uso de genexus en la comunidad japonesa (conferencia en inglés)
TRANSCRIPT
GeneXus usage in the Japanese Community
2012 International meeting
GeneXus Japan Watari Egawa
My profile
•Name : Watari Egawa
•Compay : GeneXus Japan
• In charge : customer support
with Artech support member in Japan
• Since : Aug 2010
•Former job : Sony corporation and
Yamaich securities company From my experience in GX-J
Agenda
The cases of ProjectsCharacteristic Requirements empowered GeneXus
1
User community is getting started in Japan2
Current usage and Japanese Market
My personal point of view3
v
POINT 1: THE CASES OF PROJECTSCHARACTERISTIC REQUIREMENTS
EMPOWERED GENEXUS
GeneXus usage in the Japanese Community
Introduction
Estoy de acuerdo
江川宅なかなか大きい
Distance: 42kmCommute Time :1.5 hours more
Introduction
Introduction
patientmannerly
Introduction
workaholic
Not good at English
Introduction
Kaizen ‘ カイゼン’
EagernessFor
efficieny
v“ ”
Case #1:sporadic freeze in application
GX-J
Final Customer
Our Customer
GX-J
Development Partner
Case #1:sporadic freeze in applicationthe project profile
The Target Date: 1st Dec
Our customer:Saison Information systems
The system:payroll calculation system for
part-time employment of Convenience Store
Case #1:sporadic freeze in applicationThe phenomenon
No particular operation order
No particular screenNo high frequency
Other application on same machine never
occurs
It occurs using any browsers(ie,FF,Chrome)
Any versions
Operate with Crazy Speed Frequency Up
Postpone!Crazy!
Final Customer &Our Customer@Ikebukuro
Artech Customer support & Development team @MontevideoGX-J Egawa
@Gotanda
GX-J Egawa @Koshigaya 3hours!
Freeze!
24hours365day!
Case #1:sporadic freeze in applicationThe December struggle
• Every dark night comes to bright Morning • Every cold winter comes to warm Spring
Case #1:sporadic freeze in applicationThe December struggle
Thank you!
v“ ”
Case #2: QA acceptance criteria
GX-J
Case #2: QA acceptance criteria and OWASP requirementsThe project profile
End Customer Customer
Our Customer
GX-J
Development Partner
Responsible to avoid
Vulnerability
Business Group Quality Assurance Section
We need their authentication
generate
KB
Webapplication
generate
Targe of Frotify or AppScan
By OWASP SAMM based
Documentation1
2 By coding rule
and self-check
Source code
Case #2: QA acceptance criteria and OWASP requirementsThe request of QA section
Case #2: QA acceptance criteria and OWASP requirementsEmpowered gxScan
NG!
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
No OWASP top 10 2010 Category1 A1 Injection Command Injection2 A1 Injection Dangerous File Inclusion3 A1 Injection Dynamic Code Evaluation:Code Injection4 A1 Injection Dynamic Code Evaluation:Script Injection5 A1 Injection Header Manipulation6 A1 Injection LDAP Injection7 A1 Injection Log Forging8 A1 Injection Missing XML Validation9 A1 Injection Often Misused:File Upload
10 A1 Injection SQL Injection11 A1 Injection Weak XML Schema:Lax Processing12 A1 Injection Weak XML Schema:Type Any13 A1 Injection Weak XML Schema:Undefined Namespace14 A1 Injection XML Injection15 A1 Injection XPath Injection16 A2 Cross Site Scripting (XSS) Cross- Site Scripting:DOM17 A2 Cross Site Scripting (XSS) Cross- Site Scripting:External Links18 A2 Cross Site Scripting (XSS) Cross- Site Scripting:Persistent19 A2 Cross Site Scripting (XSS) Cross- Site Scripting:Poor Validation20 A2 Cross Site Scripting (XSS) Cross- Site Scripting:Reflected21 A3 Broken Authentication and Session Management Acegi Misconfiguration:Run- As Authentication Replacement22 A3 Broken Authentication and Session Management Cookie Security:Session Cookies Disabled23 A3 Broken Authentication and Session Management Often Misused:Authentication24 A3 Broken Authentication and Session Management Session Fixation25 A4 Insecure Direct Object Reference Access Control:Database26 A4 Insecure Direct Object Reference Access Control:LDAP27 A4 Insecure Direct Object Reference Path Manipulation28 A4 