OWASP - User contributions [en]

User:Seccoale

2015-09-30T15:20:47Z

Seccoale:

[[File:SeccoAlessandro_PersonalInfo_Foto.jpg | 150px | left]]

Alessandro Secco (a.k.a Seccoale) is a computer engineer graduated at the University of Padova (Italy) with a mark of 110/110 ''cum laude''. He currently works as an IT Apllication Analysis Specialist at Unicredit Business Integrated Solutions.

----

Some of the projects Alessandro worked for are:

* Capgemini - GEA: This project consisted on the implementation of several web applications aimed to manage coverages, services, offers and commercial information provided by a telecommunications company. Alessandro's role inside this project was to develop both front-end and back-end of these web applications, maintaining the system stable, reliable, easy to use and secure. Main frameworks, languages and technologies I used in this project were: java, html, css, JQuery, bootstrap, tomcat, apache, struts2, DWR, PL/SQL, Axis2, OWASP ZAP, jboss, bash, svn, eclipse.

* Capgemini - Rai Pubblicità: This project consisted on the implementation of a web application aimed to manage advertisement breaks for a television company. Alessandro's role was to develop the front-end of the web application. Main frameworks, languages and technologies I used in this project were: html, css, JQuery, java, bootstrap, apache, svn, eclipse.

* Web Quality Project: this project aimed to assess quality of web pages trying to define the human perception of quality and to correlate it with the automated quality scores computed by link analysis algorithms. This project required an exhaustive crawling of a domain specific subgraph of the World Wide Web (''.it'' domain).

* EdilDEI: Web Application based on Servlet/JSP and Ajax technique. Language used: Java, Jsp, HTML, XML, Javascript.

* eLaw: Design and implementation of the prototype of a distributed, easy to use management system for notaries and their offices team. The system was developed using open source technology and custom hardware in order to ensure maximum security and great scalability.

Alessandro partecipated to the Google Summer of Code 2013 with a project named "Dinamically Configurable Action" and mentored by Simon Bennetts (a.k.a. Psiinon).

For more detailed information see:

Github: seccoale

Bitbucket: seccoale

Ohloh: seccoale

LinkedIn: seccoale

or contact him via email: seccoale (AT) gmail (DOT) com

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap, JQuery, Struts2, DWR

IDEs: Eclipse, NetBeans, Intellij Idea and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: Alessandro is a karate instructor since he was 8 years old.

Chess: Alessandro likes playing chess and partecipated in various competitions as an amateur.

Music: Alessandro can play piano and keyboards. He is really interested in Hard Rock and Metal. He played in some amateur bands.

User:Seccoale

2015-09-30T15:15:49Z

Seccoale:

[[File:SeccoAlessandro_PersonalInfo_Foto.jpg | 150px | left]]

Alessandro Secco (a.k.a Seccoale) is a computer engineer graduated at the University of Padova (Italy) with a mark of 110/110 ''cum laude''.

----

Some of the projects Alessandro worked for are:

* Capgemini - GEA: This project consisted on the implementation of several web applications aimed to manage coverages, services, offers and commercial information provided by a telecommunications company. My role inside this project was to develop both front-end and back-end of these web applications, maintaining the system stable, reliable, easy to use and secure. Main frameworks, languages and technologies I used in this project were: java, html, css, JQuery, bootstrap, tomcat, apache, struts2, DWR, PL/SQL, Axis2, OWASP ZAP, jboss, bash, svn, eclipse.

* Capgemini - Rai Pubblicità: This project consisted on the implementation of a web application aimed to manage advertisement breaks for a television company. My role was to develop the front-end of the web application. Main frameworks, languages and technologies I used in this project were: html, css, JQuery, java, bootstrap, apache, svn, eclipse.

* Web Quality Project: this project aimed to assess quality of web pages trying to define the human perception of quality and to correlate it with the automated quality scores computed by link analysis algorithms. This project required an exhaustive crawling of a domain specific subgraph of the World Wide Web (''.it'' domain).

* EdilDEI: Web Application based on Servlet/JSP and Ajax technique. Language used: Java, Jsp, HTML, XML, Javascript.

* eLaw: Design and implementation of the prototype of a distributed, easy to use management system for notaries and their offices team. The system was developed using open source technology and custom hardware in order to ensure maximum security and great scalability.

