SlideShare uma empresa Scribd logo

Uso de GeneXus en la comunidad japonesa (Conferencia en Inglés)

Transferir como PPTX, PDF
GeneXus
GeneXus
1 de 28
GeneXus usage in the Japanese Community 2012 International meeting GeneXus Japan Watari Egawa
My profile • Name : Watari Egawa • Compay : GeneXus Japan • In charge : customer support with Artech support member in Japan • Since : Aug 2010 • Former job : Sony corporation and Yamaich securities company From my experience in GX-J
Agenda 1 The cases of Projects Characteristic Requirements empowered GeneXus 2 User community is getting started in Japan Current usage and Japanese Market 3 My personal point of view
v GeneXus usage in the Japanese Community POINT 1: THE CASES OF PROJECTS CHARACTERISTIC REQUIREMENTS EMPOWERED GENEXUS
Introduction
Introduction Distance:42km Commute Time :1.5 hours more 江川宅 なかなか大きい Estoy de acuerdo
Introduction
Introduction mannerly patient
Introduction Not good at English workaholic Eagerness Kaizen For ‘カイゼ efficieny ン’
Case #1: sporadic freeze in v application ”
Case #1:sporadic freeze in application the project profile The system: Final Customer payroll calculation system for part- time employment of Convenience Store Our Customer Our customer: GX-J Saison Information systems GX-J The Target Date: Development Partner 1st Dec
Case #1:sporadic freeze in application The phenomenon No particular operation order Other application on same No particular screen machine never occurs No high frequency Postpone! Crazy! It occurs using any Operate with Crazy Speed browsers(ie,FF,Chrome) Frequency Up Any versions
Case #1:sporadic freeze in application The December struggle 24hours 365day! Final Customer & Our Customer @Ikebukuro GX-J Egawa @Koshigaya 3hours! Artech Customer support & Development team GX-J Egawa @Montevideo @Gotanda Freeze!
Case #1:sporadic freeze in application The December struggle • Every dark night comes to bright Morning • Every cold winter comes to warm Spring Thank you!
Case #2: v QA acceptance criteria ”
Case #2: QA acceptance criteria and OWASP requirements The project profile Responsible End Customer Customer to avoid Vulnerability Our Customer Business Group Quality Assurance Section We need their GX-J authentication GX-J Development Partner
Case #2: QA acceptance criteria and OWASP requirements The request of QA section 1 By OWASP SAMM based Documentation generate generate Web application 2 By coding rule and Source code self-check KB Targe of Frotify or AppScan
Case #2: QA acceptance criteria and OWASP requirements Empowered gxScan NG!
O W ASP top 10 2010に対応する脆弱性のカテゴリ スト リ Case #2: No O W ASP top 10 2010 C ategory 1 A1 I ecti nj on C om m and I ecti nj on 2 A1 I ecti nj on D angerous Fie I usi l ncl on 3 A1 I ecti nj on D ynam i C ode Eval on: ode I ecti c uati C nj on OWASP Top 10 4 A1 I ecti nj on D ynam i C ode Eval on: pt I ecti c uati Scri nj on 5 A1 I ecti nj on H eader M ani ati pul on 6 A1 I ecti nj on LD AP I ecti nj on 7 A1 I ecti nj on Log Forgi ng Category list 8 A1 I ecti nj on M i ng XM L Valdati ssi i on 9 A1 I ecti nj on O ften M i sused: l U pl Fie oad 10 A1 I ecti nj on SQ L I ecti nj on 11 A1 I ecti nj on W eak XM L Schem a: Processi Lax ng 12 A1 I ecti nj on W eak XM L Schem a: Type Any 13 A1 I ecti nj on W eak XM L Schem a: ndefiU ned N am espace 14 A1 I ecti nj on XM L I ecti nj on 15 A1 I ecti nj on XPath I ecti nj on A1: Injection 16 A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: O M te pti D 17 A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: te pti External Li nks 18 A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: te pti Persi stent A2: Cross-Site Scripting (XSS) 19 20 A2 C ross Si Scri ng (XSS) te pti A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: te pti Poor Valdati C ross-Si Scri ng: ected te pti Refl i on 21 A3 B roken Authenti on and Sessi M anagem ent cati on Acegi M i sconfi gurati Run-As Authenti on Repl on: cati acem ent 22 A3 B roken Authenti on and Sessi M anagem ent cati on C ooki Securi Sessi C ooki D i ed e ty: on es sabl A3: Broken Authentication and Session Management 23 24 A3 B roken Authenti on and Sessi M anagem ent cati on A3 B roken Authenti on and Sessi M anagem ent cati on O ften M i Sessi Fi on sused: on xati Authenti oncati 25 A4 Insecure D irect O bj Reference ect Access C ontrolD atabase : 26 A4 Insecure D irect O bj Reference ect Access C ontrolLD AP: A4: Insecure Direct Object References 27 A4 Insecure D irect O bj Reference ect Path M ani ati pul on 28 A4 Insecure D irect