Uso de GeneXus en la comunidad japonesa (Conferencia en Inglés)
1. GeneXus usage in the
Japanese Community
2012 International meeting
GeneXus Japan Watari Egawa
2. My profile
• Name : Watari Egawa
• Compay : GeneXus Japan
• In charge : customer support
with Artech support member in Japan
• Since : Aug 2010
• Former job : Sony corporation and
Yamaich securities company
From my experience in GX-J
3. Agenda
1 The cases of Projects
Characteristic Requirements empowered GeneXus
2 User community is getting started in Japan
Current usage and Japanese Market
3 My personal point of view
4. v
GeneXus usage in the Japanese Community
POINT 1: THE CASES OF PROJECTS
CHARACTERISTIC REQUIREMENTS
EMPOWERED GENEXUS
11. Case #1:sporadic freeze in application
the project profile
The system:
Final Customer payroll calculation system for part-
time employment of Convenience
Store
Our Customer
Our customer:
GX-J Saison Information systems
GX-J
The Target Date:
Development Partner 1st Dec
12. Case #1:sporadic freeze in application
The phenomenon
No particular operation order
Other application on same
No particular screen
machine never occurs
No high frequency
Postpone!
Crazy!
It occurs using any
Operate with Crazy Speed
browsers(ie,FF,Chrome)
Frequency Up
Any versions
13. Case #1:sporadic freeze in application
The December struggle
24hours
365day!
Final Customer &
Our Customer
@Ikebukuro
GX-J Egawa
@Koshigaya
3hours!
Artech Customer
support &
Development team
GX-J Egawa
@Montevideo
@Gotanda
Freeze!
14. Case #1:sporadic freeze in application
The December struggle
• Every dark night comes to bright Morning
• Every cold winter comes to warm Spring
Thank you!
16. Case #2: QA acceptance criteria and OWASP requirements
The project profile
Responsible
End Customer Customer to avoid
Vulnerability
Our Customer
Business Group Quality Assurance Section
We need their
GX-J authentication
GX-J
Development Partner
17. Case #2: QA acceptance criteria and OWASP requirements
The request of QA section
1
By OWASP SAMM
based
Documentation
generate generate
Web
application
2 By coding rule and Source
code
self-check
KB
Targe of
Frotify or
AppScan
18. Case #2: QA acceptance criteria and OWASP requirements
Empowered gxScan
NG!
19. O W ASP top 10 2010に対応する脆弱性のカテゴリ スト
リ
Case #2:
No O W ASP top 10 2010 C ategory
1 A1 I ecti
nj on C om m and I ecti
nj on
2 A1 I ecti
nj on D angerous Fie I usi
l ncl on
3 A1 I ecti
nj on D ynam i C ode Eval on: ode I ecti
c uati C nj on
OWASP Top 10
4 A1 I ecti
nj on D ynam i C ode Eval on: pt I ecti
c uati Scri nj on
5 A1 I ecti
nj on H eader M ani ati
pul on
6 A1 I ecti
nj on LD AP I ecti
nj on
7 A1 I ecti
nj on Log Forgi ng
Category list
8 A1 I ecti
nj on M i ng XM L Valdati
ssi i on
9 A1 I ecti
nj on O ften M i sused: l U pl
Fie oad
10 A1 I ecti
nj on SQ L I ecti
nj on
11 A1 I ecti
nj on W eak XM L Schem a: Processi
Lax ng
12 A1 I ecti
nj on W eak XM L Schem a: Type Any
13 A1 I ecti
nj on W eak XM L Schem a: ndefiU ned N am espace
14 A1 I ecti
nj on XM L I ecti
nj on
15 A1 I ecti
nj on XPath I ecti
nj on
A1: Injection 16 A2 C ross Si Scri ng (XSS)
te pti C ross-Si Scri ng: O M
te pti D
17 A2 C ross Si Scri ng (XSS)
te pti C ross-Si Scri ng:
te pti External Li nks
18 A2 C ross Si Scri ng (XSS)
te pti C ross-Si Scri ng:
te pti Persi stent
A2: Cross-Site Scripting (XSS) 19
20
A2 C ross Si Scri ng (XSS)
te pti
A2 C ross Si Scri ng (XSS)
te pti
C ross-Si Scri ng:
te pti Poor Valdati
C ross-Si Scri ng: ected
te pti Refl
i on
21 A3 B roken Authenti on and Sessi M anagem ent
cati on Acegi M i sconfi gurati Run-As Authenti on Repl
on: cati acem ent
22 A3 B roken Authenti on and Sessi M anagem ent
cati on C ooki Securi Sessi C ooki D i ed
e ty: on es sabl
A3: Broken Authentication and Session Management 23
24
A3 B roken Authenti on and Sessi M anagem ent
cati on
A3 B roken Authenti on and Sessi M anagem ent
cati on
O ften M i
Sessi Fi on
sused:
on xati
Authenti oncati
25 A4 Insecure D irect O bj Reference
ect Access C ontrolD atabase
:
26 A4 Insecure D irect O bj Reference
ect Access C ontrolLD AP:
A4: Insecure Direct Object References 27 A4 Insecure D irect O bj Reference
ect Path M ani ati
pul on
28 A4 Insecure D irect O bj Reference
ect Process C ontrol
29 A4 Insecure D irect O bj Reference
ect Resource I ecti
nj on
A5: Cross-Site Request Forgery (CSRF) 30
31
A4 Insecure D irect O bj Reference
ect
A5 C ross Si Request Forgery (C SRF)
te
U nsafe Refl onecti
C ross-Si Request Forgery
te
32 A6 Securi M i
ty sconfi gurati
on AD F B ad Practi M i ng U RL Param eter C onverter
ces: ssi
33 A6 Securi M i
ty sconfi gurati
on C ooki Securi H TTPO nl not Set
e ty: y
A6: Security Misconfiguration 34 A6 Securi M i
ty sconfi gurati
on C ooki Securi H TTPO nl not Set on Sessi C ooki
e ty: y on e
35 A6 Securi M i
ty sconfi gurati
on C ooki Securi O verl B road D om ai
e ty: y n
36 A6 Securi M i
