uso de genexus en la comunidad japonesa (conferencia en inglés)

Post on 20-May-2015

184 Views

Category:

Documents

3 Downloads

Preview:

Click to see full reader

TRANSCRIPT

GeneXus usage in the Japanese Community

2012 International meeting

GeneXus Japan Watari Egawa

My profile

•Name : Watari Egawa

•Compay : GeneXus Japan

• In charge : customer support

with Artech support member in Japan

• Since : Aug 2010

•Former job : Sony corporation and

Yamaich securities company From my experience in GX-J

Agenda

The cases of ProjectsCharacteristic Requirements empowered GeneXus

1

User community is getting started in Japan2

Current usage and Japanese Market

My personal point of view3

v

POINT 1: THE CASES OF PROJECTSCHARACTERISTIC REQUIREMENTS

EMPOWERED GENEXUS

GeneXus usage in the Japanese Community

Introduction

Estoy de acuerdo

江川宅なかなか大きい

Distance: 42kmCommute Time :1.5 hours more

Introduction

Introduction

patientmannerly

Introduction

workaholic

Not good at English 

Introduction

Kaizen ‘ カイゼン’

EagernessFor

efficieny

v“ ”

Case #1:sporadic freeze in application

GX-J

Final Customer

Our Customer

GX-J

Development Partner

Case #1:sporadic freeze in applicationthe project profile

The Target Date: 1st Dec

Our customer:Saison Information systems

The system:payroll calculation system for

part-time employment of Convenience Store

Case #1:sporadic freeze in applicationThe phenomenon

No particular operation order

No particular screenNo high frequency

Other application on same machine never

occurs

It occurs using any browsers(ie,FF,Chrome)

Any versions

Operate with Crazy Speed Frequency Up

Postpone!Crazy!

Final Customer &Our Customer@Ikebukuro

Artech Customer support & Development team @MontevideoGX-J Egawa

@Gotanda

GX-J Egawa @Koshigaya 3hours!

Freeze!

24hours365day!

Case #1:sporadic freeze in applicationThe December struggle

• Every dark night comes to bright Morning • Every cold winter comes to warm Spring

Case #1:sporadic freeze in applicationThe December struggle

Thank you!

v“ ”

Case #2: QA acceptance criteria

GX-J

Case #2: QA acceptance criteria and OWASP requirementsThe project profile

End Customer Customer

Our Customer

GX-J

Development Partner

Responsible to avoid

Vulnerability

Business Group Quality Assurance Section

We need their authentication

generate

KB

Webapplication

generate

Targe of Frotify or AppScan

By OWASP SAMM based

Documentation1

2 By coding rule

and self-check

Source code

Case #2: QA acceptance criteria and OWASP requirementsThe request of QA section

Case #2: QA acceptance criteria and OWASP requirementsEmpowered gxScan

NG!

A1: Injection

A2: Cross-Site Scripting (XSS)

A3: Broken Authentication and Session Management

A4: Insecure Direct Object References

A5: Cross-Site Request Forgery (CSRF)

A6: Security Misconfiguration

A7: Insecure Cryptographic Storage

A8: Failure to Restrict URL Access

A9: Insufficient Transport Layer Protection

A10: Unvalidated Redirects and Forwards

No OWASP top 10 2010 Category1 A1 Injection Command Injection2 A1 Injection Dangerous File Inclusion3 A1 Injection Dynamic Code Evaluation:Code Injection4 A1 Injection Dynamic Code Evaluation:Script Injection5 A1 Injection Header Manipulation6 A1 Injection LDAP Injection7 A1 Injection Log Forging8 A1 Injection Missing XML Validation9 A1 Injection Often Misused:File Upload