O bj Reference ect Process C ontrol 29 A4 Insecure D irect O bj Reference ect Resource I ecti nj on A5: Cross-Site Request Forgery (CSRF) 30 31 A4 Insecure D irect O bj Reference ect A5 C ross Si Request Forgery (C SRF) te U nsafe Refl onecti C ross-Si Request Forgery te 32 A6 Securi M i ty sconfi gurati on AD F B ad Practi M i ng U RL Param eter C onverter ces: ssi 33 A6 Securi M i ty sconfi gurati on C ooki Securi H TTPO nl not Set e ty: y A6: Security Misconfiguration 34 A6 Securi M i ty sconfi gurati on C ooki Securi H TTPO nl not Set on Sessi C ooki e ty: y on e 35 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road D om ai e ty: y n 36 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road Path e ty: y 37 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road Sessi C ooki D om ai e ty: y on e n A7: Insecure Cryptographic Storage 38 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road Sessi C ooki Path e ty: y on e 39 A6 Securi M i ty sconfi gurati on H eader C hecki D i ed ng sabl 40 A6 Securi M i ty sconfi gurati on H TTP Verb Tam peri ng A8: Failure to Restrict URL Access 41 42 A7 I A7 I nsecure C ryptographi Storage c nsecure C ryptographi Storage c C ooki Securi Persi e ty: C ooki Securi Persi e ty: stent C ooki e stent Sessi C ooki on e 43 A7 Insecure C ryptographi Storage c H eap I nspecti Sw appabl M em ory on: e 44 A7 Insecure C ryptographi Storage c H eap I nspecti on A9: Insufficient Transport Layer Protection 45 A7 Insecure C ryptographi Storage c Insecure Random ness 46 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: pty Passw ord Em 47 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: pty Passw ord i C onfi Em n gurati Fie on l 48 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: ardcoded Passw ord H A10: Unvalidated Redirects and Forwards 49 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: eap IH nspecti on 50 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: ul Passw ord N l 51 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: Passw ord i C om m ent n 52 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: Passw ord i C onfi n gurati Fie on l 53 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: Passw ord i Redi n rect 54 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: eak C ryptography W 55 A7 Insecure C ryptographi Storage c Passw ord M anagem ent 56 A7 Insecure C ryptographi Storage c W eak C ryptographi H ash: ardcoded Sal c H t 57 A7 Insecure C ryptographi Storage c W eak C ryptographi H ash c 58 A7 Insecure C ryptographi Storage c W eak Encrypti I on:nadequate RSA Paddi ng 59 A7 Insecure C ryptographi Storage c W eak Encrypti I on:nsuffi ent Key Si ci ze 60 A7 Insecure C ryptographi Storage c W eak Encrypti on 61 A8 Faiure to Restri U RL Access l ct Access C ontrolAnonym ous LD AP B i : nd 62 A8 Faiure to Restri U RL Access l ct Access C ontrolW eak Securi C onstrai : ty nt 63 A9 Insuffi ent Transport Layer Protecti ci on C ooki Securi C ooki not Sent O ver SSL e ty: e 64 A9 Insuffi ent Transport Layer Protecti ci on C ooki Securi Sessi C ooki not Sent O ver SSL e ty: on e 65 A10 U nvaldated Redi i rects and Forw ards O pen Redi rect
Case #2: QA acceptance criteria and OWASP requirements Empowered gxScan
v GeneXus usage in the Japanese Community POINT 2: USER COMMUNITY IN JAPAN
GeneXus User Community are getting started The 1st mtg On 25th Jul. At City hall in Tokyo The 2nd mtg On 29th Aug. At partner’s site in Yokohama Over 50 engineers from over 40 companies
Charter User companies of GeneXus in Japan - for effective usage of GeneXus - to gain the advanced technology v - to have good relation ship - to further of each other's interests through the face to face discussion ” share the information with each other, present the discussion result and place our requirement on Artech
Theme of each groups A How to divide KB( criteria , method ) B KB mgt With GXServer and without C Development process and documentation D Necessary Communication in the team E Performance Tuning
v GeneXus usage in the Japanese Community POINT 3: CURRENT USAGE AND JAPANESE MARKET MY PERSONAL POINT OF VIEW
Current usage of GeneXus-TCO cost reduction Big Name Information Marketing Logistics Life Insurance System company company company company Real Estate Human xxxx Self company Resources Manufacturing Partner Partner Partner Partner Partner Off Shore Partner Partner
MUCHAS GRACIAS! THANK YOU VERY MUCH ありがとうございました Watari Egawa
Uso de GeneXus en la comunidad japonesa (Conferencia en Inglés)