Alessandro partecipated to the Google Summer of Code 2013 with a project named "Dinamically Configurable Action" and mentored by Simon Bennetts (a.k.a. Psiinon).

For more detailed information see:

Github: seccoale

Bitbucket: seccoale

Ohloh: seccoale

LinkedIn: seccoale

or contact him via email: seccoale (AT) gmail (DOT) com

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: Alessandro is a karate instructor since he was 8 years old.

Chess: Alessandro likes playing chess and partecipated in various competitions as an amateur.

Music: Alessandro can play piano and keyboards. He is really interested in Hard Rock and Metal. He played in some amateur bands.

User:Seccoale

2015-09-30T15:13:38Z

Seccoale:

[[File:SeccoAlessandro_PersonalInfo_Foto.jpg | 150px | left]]

Alessandro Secco (a.k.a Seccoale) is a computer engineer graduated at the University of Padova (Italy) with a mark of 110/110 ''cum laude''.

----

Some of the projects Alessandro worked for are:

* Web Quality Project: this project aimed to assess quality of web pages trying to define the human perception of quality and to correlate it with the automated quality scores computed by link analysis algorithms. This project required an exhaustive crawling of a domain specific subgraph of the World Wide Web (''.it'' domain).

* EdilDEI: Web Application based on Servlet/JSP and Ajax technique. Language used: Java, Jsp, HTML, XML, Javascript.

* eLaw: Design and implementation of the prototype of a distributed, easy to use management system for notaries and their offices team. The system was developed using open source technology and custom hardware in order to ensure maximum security and great scalability.

Alessandro partecipated to the Google Summer of Code 2013 with a project named "Dinamically Configurable Action" and mentored by Simon Bennetts (a.k.a. Psiinon).

For more detailed information see:

Github: seccoale

Bitbucket: seccoale

Ohloh: seccoale

LinkedIn: seccoale

or contact him via email: seccoale (AT) gmail (DOT) com

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: Alessandro is a karate instructor since he was 8 years old.

Chess: Alessandro likes playing chess and partecipated in various competitions as an amateur.

Music: Alessandro can play piano and keyboards. He is really interested in Hard Rock and Metal. He played in some amateur bands.

Use of hard-coded password

2015-03-18T16:10:11Z

Seccoale: /* Examples */

Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

==Description==
The use of a hard-coded password increases the possibility of password guessing tremendously.

'''Consequences'''

* Authentication: If hard-coded passwords are used, it is almost certain that malicious users will gain access through the account in question.

'''Exposure period'''

* Design: For both front-end to back-end connections and default account settings, alternate decisions must be made at design time.

'''Platform'''

* Languages: All
* Operating platforms: All

'''Required resources'''

Knowledge of the product or access to code.

'''Severity'''

High

'''Likelihood of exploit'''

Very high

The use of a hard-coded password has many negative implications - the most significant of these being a failure of authentication measures under certain circumstances.

On many systems, a default administration account exists which is set to a simple default password which is hard-coded into the program or device. This hard-coded password is the same for each device or system of this type and often is not changed or disabled by end users. If a malicious user comes across a device of this kind, it is a simple matter of looking up the default password (which is freely available and public on the internet) and logging in with complete access.

In systems which authenticate with a back-end service, hard-coded passwords within closed source or drop-in solution systems require that the back-end service use a password which can be easily discovered. Client-side systems with hard-coded passwords propose even more of a threat, since the extraction of a password from a binary is exceedingly simple.

==Risk Factors==

* Talk about the [[OWASP Risk Rating Methodology|factors]] that make this vulnerability likely or unlikely to actually happen
* Discuss the technical impact of a successful exploit of this vulnerability
* Consider the likely [business impacts] of a successful attack

==Examples==

In C\C++:

<pre>
int VerifyAdmin(char *password) {

if (strcmp(password, "Mew!")) {
printf("Incorrect Password!\n");
return 0;
}

printf("Entering Diagnostic Mode�\n");
return 1;
}
</pre>

In Java:

<pre>
int VerifyAdmin(String password) {

if (password.equals("Mew!")) {
return 0;
}
//Diagnostic Mode
return 1;
}
</pre>

Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this "functionality."

