Software Security notes

XML Entity Expansion

Create a foo.txt file in your C: directory and try to parse the following XML. The result is what you call XML Entity Expansion vulnerability.

<!ENTITY fooFromFile SYSTEM "c:\foo.txt">

<!ENTITY first "hello">
<!ENTITY second " world">
<!ENTITY attack "&first; &second;">
] >
<statement>&fooFromFile; &attack;</statement>
Read more

Boolean type in JavaScipt

Boolean is a primitive data type, but you can create a boolean object using Boolean constructor function by newing it:

Read more

Default sorting based on String

While learning the basics of JS, I came across something strange about how in-built array functions work, specifically sort().

Let’s try to sort an integer array:

Read more

Latest Developments, August 2014

Hello readers,

This post is about my current assignments as you might have noticed the blog being stale lately.

I completed my Masters and have joined OSIsoft (makers of the PI System) as a full time developer. Majorly, I’d be contributing to PI Coresight front-end development. Considering the exponential growth in the field of UI/UX and complexity of managing real time data, this new role would be quite exciting and challenging.

Read more

LRU Cache in Java

When you reference a page which is not in cache, it is brought into the cache from Main Memory (or virtual memory). It might be possible that cache is already full, thus require removing an already existing page from cache. In LRU cache, the Least Recently Used frame is removed.

You can implement such cache using a LinkedList and HashMap.

Read more

HashMap, TreeMap, LinkedMap Comparison

Java has different implementations of Map interface: HashMap, TreeMap, LinkedHashMap, HashTable. Each implementation has its pros and cons which should be considered wisely while deciding data structure for your objects. Here is the summary of major differences:

Map interface implementation comparison

Read more

Why override Equals and HashCode methods?

Essentially this post is about comparing two objects by their hashCode or actual content.

Question: How to find whether a collection of objects contains an object with a specific field value?

Let’s say you have a class Node with a field name and a collection of these nodes, List nodes. Here, to find out whether nodes collection contains a node with value 'A' you can use a simple `for` loop:

Read more

Static, Final and Finally keywords

Final keyword means that a program cannot change the value of a final variable. But the actual meaning depends on its current context.

  • Final class: cannot have subclass i.e. you can’t inherit it.
  • Final variables: cannot be changed once initialized.
  • Final methods: cannot be overridden i.e. you can have only one implementation of final method.
  • Final vs String: String are immutable i.e. you cannot change value of a string once initialized. But Final String abc means that you cannot assign any other value to string variable abc once initialized.

Static keyword represents that a particular method or variable is associated with a class rather than any particular instance of the class.

Read more

Formatting DateTime to show only Date in MVC

In MVC Razor view, you might need to show just Date or Time given a DateTime object. Some naive approaches could be (.cshtml):

@String.Format("dd-MMM-yyyy", Model.TestDate)


@Html.TextBoxFor(x => x.TestDate, "{0:dd-MMM-yyyy}")

However, a better way could be overloading the ToString() function for DateTime object as in following helper extension method:.

Read more

Read more