Recomendados

Oracle Database 12c para la comunidad GeneXus - Engineered for clouds
Oracle Database 12c para la comunidad GeneXus - Engineered for cloudsOracle Database 12c para la comunidad GeneXus - Engineered for clouds
Oracle Database 12c para la comunidad GeneXus - Engineered for clouds
GeneXus
 
iOS7, el cambio mas grande desde la introduccion del iphone
iOS7, el cambio mas grande desde la introduccion del iphoneiOS7, el cambio mas grande desde la introduccion del iphone
iOS7, el cambio mas grande desde la introduccion del iphone
GeneXus
 
Principales consejos para migrar su solucion a_saas
Principales consejos para migrar su solucion a_saasPrincipales consejos para migrar su solucion a_saas
Principales consejos para migrar su solucion a_saas
GeneXus
 
Enseñando el negocio del software
Enseñando el negocio del softwareEnseñando el negocio del software
Enseñando el negocio del software
GeneXus
 
Genexus X Evolution 2
Genexus X Evolution 2Genexus X Evolution 2
Genexus X Evolution 2
GeneXus
 
Sales Force Automation Systems, acompañando una metodología de ventas
Sales Force Automation Systems, acompañando una metodología de ventasSales Force Automation Systems, acompañando una metodología de ventas
Sales Force Automation Systems, acompañando una metodología de ventas
GeneXus
 
Live Editing in Action
Live Editing in ActionLive Editing in Action
Live Editing in Action
GeneXus
 
Aplicaciones Offline para Smart Devices: Visión General
Aplicaciones Offline para Smart Devices: Visión GeneralAplicaciones Offline para Smart Devices: Visión General
Aplicaciones Offline para Smart Devices: Visión General
GeneXus
 

Recomendados

Oracle Database 12c para la comunidad GeneXus - Engineered for clouds
Oracle Database 12c para la comunidad GeneXus - Engineered for cloudsOracle Database 12c para la comunidad GeneXus - Engineered for clouds
Oracle Database 12c para la comunidad GeneXus - Engineered for clouds
GeneXus
 
iOS7, el cambio mas grande desde la introduccion del iphone
iOS7, el cambio mas grande desde la introduccion del iphoneiOS7, el cambio mas grande desde la introduccion del iphone
iOS7, el cambio mas grande desde la introduccion del iphone
GeneXus
 