Insecure Direct Object Reference Process Control29 A4 Insecure Direct Object Reference Resource Injection30 A4 Insecure Direct Object Reference Unsafe Reflection31 A5 Cross Site Request Forgery (CSRF) Cross- Site Request Forgery32 A6 Security Misconfiguration ADF Bad Practices:Missing URL Parameter Converter33 A6 Security Misconfiguration Cookie Security:HTTPOnly not Set34 A6 Security Misconfiguration Cookie Security:HTTPOnly not Set on Session Cookie35 A6 Security Misconfiguration Cookie Security:Overly Broad Domain36 A6 Security Misconfiguration Cookie Security:Overly Broad Path37 A6 Security Misconfiguration Cookie Security:Overly Broad Session Cookie Domain38 A6 Security Misconfiguration Cookie Security:Overly Broad Session Cookie Path39 A6 Security Misconfiguration Header Checking Disabled40 A6 Security Misconfiguration HTTP Verb Tampering41 A7 Insecure Cryptographic Storage Cookie Security:Persistent Cookie42 A7 Insecure Cryptographic Storage Cookie Security:Persistent Session Cookie43 A7 Insecure Cryptographic Storage Heap Inspection:Swappable Memory44 A7 Insecure Cryptographic Storage Heap Inspection45 A7 Insecure Cryptographic Storage Insecure Randomness46 A7 Insecure Cryptographic Storage Password Management:Empty Password47 A7 Insecure Cryptographic Storage Password Management:Empty Password in Configuration File48 A7 Insecure Cryptographic Storage Password Management:Hardcoded Password49 A7 Insecure Cryptographic Storage Password Management:Heap Inspection50 A7 Insecure Cryptographic Storage Password Management:Null Password51 A7 Insecure Cryptographic Storage Password Management:Password in Comment52 A7 Insecure Cryptographic Storage Password Management:Password in Configuration File53 A7 Insecure Cryptographic Storage Password Management:Password in Redirect54 A7 Insecure Cryptographic Storage Password Management:Weak Cryptography55 A7 Insecure Cryptographic Storage Password Management56 A7 Insecure Cryptographic Storage Weak Cryptographic Hash:Hardcoded Salt57 A7 Insecure Cryptographic Storage Weak Cryptographic Hash58 A7 Insecure Cryptographic Storage Weak Encryption:Inadequate RSA Padding59 A7 Insecure Cryptographic Storage Weak Encryption:Insufficient Key Size60 A7 Insecure Cryptographic Storage Weak Encryption61 A8 Failure to Restrict URL Access Access Control:Anonymous LDAP Bind62 A8 Failure to Restrict URL Access Access Control:Weak Security Constraint63 A9 Insufficient Transport Layer Protection Cookie Security:Cookie not Sent Over SSL64 A9 Insufficient Transport Layer Protection Cookie Security:Session Cookie not Sent Over SSL65 A10 Unvalidated Redirects and Forwards Open Redirect
OWASP top 10 2010に対応する脆弱性のカテゴリリスト
Case #2:OWASP Top 10 Category list
Case #2: QA acceptance criteria and OWASP requirementsEmpowered gxScan
v
POINT 2: USER COMMUNITY IN JAPAN
GeneXus usage in the Japanese Community
The 1st mtgOn 25th Jul. At City hall in Tokyo The 2nd mtgOn 29th Aug. At partner’s site in Yokohama
Over 50 engineers from over 40 companies
GeneXus User Community are getting started
v“ ”
CharterUser companies of GeneXus in Japan - for effective usage of GeneXus- to gain the advanced technology- to have good relation ship - to further of each other's intereststhrough the face to face discussion share the information with each other,present the discussion result and place our requirement on Artech
Theme of each groupsHow to divide KB( criteria , method )AKB mgt With GXServer and withoutBDevelopment process and documentationC
Performance Tuning
DE
Necessary Communication in the team
v
POINT 3: CURRENT USAGE AND JAPANESE MARKET
MY PERSONAL POINT OF VIEW
GeneXus usage in the Japanese Community
Current usage of GeneXus-TCO cost reduction
Big Name
Marketingcompany
Logisticscompany
Life Insurancecompany
InformationSystem company
Human Resources
xxxx
Partner Partner Partner Partner
PartnerPartnerPartnerOff Shore
Real Estate
companySelf
Manufacturing
MUCHAS GRACIAS!THANK YOU VERY MUCHありがとうございました
Watari Egawa