ty sconfi gurati
on C ooki Securi O verl B road Path
e ty: y
37 A6 Securi M i
ty sconfi gurati
on C ooki Securi O verl B road Sessi C ooki D om ai
e ty: y on e n
A7: Insecure Cryptographic Storage 38 A6 Securi M i
ty sconfi gurati
on C ooki Securi O verl B road Sessi C ooki Path
e ty: y on e
39 A6 Securi M i
ty sconfi gurati
on H eader C hecki D i ed
ng sabl
40 A6 Securi M i
ty sconfi gurati
on H TTP Verb Tam peri ng
A8: Failure to Restrict URL Access 41
42
A7 I
A7 I
nsecure C ryptographi Storage
c
nsecure C ryptographi Storage
c
C ooki Securi Persi
e ty:
C ooki Securi Persi
e ty:
stent C ooki e
stent Sessi C ooki
on e
43 A7 Insecure C ryptographi Storage
c H eap I nspecti Sw appabl M em ory
on: e
44 A7 Insecure C ryptographi Storage
c H eap I nspecti on
A9: Insufficient Transport Layer Protection 45 A7 Insecure C ryptographi Storage
c Insecure Random ness
46 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: pty Passw ord
Em
47 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: pty Passw ord i C onfi
Em n gurati Fie
on l
48 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: ardcoded Passw ord
H
A10: Unvalidated Redirects and Forwards 49 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: eap IH nspecti on
50 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: ul Passw ord
N l
51 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: Passw ord i C om m ent
n
52 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: Passw ord i C onfi
n gurati Fie
on l
53 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: Passw ord i Redi
n rect
54 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent: eak C ryptography
W
55 A7 Insecure C ryptographi Storage
c Passw ord M anagem ent
56 A7 Insecure C ryptographi Storage
c W eak C ryptographi H ash: ardcoded Sal
c H t
57 A7 Insecure C ryptographi Storage
c W eak C ryptographi H ash
c
58 A7 Insecure C ryptographi Storage
c W eak Encrypti I on:nadequate RSA Paddi ng
59 A7 Insecure C ryptographi Storage
c W eak Encrypti I on:nsuffi ent Key Si
ci ze
60 A7 Insecure C ryptographi Storage
c W eak Encrypti on
61 A8 Faiure to Restri U RL Access
l ct Access C ontrolAnonym ous LD AP B i
: nd
62 A8 Faiure to Restri U RL Access
l ct Access C ontrolW eak Securi C onstrai
: ty nt
63 A9 Insuffi ent Transport Layer Protecti
ci on C ooki Securi C ooki not Sent O ver SSL
e ty: e
64 A9 Insuffi ent Transport Layer Protecti
ci on C ooki Securi Sessi C ooki not Sent O ver SSL
e ty: on e
65 A10 U nvaldated Redi
i rects and Forw ards O pen Redi rect
20. Case #2: QA acceptance criteria and OWASP requirements
Empowered gxScan
21. v
GeneXus usage in the Japanese Community
POINT 2:
USER COMMUNITY IN JAPAN
22. GeneXus User Community are getting started
The 1st mtg
On 25th Jul.
At City hall in Tokyo
The 2nd mtg
On 29th Aug.
At partner’s site in Yokohama
Over 50 engineers
from over 40 companies
23. Charter
User companies of GeneXus in Japan
- for effective usage of GeneXus
- to gain the advanced technology
v
- to have good relation ship
- to further of each other's interests
through the face to face discussion
”
share the information with each other,
present the discussion result and
place our requirement on Artech
24. Theme of each groups
A How to divide KB( criteria , method )
B KB mgt With GXServer and without
C Development process and documentation
D Necessary Communication in the team
E Performance Tuning
25. v
GeneXus usage in the Japanese Community
POINT 3: CURRENT USAGE AND
JAPANESE MARKET
MY PERSONAL POINT OF VIEW
26. Current usage of GeneXus-TCO cost reduction
Big Name
Information Marketing Logistics Life Insurance
System company company company
company
Real Estate Human xxxx
Self company Resources
Manufacturing
Partner Partner Partner Partner
Partner Off Shore
Partner Partner
I’m WatariEgawa from GeneXus.Japan. Working for GeneXus Japan since 2010.I’m in charge of customer support with Artech support members in JapanBefore I entered GeneXus Japan, I’ve been working for Japanese Big name Sony corporation and Yamaichi Securities Company so many years. as System planner and project manager Today I want to introduce Japanese Customer through my experience in GeneXus Japan.And I want to describe my personal point view about Japanese market from my former experience.
During our system test held in NovemberWe had solved other issues, however only this issue had been left because we can’t catch how to reproduce it.- Because No particular screen , no particular order , no particular operation and frequency is not high in normal usageHoweverScratched other application on thesame machine never occursIt occurs using any browsers(ie,FF,Chrome)Any versionsOperate with Crazy Speed ↑Frequency up↑Therefor It is considerd the cause is GeneXus Final user decided potpone the C/O until Freeze issue is completely solved .Our struggle in December had begun .