Principales consejos para migrar su solucion a_saas
Principales consejos para migrar su solucion a_saasPrincipales consejos para migrar su solucion a_saas
Principales consejos para migrar su solucion a_saas
GeneXus
 
Enseñando el negocio del software
Enseñando el negocio del softwareEnseñando el negocio del software
Enseñando el negocio del software
GeneXus
 
Genexus X Evolution 2
Genexus X Evolution 2Genexus X Evolution 2
Genexus X Evolution 2
GeneXus
 
Sales Force Automation Systems, acompañando una metodología de ventas
Sales Force Automation Systems, acompañando una metodología de ventasSales Force Automation Systems, acompañando una metodología de ventas
Sales Force Automation Systems, acompañando una metodología de ventas
GeneXus
 
Live Editing in Action
Live Editing in ActionLive Editing in Action
Live Editing in Action
GeneXus
 
Aplicaciones Offline para Smart Devices: Visión General
Aplicaciones Offline para Smart Devices: Visión GeneralAplicaciones Offline para Smart Devices: Visión General
Aplicaciones Offline para Smart Devices: Visión General
GeneXus
 
After Chatbots Yo (Ro) Bots
After Chatbots Yo (Ro) BotsAfter Chatbots Yo (Ro) Bots
After Chatbots Yo (Ro) Bots
GeneXus
 
Construya las aplicaciones del futuro ¡hoy!
Construya las aplicaciones del futuro ¡hoy!Construya las aplicaciones del futuro ¡hoy!
Construya las aplicaciones del futuro ¡hoy!
GeneXus
 
Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...
Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...
Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...
GeneXus
 
¿Pensando en implementar un sistema de gestión integral en su organización?
¿Pensando en implementar un sistema de gestión integral en su organización?¿Pensando en implementar un sistema de gestión integral en su organización?
¿Pensando en implementar un sistema de gestión integral en su organización?
GeneXus
 
K2B Tools el compañero de viaje ideal hacia el futuro
K2B Tools el compañero de viaje ideal hacia el futuroK2B Tools el compañero de viaje ideal hacia el futuro
K2B Tools el compañero de viaje ideal hacia el futuro
GeneXus
 
Sd y Plataformas
Sd y PlataformasSd y Plataformas
Sd y Plataformas
GeneXus
 
PXTools: Nuevo generador y nuevos controles responsivos
PXTools: Nuevo generador y nuevos controles responsivosPXTools: Nuevo generador y nuevos controles responsivos
PXTools: Nuevo generador y nuevos controles responsivos
GeneXus
 
APPlícate: Aplicaciones móviles para el desarrollo de la industria
APPlícate: Aplicaciones móviles para el desarrollo de la industriaAPPlícate: Aplicaciones móviles para el desarrollo de la industria
APPlícate: Aplicaciones móviles para el desarrollo de la industria
GeneXus
 
GeneXus 4 Students
GeneXus 4 StudentsGeneXus 4 Students
GeneXus 4 Students
GeneXus
 
La importancia de ser responsive
La importancia de ser responsiveLa importancia de ser responsive
La importancia de ser responsive
GeneXus
 
K2B: El ERP nativo para el mundo GeneXus
K2B: El ERP nativo para el mundo GeneXusK2B: El ERP nativo para el mundo GeneXus
K2B: El ERP nativo para el mundo GeneXus
GeneXus
 
GeneXus 15 (Salto)
GeneXus 15 (Salto)GeneXus 15 (Salto)
GeneXus 15 (Salto)
GeneXus
 
GeneXus Cloud Deployment Services. El camino a la nube.
GeneXus Cloud Deployment Services. El camino a la nube.GeneXus Cloud Deployment Services. El camino a la nube.
GeneXus Cloud Deployment Services. El camino a la nube.
GeneXus
 
LigaMX con GeneXus: De 0 a 1.700.000 de usuarios
LigaMX con GeneXus: De 0 a 1.700.000 de usuariosLigaMX con GeneXus: De 0 a 1.700.000 de usuarios
LigaMX con GeneXus: De 0 a 1.700.000 de usuarios
GeneXus
 