==Related [[Vulnerabilities]]==

* Use of hard-coded cryptographic key
* Storing passwords in a recoverable format

==Related [[Controls]]==

* Design (for default accounts): Rather than hard code a default username and password for first time logins, utilize a "first login" mode which requires the user to enter a unique strong password.
* Design (for front-end to back-end connections): Three solutions are possible, although none are complete. The first suggestion involves the use of generated passwords which are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals. Next, the passwords used should be limited at the back end to only performing actions valid to for the front end, as opposed to having full access. Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay style attacks.

[[Category:Vulnerability]]
[[Category:Protocol Errors]]

OWASP Code Kids 2015 Ideas

2015-02-19T08:40:27Z

Seccoale: Seccoale moved page GCI2014 Ideas to OWASP Code Kids 2015 Ideas: It is no more a Google Code In

=Task Categories=

The tasks are grouped into the categories described below. '''Please make sure each task is assigned a category.'''

'''Code:''' Tasks related to writing or refactoring code.

'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more

'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions

'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality

'''User Interface:''' Tasks related to user experience research or user interface design and interaction

== OWASP ZAP ==

=== OWASP ZAP Task 1 ===

'''Brief description:'''

Write a blogpost about CMS-scnanning techniques, this will include web-apps fingerprinting methods, vulnerability checking using on-line databases and a survey of existing tools.

'''Task Category:'''

Documentation

'''Expected Results:'''

A professional blogpost that will be published on OWASP website

'''Knowledge Prerequisites:'''

Good understanding of web security basics, Knowledge on how do CMSs work and good writing skills.

'''Mentors:''' Abdelhadi

=== OWASP ZAP Task 2 ===

'''Brief description:'''

Rebuild the CMSscanner GUI including a progress bar that shows scanning progress and a textzone to display tried strings and paths used by the scanner in real time

'''Task Category:'''

Code/Design

'''Expected Results:'''

New GUI with progress bar and displaying paths when scanning

'''Knowledge Prerequisites:'''

Java language, GUI design.

'''Mentors:''' Abdelhadi

=== OWASP ZAP Task 3 ===

'''Brief description:'''

In this task you are required to reproduce vulnerabilities in OWASP web goat using Owasp ZAP and zest scripts. The chosen challenge must be solved using ZAP and the resolution must be stored as a zest script. This task should help documenting of web goat and providing some working examples of Mozilla Zest scripts.

'''Task Category:'''

Code

'''Expected Results:'''

Zest scripts which reproduces some of the vulnerabilities challange of Owasp WebGoat.

'''Knowledge Prerequisites:'''

Comfortable in Javascript and HTML. Good understanding of Application Security and related vulnerabilities.

'''Mentors:''' Alessandro Secco

== OWASP OWTF ==

=== OWASP OWTF Task 1 ===

'''Brief Explanation:'''

Task description

'''Task Category:'''

Eg. Code Category

'''Expected Results:'''

Describe the expected results of the task

'''Knowledge Prerequisites:'''

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

'''Mentors:''' XXXXXX

== OWASP WIKI ==

=== Task 1: Latam Tour 2015 logo ===

'''Brief Explanation:'''

Design a new logo for the Latam Tour 2015. The logo must resemble previous editions of the Tour and represent the Latin America region. It would be better if the new logo is based on the OWASP logo. As a reference, here is the Latam Tour 2014 Logo:

https://www.owasp.org/images/f/f3/OWASP_Latam_Tour_Logo_2014.png

'''Task Category:'''

Design

'''Expected Results:'''

Latam Tour 2015 logo in either psd or jpeg format.

'''Knowledge Prerequisites:'''

Familiarity with Photoshop/GIMP or any other designing software.

'''Mentors:''' Fabio Cerullo

== OWASP WebGoatPHP ==

=== Task 1: Implement "remember me" feature ===

'''Brief Explanation:'''

Implement a secure "Remember me" feature in user login form using cookies. At present the remember me check box is present in the form but it does nothing.

'''Task Category:'''

Code

'''Expected Results:'''

If user checks the "remember me" check box when logging in, then the user will not be required to login every time he visits the application within X days.