10 A1 Injection SQL Injection11 A1 Injection Weak XML Schema:Lax Processing12 A1 Injection Weak XML Schema:Type Any13 A1 Injection Weak XML Schema:Undefined Namespace14 A1 Injection XML Injection15 A1 Injection XPath Injection16 A2 Cross Site Scripting (XSS) Cross- Site Scripting:DOM17 A2 Cross Site Scripting (XSS) Cross- Site Scripting:External Links18 A2 Cross Site Scripting (XSS) Cross- Site Scripting:Persistent19 A2 Cross Site Scripting (XSS) Cross- Site Scripting:Poor Validation20 A2 Cross Site Scripting (XSS) Cross- Site Scripting:Reflected21 A3 Broken Authentication and Session Management Acegi Misconfiguration:Run- As Authentication Replacement22 A3 Broken Authentication and Session Management Cookie Security:Session Cookies Disabled23 A3 Broken Authentication and Session Management Often Misused:Authentication24 A3 Broken Authentication and Session Management Session Fixation25 A4 Insecure Direct Object Reference Access Control:Database26 A4 Insecure Direct Object Reference Access Control:LDAP27 A4 Insecure Direct Object Reference Path Manipulation28 A4 Insecure Direct Object Reference Process Control29 A4 Insecure Direct Object Reference Resource Injection30 A4 Insecure Direct Object Reference Unsafe Reflection31 A5 Cross Site Request Forgery (CSRF) Cross- Site Request Forgery32 A6 Security Misconfiguration ADF Bad Practices:Missing URL Parameter Converter33 A6 Security Misconfiguration Cookie Security:HTTPOnly not Set34 A6 Security Misconfiguration Cookie Security:HTTPOnly not Set on Session Cookie35 A6 Security Misconfiguration Cookie Security:Overly Broad Domain36 A6 Security Misconfiguration Cookie Security:Overly Broad Path37 A6 Security Misconfiguration Cookie Security:Overly Broad Session Cookie Domain38 A6 Security Misconfiguration Cookie Security:Overly Broad Session Cookie Path39 A6 Security Misconfiguration Header Checking Disabled40 A6 Security Misconfiguration HTTP Verb Tampering41 A7 Insecure Cryptographic Storage Cookie Security:Persistent Cookie42 A7 Insecure Cryptographic Storage Cookie Security:Persistent Session Cookie43 A7 Insecure Cryptographic Storage Heap Inspection:Swappable Memory44 A7 Insecure Cryptographic Storage Heap Inspection45 A7 Insecure Cryptographic Storage Insecure Randomness46 A7 Insecure Cryptographic Storage Password Management:Empty Password47 A7 Insecure Cryptographic Storage Password Management:Empty Password in Configuration File48 A7 Insecure Cryptographic Storage Password Management:Hardcoded Password49 A7 Insecure Cryptographic Storage Password Management:Heap Inspection50 A7 Insecure Cryptographic Storage Password Management:Null Password51 A7 Insecure Cryptographic Storage Password Management:Password in Comment52 A7 Insecure Cryptographic Storage Password Management:Password in Configuration File53 A7 Insecure Cryptographic Storage Password Management:Password in Redirect54 A7 Insecure Cryptographic Storage Password Management:Weak Cryptography55 A7 Insecure Cryptographic Storage Password Management56 A7 Insecure Cryptographic Storage Weak Cryptographic Hash:Hardcoded Salt57 A7 Insecure Cryptographic Storage Weak Cryptographic Hash58 A7 Insecure Cryptographic Storage Weak Encryption:Inadequate RSA Padding59 A7 Insecure Cryptographic Storage Weak Encryption:Insufficient Key Size60 A7 Insecure Cryptographic Storage Weak Encryption61 A8 Failure to Restrict URL Access Access Control:Anonymous LDAP Bind62 A8 Failure to Restrict URL Access Access Control:Weak Security Constraint63 A9 Insufficient Transport Layer Protection Cookie Security:Cookie not Sent Over SSL64 A9 Insufficient Transport Layer Protection Cookie Security:Session Cookie not Sent Over SSL65 A10 Unvalidated Redirects and Forwards Open Redirect

OWASP top 10 2010に対応する脆弱性のカテゴリリスト

Case #2:OWASP Top 10 Category list

Case #2: QA acceptance criteria and OWASP requirementsEmpowered gxScan

v

POINT 2: USER COMMUNITY IN JAPAN

GeneXus usage in the Japanese Community

The 1st mtgOn 25th Jul. At City hall in Tokyo The 2nd mtgOn 29th Aug. At partner’s site in Yokohama

Over 50 engineers from over 40 companies

GeneXus User Community are getting started

v“ ”

CharterUser companies of GeneXus in Japan - for effective usage of GeneXus- to gain the advanced technology- to have good relation ship - to further of each other's intereststhrough the face to face discussion share the information with each other,present the discussion result and place our requirement on Artech

Theme of each groupsHow to divide KB( criteria , method )AKB mgt With GXServer and withoutBDevelopment process and documentationC

Performance Tuning

DE

Necessary Communication in the team

v

POINT 3: CURRENT USAGE AND JAPANESE MARKET

MY PERSONAL POINT OF VIEW

GeneXus usage in the Japanese Community

Current usage of GeneXus-TCO cost reduction

Big Name

Marketingcompany

Logisticscompany

Life Insurancecompany

InformationSystem company

Human Resources

xxxx

Partner Partner Partner Partner

PartnerPartnerPartnerOff Shore

Real Estate

companySelf

Manufacturing

MUCHAS GRACIAS!THANK YOU VERY MUCHありがとうございました

Watari Egawa

top related