-install-ce.sh[/sourcecode]

STEP:12 Start the tomcat service

[sourcecode language=”plain”]# /etc/init.d/tomcat6 start[/sourcecode]

STEP:13 Browse in url

[sourcecode language=”plain”]# http://<ip-address>:8080/jasperserver[/sourcecode]

STEP:14 Login username and password
User login: jasperadmin
Passwd: jasperadmin

Conclusion:  Jaspersoft is available under an open source license for use in conjunction with open source infrastructure such as MySQL and JBoss, or a commercial license for enterprise deployments involving commercial databases and application servers. Jaspersoft’s main related product is JasperReports Server, a Java EE web application that provides advanced report server capabilities such as report scheduling and permissions.

Share your thoughts with comments

Identify Cross Site Scripting (XSS) Vulnerabilities Threat

Posted on by Jay

Cross-site-scripting_xss

Do you know that almost every website or application has some security flaws which make them vulnerable to the possibility of being hacked or attacked. There are certain group, which are known as black hat hackers, take advantage of this security flaws and try to access or steal sensitive data, redirecting file and even shut down that application and lot more. There are various such types of vulnerabilities and one of them is Cross Site Scripting or alias ‘XSS’.

According to a recent survey conducted by White Hat Security, Cross Site Scripting remain top in the virus list in 2014. It happens when a web application accumulates data from a user which might be malicious, and then stores input in a data store for later use. Entered input that is stored is not correctly separated. Malicious data will be displayed to be part of the website and run within the user’s browser under the web application.

What attackers can do with this type of vulnerability?

  • Hack other browsers
  • Steal sensitive data viewed by application users
  • Fake damaging the appearance of the application
  • Direct delivery of browser-based work excessively hard and lots more.

Stored XSS does not need a malicious link to be exploited. A successful exploitation occurs when a user visits a page with a stored XSS. The following phases relate to a normal stored XSS attack scenario:

  • Attacker stores vicious code into the vulnerable page
  • User authenticates in the application
  • User visits vulnerable page
  • Vicious code is executed by the user’s browser

See Also: Serious threats from Heartbleed Bug

As a Web tester, I know that the technological foundation of Web applications consists of HTTP and HTML. The HTTP protocol is the delivery transport for HTML, the code used to layout and form the Web page.
Cross Site Scripting (XSS) vulnerabilities exist when a Web application that accepts user input through HTTP requests such as a GET or a POST and then redirected to display inputs somewhere in the output HTML code.

System testing or Black Box testing to identify stored XSS vulnerabilities

Input Forms
The first step is to identify all points where user input is stored into the back-end and then displayed by the application. User input can be found in the following sections:

  • User Profile page: The application allows the user to edit or change profile details such as first name, last name, picture & address, etc.
  • Online Shopping: The application allows the user to store items into the shopping cart which can then be reviewed later
  • File Management System: Applications where there is a option to upload files
  • Application settings/preferences: Options to set or allow users profile
  • Blog: If the blog gives permission to user for comments in the application
  • Log: Stores some users input into logs of the application

HTML code Analyze
Input stored by the application is normally used in HTML tags, but it can also be found as part of JavaScript content. At this stage, it is to understand if input is stored and how it is positioned in the context of the page.The pen-tester should also investigate differently through which the application receives and stores users input.
Example: Email id stored data in index1.php

In this case, the tester needs to find a way to inject code outside the <input> tag as below:

[sourcecode language=”html”]<input class="inputbox" type=text" name="email" size="40" value="johndoe@gmail.com"> MALICIOUS CODE <!-/>[/sourcecode]

Testing for Stored XSS

This involves testing the input validation and filtering controls of the application. Basic injection examples in this case:

[sourcecode language=”plain”]johndoe@gmail.com"><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" data-wp-preserve="%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E" data-mce-resize="false" data-mce-placeholder="1" class="mce-object" width="20" height="20" alt="&lt;script&gt;" title="&lt;script&gt;" />
johndoe@gmail.com%22%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E[/sourcecode]

Ensure the input is submitted through the application. This normally involves disabling JavaScript if client-side security controls are implemented or modifying the HTTP request with a web proxy such as Web Scarab. It is also important to test the same injection with both HTTP GET and POST requests. The above injection results in a popup window containing the cookie values.

 

The HTML code following the injection:

[sourcecode language=”html”]<strong><input class="inputbox" type="text" name="email" size="40" value="aaa@aa.com"><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" data-wp-preserve="%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E" data-mce-resize="false" data-mce-placeholder="1" class="mce-object" width="20" height="20" alt="&lt;script&gt;" title="&lt;script&gt;" /></strong>[/sourcecode]

The input is stored and the XSS payload is executed by the browser when reloading the page. If the input is escaped by the application, testers should test the application for XSS filters. For instance, if the string “SCRIPT” is replaced by a space or by a NULL character then this could be a potential sign of XSS filtering in action. Many techniques exist in order to evade input filters.

If you find the above process is little bit complicated or you need some sort of support then don’t worry you can get a free testing report through our accomplished QA engineers.

Hope you liked it. Go ahead and post your comments what you think about this?

Tips To Increase Your App Download Through App Store Optimization

Posted on by Jay

App Store Optimization (ASO) is the process of improving the visibility of a mobile app (such as an iPhone, iPad, Android, or Windows Phone app) in an app store (such as iTunes or Google Play or windows marketplace).

