Showing posts from March, 2012

Using Message Broker in a HA Environment

Previous to Message Broker 7, the Transaction ID (TID) store was standalone and specific to each individual Broker in your system architecture architecture.  This made building HA solutions difficult and potentially error prone. As a result it was possible for an event to generate duplicate updates as a result of having two different TIDs for the same event in two different TID stores (one for each broker).   With the introduction of Message Broker 7 support for a shared queue as the TID store was introduced. This enables a shared TID store to support multiple brokers, by configuring the TID store on a single remote queue manager. As all brokers use the same central TID Store,  each Message Broker can ensure transaction integrity and avoid duplicate event delivery in the event of a connection failure.

skipfish - web security testing

SKIPFISH is an automated, active web application security assessment tool. SKIPFISH can be used to run  a series of tests on a website or web application to help identify potential secuirty risks. SKIPFISH will classify risks discovered as high, medium and low. Example risks are Server-side SQL injection  Explicit SQL-like syntax in GET or POST parameters. Server-side shell command injection Server-side XML / XPath injection  Format string vulnerabilities. Integer overflow vulnerabilities. For more information visit

Spring Roo: A lightweight RAD tool for Java

Spring Roo is a lightweight RAD tool for Java.   Roo makes it fast and easy to develop software applications based on Spring. Applications created using Spring Roo follow Spring best practices and are based on standards such as JPA Bean Validation (JSR-303) Dependency Injection (JSR-330) Roo is ideal for quick protoype application development and I've found it really useful for creating quick CRUD (Create, Read, Update and Delete) based software demos for clients. In my view it still has a long way to go before it can be used for creating savy looking, complex commercially viable software solutions. You can find out more at 

Improve Data Quality with DataCleaner

DataCleaner is an easy to use open source  data quality tool that is designed to help you profile, compare, validate and monitor datasets from various data sources. DataCleaner consist of A standalone windows application for profiling, comparing and validating your datasets. A web based applciation for monitoring datasets. Some key features of DataCleaner include: Profiles a dataset quickly Integrate with most data sources including Oracle, MySQL, MS Access, SQL Server, CSV files, dbase and more Find out which values occur the most with the Value Distribution profile Discover patterns in your dataset with the Pattern Finder You can find out more on the DataCleaner website here

w3af - Web Application Penetration Testing

w3af (Web Application audit and attack framework) is a framework for auditing and exploiting  web applications.   These are some excellent articles on using w3af to help with your web application penetration testing tasks.   Walkthrough and tutorial – Part 1 w3af walkthrough and tutorial part 2 – Discovery and Audit plugins w3af Walkthrough and Tutorial In addition you can also find a list of 35 Web Penetration Tools used for Web Application Vulnerability Testing listed here on Back2Hack  

Cloudyn Addresses the Economics of Public Cloud Computing

Cloudyn is the first service that allows people to optimize and control their costs for public cloud computing such as Amazon. In summary Cloudyn will  Help you change your image provisioning and price plans at Amazon so that you can achieve the results that you want at the lowest possible cost.  Lead to higher usage of public cloud services such as Aamazon as their price/performance trade-off can now be better managed. Put additional pressure on internal IT departments and external IT service providers to provide the same kind of data and management options to their internal business funcitons and customers. Cloudyn is at a very early stage. They will need to extend the service to allow more sophisticated analysis of how cloud images are provisioned and utlised as a result of application specific performance demands such as transaction throughput, response times, concurrency etc they will also need to extend the service to work with other cloud vendors i.e

Apache Apollo

Apache releases new generation of ApacheMQ And it produces some interesting performance results. You can read more at this blog These guys ran STOMP benchmarks against the lastest releases of the 4 most feature packed STOMP servers: Apache ActiveMQ 5.5.1 Apache ActiveMQ Apollo 1.0 Beta 6 (an ActiveMQ Subproject) HornetQ 2.2.5 RabbitMQ 2.7.0