Get to Know the Most Common Security Risks when using Web Applications

The Open Web Application Security Project (OWASP), an organization devoted to monitoring the state of security on the web, has recently released an updated report capturing the risks associated with the use of web applications

The top three risks are:

  • SQL Injection–where hackers are able to use programming techniques to access the information stored in databases behind a website
  • Cross-Site Scripting (XSS) – another technique where hackers are able to inject software code into a web application, and potentially gain access to sensitive information or cause it to behave in undesirable ways
  • Broken Authentication and Session Management -a condition where hackers are able to exploit vulnerabilities in the web application to hijack user or administrative accounts

The report lists other security risks, adding up to ten in total. It is good to be aware that such risks exist out there, specially as more and more businesses put their valuable information on hosted or “cloud-based” web applications.

Advertisements

YouTube – NetSuite Guy vs. SAP Guy (Mac vs. PC parody)

Parody of Mac vs PC ads. NetSuite makes fun of SAP BBYD.

Vodpod videos no longer available.

Aviary in Google Apps: A success story

Vodpod videos no longer available.

Aviary is now available in the Google Apps Marketplace! Aviary delivers free design tools and templates to create, modify and share images, logos, presentations, audio tracks, podcasts & more. Teams can collaborate on multimedia projects. Now works directly in Google Docs. All of the key features of desktop editors with the simplicity and accessibility of a web-based application, for FREE. Check it out!

Box.net Integrates with Google Apps, Pairing Robust Cloud Content Management with Google’s Communication and Collaboration Platform

Cloud Content Management provider Box.net today announced it is available as an integrated Google Apps™ service on the Google Apps Marketplace™, Google’s recently launched online storefront for Google Apps products and services. Google Apps customers can now access and share their Box.net content when logged into Google Apps, and Box.net customers can use Google Apps products within Box.net.

Vodpod videos no longer available.

What is Zoho?

Nice video explaining what cloud computing is in general and what Zoho is in particular.

Vodpod videos no longer available.

more about "What is Zoho?", posted with vodpod

Cloud Computing Plain and Simple

Cloud computing in plain English.

Vodpod videos no longer available.

more about "Cloud Computing Plain and Simple", posted with vodpod

Does Google Wave Represent the next “Wave” in Communication and Collaboration?

I watched with interest the screencast of Google’s Announcement of their new product called “Google Wave” at the recently concluded Google I/O Conference. Google I/O is the search giant’s annual developer event in San Francisco and was the perfect venue for their launch of a product they envision to be a new platform and really brings with it a new paradigm for communication and collaboration.

Google Wave (currently in developer preview) essentially brings together in a single place all channels for communication or collaboration a user may need such as Email, IM, Blogging, Microblogging and others. So what you may ask? Aren’t there a lot of unified communication applications (ie Skype)/messaging aggregators (ie Digsby, Pidgin)/content management systems (ie Sharepoint) that do the same thing?

Well not quite. Google Wave (from my understanding) does it in a slightly different, and ultimately more interesting and clever way: they treat each type of communication (be it text, posts, images, videeo, URLs, etc.) as discrete objects, which can be be presented, manipulated, aggregated, and distributed in countless ways and in real-time. They have come up with their own protocol to allow for easier federation and aggregation, and possibly faster transmission, unencumbered by the “legacy” limitations of other communication protocols (such as email) or proprietary limitations of other protocols (such as IM and Skype). They allow “hooks” into that data so that third party developers can easily extend it (ie on-the-fly spell checking, translation) or integrate it with other applications (ie posting on blogs such as Blogger, posting in microblogs such as Twitter, presenting on social networks or portals such as Facebook or Orkut), and other forms of data (ie video and photos). They really thought out the user experience, and really push the boundaries of what can be done today by programming using the web (they use HTML 5 and use the Google Web Toolkit as their presentation framework).

The best thing about Google Wave? Its completely open (as in open standards and open source) so that there will be no encumbrance to (Google hopes) its wide spread adoption. You can deploy it on-premise (behind the corporate firewall) or use it in the cloud (on Google’s own servers) and federate the servers so that servers can still inter-operate or communicate. In that way it is similar to email.

Its difficult to describe just what  Google Wave is all about. Check out this video demonstration so you can see and learn more about it for yourself:

Zoho Launches Zoho Gadgets

This is interesting. It seems these guys never tire of building new things into their platform. Zoho launched recently its Zoho Gadgets, which allows users to embed Zoho apps to be embedded in any OpenSocial compatible site or social network. This includes Orkut, iGoogle, Gmail, Friendster, Ning and Yahoo. Although not OpenSocial compatible, Zoho Gadgets also support embedding on Facebook.

Zoho Gadgets connects you to iGoogle, Facebook, Orkut, Gmail etc | Zoho Blogs

Zoho Gadgets launches today with the aim to connect Zoho applications with external applications. Zoho Gadgets, available at http://gadgets.zoho.com, can be integrated/embedded with online applications like iGoogle, Facebook, Orkut, Gmail & more. To start with, we are offering six Zoho gadgets.