App store optimization is just like search engine optimization to improve the app findings by users in an app store.

App store optimization includes the process of ranking highly in an app store’s search results and top charts rankings.

Ranking higher in search results and top charts will help in more downloads for an app

On-Page optimization:

  • App Title:

    It plays a vital role in ASO. The app title should clearly describes the app and what it does, but it should be short.

    Too long app titles are get truncated, this kills user experience.

  • App Description:

    This is the second most important part of ASO. This is the place where you sell your app based on the great features!Make sure to keep this section short and concise.

    As it is going to use in user’s cell phones and not on their desktop monitors.

  • App Logo:

    This is the way you can express what your app is all about.

    So the app logo should be designed by a professional designer to create a stunning app logo. This part should not be overlooked.

  • App Screenshot:

    Screenshots should be clear and with high resolution. You should highlight the best parts of your app with multiple screenshots.

    If possible add short text/explanation to the screenshots.

  • Category:

    Make sure to categorize your app appropriately. As a lot of searchers jump straight into specific categories if they are looking for something.

    There is also a  secondary category option in which your app fits into two categories, but the primary category does act as the most important.

  • Keywords:

    You need to know which keywords are relevant and used very often by your targeted users,  to improve your search rankings. It is very useful to monitor the other competitors.

Off-Page Optimization:

  • Overall App Ratings:

    This is an important factor for ASO. If most of the people who downloaded the app gave 5 out of 5 stars, then it must be a great app.

    Ratings are also a direct reflection of your app’s performance measurement – a great app will get great ratings. The front page placement likely to rely on a combination of downloads, ratings, reviews and Google pluses.

  • App Reviews:

    Like ratings, reviews play an important role in ASO. You want as many app users to leave out genuine reviews of your app.

    The conversion rate will grow depending upon the number of the favorable reviews your app receives.

    Always keep track of the users’ reviews and try to improve your app based on the feedbacks.

  • Total App Downloads:

    This certainly affects searcher physcology. If the app has good download number, it creates the impression of being popular, then the chances download of the particular app will be higher.

Verdict

Around 63% of apps are discovered via app store searches. ASO is the most used method for discovering and downloading new apps from the app stores.

So to boost your app’s search ranking and downloading make sure to follow these quick tips of ASO. ASO is just like a secret weapon to increase your app’s visibility, ranking and overall success.

Also See: How to monetize your Android application through In-App Billing?

You can also check out some of our free apps.

How did you like this blog? Please send me your comments, if any.

Creating A Custom Handler Session In CakePHP 2.x

Posted on by Jay

Sessions manage and customization is very easy in CakePHP. Setting and configuration come out of the box so basically you don’t need to configure at all. But still at some point we need customization like, if we need some changes in php.ini or want to store session in a different place.

You can manage session, write custom handler, add option to save on different places, override php.ini settings.

Write Your Own Custom Handler For Sessions in Cake:

To Save Session With Setting in php.ini:

Configure::write('Session', array(
'defaults' => 'php'
));

This is the default setting that comes out of the box by CakePHP.

To Save Session Inside Cake tmp Folder:

Configure::write('Session', array(
'defaults' => 'cake'
));

This is required in a host where it does not allow you to write outside your home directory.

To Save Session in Database:

Configure::write('Session', array(
'defaults' => 'database'
));

This uses a built-in database defaults. It stores session in ‘cake_sessions’ table.
So you need to create a table for this:

CREATE TABLE `cake_sessions` (
`id` varchar(255) NOT NULL DEFAULT '',
`data` text,
`expires` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
);

But you can specify you own session handler to store session using a different model:

Configure::write('Session', array(
'defaults' => 'database',
'handler' => array(
'model' => 'MyCakeSession'
)
));

Create ‘MyCakeSession’ model at app/Model/MyCakeSession.php  And create ‘my_cake_sessions’ table:

CREATE TABLE `my_cake_sessions` (
`id` varchar(255) NOT NULL DEFAULT '',
`data` text,
`expires` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
);

This will save session ‘my_cake_sessions’ using MyCakeSession model.

To Save Session in Cake Cache:

Configure::write('Session', array(
'defaults' => 'database'
));

Making Session Persist Across All Sub-Domains:

  • Add below in bootstrap:
    ini_set(‘session.cookie_domain’, env(‘HTTP_BASE’));
  • This changes the default, that only the domain generating a session can access, to all sub-domains.
  • You don’t need to make core Security.level to low or medium.
  • You can also use php, cake, database or cache in core Session default to persist session in all sub-domains.

Troubleshoot:

  • When you test with the session management you might get error: “cakephp 404 The request has been black-holed”.
  • Try clear tmp/cache/, tmp/cache/models, tmp/cache/persistent, tmp/sessions.
  • Try clear browser cookie and cache.
  • Check core Session configurations.

Always try to clear browser cookie, cache before doing changes in core Session or php.ini configuration.

Other Session configuration that can be done are cookie name, timeout, cookieTimeout, checkAgent, autoRegenerate, and other ini values like cookie_secure, cookie_path, cookie_httponly.

See Also : How to migrate CakePHP 1.x to 2.x

Like this blog? I’d love to hear about your thoughts on this. Thanks for sharing your comments.