Innovando con GeneXus y SAP
Innovando con GeneXus y SAPInnovando con GeneXus y SAP
Innovando con GeneXus y SAP
GeneXus
 
Going mobile
Going mobileGoing mobile
Going mobile
GeneXus
 
Audit+: La mejor forma de auditar KB’s GeneXus
Audit+: La mejor forma de auditar KB’s GeneXusAudit+: La mejor forma de auditar KB’s GeneXus
Audit+: La mejor forma de auditar KB’s GeneXus
GeneXus
 
WW+, SD+ y Audit+: Potencie GeneXus la Suite Plus
WW+, SD+ y Audit+: Potencie GeneXus la Suite PlusWW+, SD+ y Audit+: Potencie GeneXus la Suite Plus
WW+, SD+ y Audit+: Potencie GeneXus la Suite Plus
GeneXus
 
Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...
Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...
Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...
GeneXus
 
Laboratorio GXserver (cont)
Laboratorio GXserver (cont)Laboratorio GXserver (cont)
Laboratorio GXserver (cont)
GeneXus
 

Mais conteúdo relacionado

Mais de GeneXus

Mais de GeneXus (20)

After Chatbots Yo (Ro) Bots
After Chatbots Yo (Ro) BotsAfter Chatbots Yo (Ro) Bots
After Chatbots Yo (Ro) Bots
 
Construya las aplicaciones del futuro ¡hoy!
Construya las aplicaciones del futuro ¡hoy!Construya las aplicaciones del futuro ¡hoy!
Construya las aplicaciones del futuro ¡hoy!
 
Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...
Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...
Experiencias en el desarrollo de aplicaciones móviles en el sector salud de M...
 
¿Pensando en implementar un sistema de gestión integral en su organización?
¿Pensando en implementar un sistema de gestión integral en su organización?¿Pensando en implementar un sistema de gestión integral en su organización?
¿Pensando en implementar un sistema de gestión integral en su organización?
 
K2B Tools el compañero de viaje ideal hacia el futuro
K2B Tools el compañero de viaje ideal hacia el futuroK2B Tools el compañero de viaje ideal hacia el futuro
K2B Tools el compañero de viaje ideal hacia el futuro
 
Sd y Plataformas
Sd y PlataformasSd y Plataformas
Sd y Plataformas
 
PXTools: Nuevo generador y nuevos controles responsivos
PXTools: Nuevo generador y nuevos controles responsivosPXTools: Nuevo generador y nuevos controles responsivos
PXTools: Nuevo generador y nuevos controles responsivos
 
APPlícate: Aplicaciones móviles para el desarrollo de la industria
APPlícate: Aplicaciones móviles para el desarrollo de la industriaAPPlícate: Aplicaciones móviles para el desarrollo de la industria
APPlícate: Aplicaciones móviles para el desarrollo de la industria
 
GeneXus 4 Students
GeneXus 4 StudentsGeneXus 4 Students
GeneXus 4 Students
 
La importancia de ser responsive
La importancia de ser responsiveLa importancia de ser responsive
La importancia de ser responsive
 
K2B: El ERP nativo para el mundo GeneXus
K2B: El ERP nativo para el mundo GeneXusK2B: El ERP nativo para el mundo GeneXus
K2B: El ERP nativo para el mundo GeneXus
 
GeneXus 15 (Salto)
GeneXus 15 (Salto)GeneXus 15 (Salto)
GeneXus 15 (Salto)
 
GeneXus Cloud Deployment Services. El camino a la nube.
GeneXus Cloud Deployment Services. El camino a la nube.GeneXus Cloud Deployment Services. El camino a la nube.
GeneXus Cloud Deployment Services. El camino a la nube.
 