* Zoho Docs (Including Writer, Sheet & Show)
* Zoho Mail
* Zoho Calendar
* Zoho Tasks
* Zoho Contacts and
* Zoho Planner

Zoho SaaS Perfect Solution for Bringing IT to Emerging Market SMBs

Yesterday I gave a talk on how companies, specifically SMBs (Small to Medium Businesses) can now take advantage of IT quickly and easily with SaaS and cloud computing.

IT, specially business systems or enterprise software, have traditionally been out of reach for SMBs of its complexity and high cost. With SaaS,
systems like collaboration software, databases, and transactional applications such as ERP and CRM are now made easily available in ways that are easily understood. For one thing, SaaS applications do not require complex IT infrastructure such as routers, firewalls and servers. To use SaaS apps, users require nothing more than an Internet-connected PC or even a mobile device to start using the applications. Another is that they are usually billed on a fixed monthly amount, according to what customers need or consume–similar to utility services such as power and water. SaaS apps are also usually designed from the get-go as tools for multi-user collaboration. This allows for improved efficiency and smoother coordination among company workgroups, departments and teams.

Now when people talk about SaaS the first thing people often ask is security, and the event where I spoke was no different. People are usually apprehensive about putting their company data into the intangible, amorphous Internet “cloud” so to speak. I made a point about how people have been comfortably uploading private data online with apps such as Google mail, Hotmail and Yahoo Mail for years. Many have found it to be even better and more reliable than their corporate mail servers (I know of several companies who use Gmail as a backup for their mail systems on their own domain). Over the past few months, even become comfortable uploading with uploading sensitive personal data on the Internet with social networking sites such as Facebook and Friendster.

Now despite this, some key issues remain. Of course one is Internet access. To use SaaS, companies should have an “always on” Inernet connection. Integration with legacy apps can also be a challenge, as well as using SaaS for high volume, fast throughput, quick response type applications such as Point-of-Sale systems in a fast-paced retail environment. Another challenge is just simply navigating the abundant, sometimes confusing array of choices available in the SaaS market.

Good thing there is Zoho. Zoho is a SaaS company launched in 2005 that offers a wide range of online software. They offer everything from personal productivity apps such as e-mail, word processing, spreadsheet, wiki software; to business systems such as customer relationship management. All in all, Zoho has over 20 productivity and collaboration apps, all for prices that, by US and traditional software standards, are dirt cheap–but for emerging markets such as India (where Zoho came from) and the Philippines are just right.

For the whole lot of Zoho’s business applications, it costs a mere $50 per user per year or roughly the same amount one would spend for prepaid cellphone load locally in a year. By contrast, the Professional Version of Microsoft Office, sells for as much as a months to two months’ salary for most Filipinos.

Now cheap doesnt mean poor quality. So far have been very happy with using Zoho as an end-user. The breadth of applications is simply unmatched by any SaaS vendor, including Microsoft, Google or Salesforce. Its simple and easy enough to use for SMBs and priced just right. I also traveled to India and have seen their operations and have met their management (full disclosure: their parent company Adventnet is a partner of the company where I work). While there, I was impressed by their culture and their strategy, which gave me the impression that they really are into this business for the long haul–which as a partner and reseller gives peace of mind. They also have a 200 strong software engineering talent bench (with an additional 800 more from their sister company)–a number that easily beats many pure play SaaS vendors (including Salesforce.com?) in terms of technical resources.

Find out more about SaaS and Zoho today. Contact me via my LinkedIn page if you want to find out more or follow me on Twitter (webwonker).

Customer Data in Cyberspace: What was the tipping point?

Somebody at one of the LinkedIn groups I am a member of posed an interesting question. His question was (and I paraphrase a bit here: “what was the tipping point for customers to start entrusting online services like Salesforce.com with sensitive customer information?”

The entire post I reprint below:

LinkedIn: Discussion: CRM Experts

Salesforce.com , an asp log-in CRM system that involves no downloading of software, now has 55,400 enterprise customers world-wide and has even spawned imitations (eg., SugarCRM.com ).

I must confess to initially running with the herd – the cynics. It was easily done. The conventional wisdom was that large, medium and small organisations would not accept the risks (real and perceived) of hosting their customer data (arguably their most valuable asset after their people) outside of the enterprise – no matter how secure the site. What a PR disaster it would be if their customer data records were ever compromised.

As this orthodoxy has been shattered, pundits are left reflecting on what exactly was the tipping point? Was it improved internet security, broadband availability, increased trust in online systems or a rise in teleworking?

Or did the company simply build a damn good product that was better than traditional CRM systems managed and maintained by the IT department, especially those for SMEs, with much higher price tags?

Did the rise of sensitive data held by online retail, gambling, networking (like LinkedIn) and dating sites also lower tolerance thresholds?

And if such an entrenched orthodoxy can smash like a glass beaker on a marble floor….what’s next?

My take? The tipping point I think happened long before Salesforce.com came. It happened when people began using web-based email systems to store sensitive (business and private) information. It began when people started using websites like eBay and Amazon, or B2B exchanges and marketplaces to transact and share credit card information online.

Using web-based (oops the term is now cloud-based) services was I think just a small step from what people were already doing anyway.

What’s next? Perhaps the idea of having all of our services and data residing in the “cloud” and the death of personal or enterprise computing as we know it today may not be far off. Perhaps a “utility” based computing model makes sense after all.