Google released a new security tool Skipfish; a fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Skipfish key features :

- High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
- Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The second version 1.1 beta have just been released few hours ago. Available for Linux, FreeBSD 7.0+, MacOS X, and Windows (via Cygwin); under terms and conditions of the Apache License, version 2.0.

More information and download at http://code.google.com/p/skipfish/

Published at Web Security Magazine

Scott Guthrie, the Corporate Vice President of Microsoft's .NET Developer Platform, announced that Microsoft is taking a more active role participating in the open-source, community-driven development of the jQuery JavaScript Library - during his keynote at MIX10 reported Peter Galli; the Open Source Community Manager for Microsoft's Platform Strategy Group.

Microsoft will now work in concert with the jQuery JavaScript Library team to accelerate the creation of new features that make creating rich-web applications on any platform faster and easier.

Microsoft is already shipping jQuery with Visual Studio 2010 and ASP.NET MVC 2 products. Microsoft contributions to jQuery will be available under jQuery MIT or GPL2 license.

Published at AJAX Magazine

Two hot news from Avactis today, Pentasoft Corp. releases Avactis Shopping Cart 1.9.1 and provides flexible SaaS hosted e-commerce solution.

Latest version of leading e-commerce solution launched in 2001 adds exciting features, new marketing tools and PCI compliant hosting services with free e-commerce support.

Key software improvements include:

- Built-in CMS (Content Management System) with WYSIWYG editor
- Advanced customer reviews and product ratings
- Advanced newsletter management
- Affiliate tracking

Published at e-Commerce Magazine

In this tutorial We will create realtime chart data update that reflect to price fluctuation. There are many solutions to do this, but now we will cover using a nice flash charting component called FusionCharts. FusionCharts comes with several edition, but now we will use the FusionCharts Free version. You can download it from http://www.fusioncharts.com/free/. By the time of this writing, FusionCharts Free version is 2.2.

The price fluctuation is visualized with a line type chart and data will be fetched from database every 5 seconds using Ajax call and then display the latest 5 (five) data to the chart without any page refresh. We assume you already familiar with deploying the FusionCharts Free and have experience using prototype.js, since we don't explain every details of the tools we used in this article. Please refer to FusionCharts Free documentation about deploying the chart and prototype.js documentation about the usage of the library.

Let's do it

1. You have to download the FusionCharts Free version, extract it, and copy the chart FCF_Line.swf (from the Chart folder) to your web root folder.
2. Copy FusionCharts.js (from JSClass folder) to your web root folder.
3. Download prototype.js from www.prototypejs.org and save it as prototype.js on your web root folder. We will use prototype.js to do the Ajax call.
4. Now prepare the table to store the fictional price fluctuation. Here is the simple table structure. We only need 2 (two) fields.

Published at AJAX Magazine

Visual WebGui are sharing with us today a new interesting case study for a web applications automated IDE built with Visual WebGUI : Automato.

"Visual WebGui turns web dreams into reality in a very gracious way while Automato makes it even more powerful... No any other ASP.NET framework does it for you" Alexnaldo Santos

Overview

SISMONT Ltda. creates ERP systems in Brazil since 2003 on Windows platform only. Since 2004 the company targets all the systems it designs for the Web platform.

The Automato project was born to integrate different business applications using single development tool, allowing total customization for customers.

The company already offers its accounting system on a Web platform with a competitive production cost thanks to Automato and Visual WebGui. Until the end of 2010, all of SISMONT's systems will also be offered on Web platform, significantly increasing their potential performance in Brazil.

Published at AJAX Magazine

English may have emerged as the international language of business and, subsequently, as the default language of the World Wide Web, but consider this: 75% of the world's population speaks no English whatsoever.

With this in mind, the need for businesses to talk to international customers in their own language can't be overstated. Even though English is the most widely spoken second language, the fact remains that most consumers will search for products or services in their native tongue first.

So for any business looking to go global and tackle new or emerging markets, the need to 'think local' means you should be aware of the multitude of cultural and linguistic complexities that you will face when entering foreign markets.

For example, the French in France and the French in Canada (Québéquois) is largely the same, but there are enough dialectal differences between the two forms of French to mean that distinct marketing strategies are essential when targeting each market.