LigaMX con GeneXus: De 0 a 1.700.000 de usuarios
LigaMX con GeneXus: De 0 a 1.700.000 de usuariosLigaMX con GeneXus: De 0 a 1.700.000 de usuarios
LigaMX con GeneXus: De 0 a 1.700.000 de usuarios
 
Innovando con GeneXus y SAP
Innovando con GeneXus y SAPInnovando con GeneXus y SAP
Innovando con GeneXus y SAP
 
Going mobile
Going mobileGoing mobile
Going mobile
 
Audit+: La mejor forma de auditar KB’s GeneXus
Audit+: La mejor forma de auditar KB’s GeneXusAudit+: La mejor forma de auditar KB’s GeneXus
Audit+: La mejor forma de auditar KB’s GeneXus
 
WW+, SD+ y Audit+: Potencie GeneXus la Suite Plus
WW+, SD+ y Audit+: Potencie GeneXus la Suite PlusWW+, SD+ y Audit+: Potencie GeneXus la Suite Plus
WW+, SD+ y Audit+: Potencie GeneXus la Suite Plus
 
Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...
Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...
Aproveche las ventajas de la colaboración entre GeneXus y Cloud Shared Office...
 
Laboratorio GXserver (cont)
Laboratorio GXserver (cont)Laboratorio GXserver (cont)
Laboratorio GXserver (cont)
 

Uso de GeneXus en la comunidad japonesa (Conferencia en Inglés)

  • 1. GeneXus usage in the Japanese Community 2012 International meeting GeneXus Japan Watari Egawa
  • 2. My profile • Name : Watari Egawa • Compay : GeneXus Japan • In charge : customer support with Artech support member in Japan • Since : Aug 2010 • Former job : Sony corporation and Yamaich securities company From my experience in GX-J
  • 3. Agenda 1 The cases of Projects Characteristic Requirements empowered GeneXus 2 User community is getting started in Japan Current usage and Japanese Market 3 My personal point of view
  • 4. v GeneXus usage in the Japanese Community POINT 1: THE CASES OF PROJECTS CHARACTERISTIC REQUIREMENTS EMPOWERED GENEXUS
  • 6. Introduction Distance:42km Commute Time :1.5 hours more 江川宅 なかなか大きい Estoy de acuerdo
  • 8. Introduction mannerly patient
  • 9. Introduction Not good at English workaholic Eagerness Kaizen For ‘カイゼ efficieny ン’
  • 10. Case #1: sporadic freeze in v application ”
  • 11. Case #1:sporadic freeze in application the project profile The system: Final Customer payroll calculation system for part- time employment of Convenience Store Our Customer Our customer: GX-J Saison Information systems GX-J The Target Date: Development Partner 1st Dec
  • 12. Case #1:sporadic freeze in application The phenomenon No particular operation order Other application on same No particular screen machine never occurs No high frequency Postpone! Crazy! It occurs using any Operate with Crazy Speed browsers(ie,FF,Chrome) Frequency Up Any versions
  • 13. Case #1:sporadic freeze in application The December struggle 24hours 365day! Final Customer & Our Customer @Ikebukuro GX-J Egawa @Koshigaya 3hours! Artech Customer support & Development team GX-J Egawa @Montevideo @Gotanda Freeze!
  • 14. Case #1:sporadic freeze in application The December struggle • Every dark night comes to bright Morning • Every cold winter comes to warm Spring Thank you!
  • 15. Case #2: v QA acceptance criteria ”
  • 16. Case #2: QA acceptance criteria and OWASP requirements The project profile Responsible End Customer Customer to avoid Vulnerability Our Customer Business Group Quality Assurance Section We need their GX-J authentication GX-J Development Partner
  • 17. Case #2: QA acceptance criteria and OWASP requirements The request of QA section 1 By OWASP SAMM based Documentation generate generate Web application 2 By coding rule and Source code self-check KB Targe of Frotify or AppScan
  • 18. Case #2: QA acceptance criteria and OWASP requirements Empowered gxScan NG!
  • 19. O W ASP top 10 2010に対応する脆弱性のカテゴリ スト リ Case #2: No O W ASP top 10 2010 C ategory 1 A1 I ecti nj on C om m and I ecti nj on 2 A1 I ecti nj on D angerous Fie I usi l ncl on 3 A1 I ecti nj on D ynam i C ode Eval on: ode I ecti c uati C nj on OWASP Top 10 4 A1 I ecti nj on D ynam i C ode Eval on: pt I ecti c uati Scri nj on 5 A1 I ecti nj on H eader M ani ati pul on 6 A1 I ecti nj on LD AP I ecti nj on 7 A1 I ecti nj on Log Forgi ng Category list 8 A1 I ecti nj on M i ng XM L Valdati ssi i on 9 A1 I ecti nj on O ften M i sused: l U pl Fie oad 10 A1 I ecti nj on SQ L I ecti nj on 11 A1 I ecti nj on W eak XM L Schem a: Processi Lax ng 12 A1 I ecti nj on W eak XM L Schem a: Type Any 13 A1 I ecti nj on W eak XM L Schem a: ndefiU ned N am espace 14 A1 I ecti nj on XM L I ecti nj on 15 A1 I ecti nj on XPath I ecti nj on A1: Injection 16 A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: O M te pti D 17 A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: te pti External Li nks 18 A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: te pti Persi stent A2: Cross-Site Scripting (XSS) 19 20 A2 C ross Si Scri ng (XSS) te pti A2 C ross Si Scri ng (XSS) te pti C ross-Si Scri ng: te pti Poor Valdati C ross-Si Scri ng: ected te pti Refl i on 21 A3 B roken Authenti on and Sessi M anagem ent cati on Acegi M i sconfi gurati Run-As Authenti on Repl on: cati acem ent 22 A3 B roken Authenti on and Sessi M anagem ent cati on C ooki Securi Sessi C ooki D i ed e ty: on es sabl A3: Broken Authentication and Session Management 23 24 A3 B roken Authenti on and Sessi M anagem ent cati on A3 B roken Authenti on and Sessi M anagem ent cati on O ften M i Sessi Fi on sused: on xati Authenti oncati 25 A4 Insecure D irect O bj Reference ect Access C ontrolD atabase : 26 A4 Insecure D irect O bj Reference ect Access C ontrolLD AP: A4: Insecure Direct Object References 27 A4 Insecure D irect O bj Reference ect Path M ani ati pul on 28 A4 Insecure D irect O bj Reference ect Process C ontrol 29 A4 Insecure D irect O bj Reference ect Resource I ecti nj on A5: Cross-Site Request Forgery (CSRF) 30 31 A4 Insecure D irect O bj Reference ect A5 C ross Si Request Forgery (C SRF) te U nsafe Refl onecti C ross-Si Request Forgery te 32 A6 Securi M i ty sconfi gurati on AD F B ad Practi M i ng U RL Param eter C onverter ces: ssi 33 A6 Securi M i ty sconfi gurati on C ooki Securi H TTPO nl not Set e ty: y A6: Security Misconfiguration 34 A6 Securi M i ty sconfi gurati on C ooki Securi H TTPO nl not Set on Sessi C ooki e ty: y on e 35 