Published at SEO Magazine

Zend Server 5.0 Reduces Problem Resolution Time by up to 50 Percent; Adds Job Queue for Improved End-user Experience; Includes Support for PHP 5.3

Cupertino, CA -- February 24, 2010 -- Zend Technologies, the PHP Company, today announced the general availability of Zend Server 5.0, a major new version of the company's PHP Web application server. New Code Tracing technology in Zend Server 5.0 enables PHP developers and administrators to slash problem resolution time by up to 50%. For the first time, users have visibility into the behavior of their code in production environments, with the ability to pinpoint the root cause of application issues quickly and eliminate the time-consuming and sometimes near impossible task of recreating problems in order to resolve them.

"Zend Server 5.0 is a huge step forward for businesses running business-critical PHP Web applications," said Andi Gutmans, CEO and co-founder at Zend. "With this new version we are delivering application monitoring and diagnostics as part of the base application server at no additional cost. The new Code Tracing technology revolutionizes how businesses can reduce time spent on problem resolution. This and other enhancements will help businesses deliver reliable high-performance applications and maximize end-user satisfaction while reducing development and management time and costs."

Published at Enterprise PHP

It is often tempting to skip unit testing for ad-hoc testing. However when done in the appropriate amount unit testing will increase productivity and reliability. It is also a great diagnostic tool. Unit testing is a skill that can get you to the next level as a programmer as well as an organization. It takes discipline and when done in the right amount you should be able to reap the benefits in weeks.

In this article, I will show simple examples on how to move your ad-hoc tests to test classes. The examples use the RawDev framework which makes unit testing as easy as it can possibly be. I will cover what a unit test is, how to create tests and a tool to execute the tests. I will also talk about some of the pitfalls and how to get around them.

What is a unit test?

Since virtually all code resides in functions, RawDev uses the following definition:

RawDev defines a unit test as a single test of the output of a function call, given specific input. Part of a test is also the verification of object and global state changes.

The above diagram shows all the relationships to a function that is unit tested. The terms in the diagram are described below:

Published at PHP5 Magazine

Fat-Free is a modular and lightweight PHP 5.3+ Web application framework designed to help build dynamic and robust Web sites. It shows some resemblance to Ruby's Sinatra and PHP's Limonade, but the similarities end with Fat-Free's HTML/XML/RSS/e-mail template rendering engine, CAPTCHA image generator, an SQL database helper, etc. which allow development teams to distribute work loads and compartmentalize programming/design efforts in typical MVC fashion.

The sofware has two separate yet tightly-linked modules:

• The Core Pack, which provides the base framework functionality and access to Fat-Free's fast template engine, powerful cache, HTML forms processor, and easy-to-use SQL handler for databases - in one tiny zero-install file!
• The optional Expansion Pack, which works seamlessly with the Core Pack, includes a CAPTCHA image generator, Javascript/CSS compressor, and a thumbnail image generator.

More information and download at fatfree.sourceforge.net. Released under GPL v3 license.

Published at PHP5 Magazine

Every day, companies announce new products and call them revolutionary, breakthrough, innovative, and game changing. It's not often that a new product actually lives up to that kind of billing. Today is one of those days, with the official launch of Alpha Five Version 10, from Alpha Software. Featuring the company's patent-pending "Codeless Ajax" technology, Alpha Five V10 is the first programming tool that allows developers to visually build rich Internet database applications powered by Ajax - without having to write one line of code.

That said, developers who like to get their hands dirty can work swiftly using Alpha's Codeless Ajax, then optionally craft custom code using popular SQL dialects, JavaScript, REST Services, and Xbasic. Developers can also plug in open source or their own JavaScript code, components, and frameworks to extend the development platform in any way they need. Best of all, the resulting applications support every major SQL database, including the newest: Microsoft SQL Azure databases residing in the Microsoft cloud.

"Alpha Five Version 10 with Codeless Ajax is like having an entire development team at your fingertips," says Richard Rabins, Co-Chairman of Alpha Software. "Just one developer can produce the output of five to 10 coders with Codeless Ajax. The calculus is simple. If you're a consultant or ISV, you produce more solutions in less time. If you're a corporate developer, you solve more business problems faster, and slash your budget for custom application development. There's no faster way to design and build contemporary Web applications."

Published at AJAX Magazine