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road D om ai e ty: y n 36 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road Path e ty: y 37 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road Sessi C ooki D om ai e ty: y on e n A7: Insecure Cryptographic Storage 38 A6 Securi M i ty sconfi gurati on C ooki Securi O verl B road Sessi C ooki Path e ty: y on e 39 A6 Securi M i ty sconfi gurati on H eader C hecki D i ed ng sabl 40 A6 Securi M i ty sconfi gurati on H TTP Verb Tam peri ng A8: Failure to Restrict URL Access 41 42 A7 I A7 I nsecure C ryptographi Storage c nsecure C ryptographi Storage c C ooki Securi Persi e ty: C ooki Securi Persi e ty: stent C ooki e stent Sessi C ooki on e 43 A7 Insecure C ryptographi Storage c H eap I nspecti Sw appabl M em ory on: e 44 A7 Insecure C ryptographi Storage c H eap I nspecti on A9: Insufficient Transport Layer Protection 45 A7 Insecure C ryptographi Storage c Insecure Random ness 46 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: pty Passw ord Em 47 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: pty Passw ord i C onfi Em n gurati Fie on l 48 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: ardcoded Passw ord H A10: Unvalidated Redirects and Forwards 49 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: eap IH nspecti on 50 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: ul Passw ord N l 51 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: Passw ord i C om m ent n 52 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: Passw ord i C onfi n gurati Fie on l 53 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: Passw ord i Redi n rect 54 A7 Insecure C ryptographi Storage c Passw ord M anagem ent: eak C ryptography W 55 A7 Insecure C ryptographi Storage c Passw ord M anagem ent 56 A7 Insecure C ryptographi Storage c W eak C ryptographi H ash: ardcoded Sal c H t 57 A7 Insecure C ryptographi Storage c W eak C ryptographi H ash c 58 A7 Insecure C ryptographi Storage c W eak Encrypti I on:nadequate RSA Paddi ng 59 A7 Insecure C ryptographi Storage c W eak Encrypti I on:nsuffi ent Key Si ci ze 60 A7 Insecure C ryptographi Storage c W eak Encrypti on 61 A8 Faiure to Restri U RL Access l ct Access C ontrolAnonym ous LD AP B i : nd 62 A8 Faiure to Restri U RL Access l ct Access C ontrolW eak Securi C onstrai : ty nt 63 A9 Insuffi ent Transport Layer Protecti ci on C ooki Securi C ooki not Sent O ver SSL e ty: e 64 A9 Insuffi ent Transport Layer Protecti ci on C ooki Securi Sessi C ooki not Sent O ver SSL e ty: on e 65 A10 U nvaldated Redi i rects and Forw ards O pen Redi rect
  • 20. Case #2: QA acceptance criteria and OWASP requirements Empowered gxScan
  • 21. v GeneXus usage in the Japanese Community POINT 2: USER COMMUNITY IN JAPAN
  • 22. GeneXus User Community are getting started The 1st mtg On 25th Jul. At City hall in Tokyo The 2nd mtg On 29th Aug. At partner’s site in Yokohama Over 50 engineers from over 40 companies
  • 23. Charter User companies of GeneXus in Japan - for effective usage of GeneXus - to gain the advanced technology v - to have good relation ship - to further of each other's interests through the face to face discussion ” share the information with each other, present the discussion result and place our requirement on Artech
  • 24. Theme of each groups A How to divide KB( criteria , method ) B KB mgt With GXServer and without C Development process and documentation D Necessary Communication in the team E Performance Tuning
  • 25. v GeneXus usage in the Japanese Community POINT 3: CURRENT USAGE AND JAPANESE MARKET MY PERSONAL POINT OF VIEW
  • 26. Current usage of GeneXus-TCO cost reduction Big Name Information Marketing Logistics Life Insurance System company company company company Real Estate Human xxxx Self company Resources Manufacturing Partner Partner Partner Partner Partner Off Shore Partner Partner
  • 27. MUCHAS GRACIAS! THANK YOU VERY MUCH ありがとうございました Watari Egawa

Notas do Editor

  1. I’m WatariEgawa from GeneXus.Japan. Working for GeneXus Japan since 2010.I’m in charge of customer support with Artech support members in JapanBefore I entered GeneXus Japan, I’ve been working for Japanese Big name Sony corporation and Yamaichi Securities Company so many years. as System planner and project manager Today I want to introduce Japanese Customer through my experience in GeneXus Japan.And I want to describe my personal point view about Japanese market from my former experience.
  2. During our system test held in NovemberWe had solved other issues, however only this issue had been left because we can’t catch how to reproduce it.- Because No particular screen , no particular order , no particular operation and frequency is not high in normal usageHoweverScratched other application on thesame machine never occursIt occurs using any browsers(ie,FF,Chrome)Any versionsOperate with Crazy Speed ↑Frequency up↑Therefor It is considerd the cause is GeneXus Final user decided potpone the C/O until Freeze issue is completely solved .Our struggle in December had begun .