'''Knowledge Prerequisites:'''

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

'''Reference:'''

https://github.com/shivamdixit/WebGoatPHP/issues/45

'''Code:'''

app/control/user/login.php

'''Mentors:''' Shivam Dixit

=== Task 2: Make workshop mode dashboard responsive ===

'''Brief Explanation:'''

In workshop mode of the application, the side panel of admin dashboard is not responsive i.e it does not fits well in smaller size screen resolutions. If the screen size is small the side panel should shrink into a smaller panel preferably at the bottom of the application.

'''Task Category:'''

Code

'''Expected Results:'''

Panel perfectly adjusts on small screen resolutions.

'''Knowledge Prerequisites:'''

CSS (media queries), HTML

'''Reference:'''

https://github.com/shivamdixit/WebGoatPHP/issues/26

'''Code:'''

style/dashboard.css

'''Mentors:''' Shivam Dixit

=== Task 3: WebGoatPHP logo ===

'''Brief Explanation:'''

Design a new logo for the application. The logo must resemble various aspects of the application. It would be better if the new logo is based on the OWASP logo.

'''Task Category:'''

Design

'''Expected Results:'''

WebGoatPHP logo in either psd or jpeg format.

'''Knowledge Prerequisites:'''

Familiarity with Photoshop/GIMP or any other designing software.

'''Mentors:''' Shivam Dixit

=== Task 4: WebGoatPHP deployment screencast ===

'''Brief Explanation:'''

Deploy the application on the local server without using vagrant and record a screencast of the process. Upload to a video streaming service and comment link on the melange for mentor to review.

'''Task Category:'''

Code

'''Expected Results:'''

The screencast should clearly contain all the steps required for the deployment and how to troubleshoot most common errors in the whole process.

'''Knowledge Prerequisites:'''

Familiarity with an operating system (Linux/Windows)

'''Mentors:''' Shivam Dixit

=== Task 5: Create a SQL injection challenge ===

'''Brief Explanation:'''

Single user mode of WebGoatPHP consist of set of challenges. These challenges simulate various real world security vulnerabilities in web applications. You have to add a challenge under category "Injection Attacks" which simulates a SQL injection vulnerability in single user mode. The input data must be of type string and the challenge should mimic some real world scenario.

'''Task Category:'''

Code

'''Expected Results:'''

A challenge which helps user understand SQLi vulnerability by allowing him to exploit the vulnerability.

'''Knowledge Prerequisites:'''

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

'''Reference:'''

https://www.owasp.org/index.php/SQL_Injection

https://github.com/shivamdixit/WebGoatPHP/blob/master/README.md#adding-a-lessonchallenge

'''Mentors:''' Shivam Dixit

=== Task 6-20: WebGoatPHP challenges screencast series ===

'''Brief Explanation:'''

In this task you are required to record screencast of how to solve a particular single user mode challenge. The screencast should start by providing an overview of the vulnerability that will be exploited, then step by step instructions on how to exploit the vulnerability. The screencast should conclude on a note that how to avoid this vulnerability in your application. The length of the screencast would vary according to the challenge but it should neither be too long nor too short.

Task - Screencast of challenge.....

Task 6 - HTTP Basic

Task 7 - Using Access Control Matrix

Task 8 - Business Layer Access Control

Task 9 - Path Based Access Control

Task 10 - Same Origin Policy Protection

Task 11 - Forgot Password

Task 12 - Discover clues in HTML

Task 13 - JS Obfuscation

Task 14 - XSS 1 (Reflected)

Task 15 - XSS 2 (Stored)

Task 16 - XSS 3 (DOM)

Task 17 - Fail Open Authentication

Task 18 - Log Spoofing

Task 19 - Numeric SQL Injection

Task 20 - XPATH injection

'''Task Category:'''

Code

'''Expected Results:'''

A screencast explaining the vulnerability involved in a particular challenge.

'''Knowledge Prerequisites:'''

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

'''Mentors:''' Shivam Dixit

== OWASP CSRF Protector ==

=== Task 1-2: CSRF Protector logo ===

'''Brief Explanation:'''

Design logos for the for CSRF Protector Project, possibly two versions one for php library and another one for Apache module.
Both of them should resemble OWASP logo.

'''Task Category:'''

Design

'''Expected Results:'''

OWASP CSRF Protector logo in either psd or jpeg format.

'''Knowledge Prerequisites:'''

Familiarity with Photoshop/GIMP or any other designing software.

'''Mentors:''' Minhaz

=== Task 3: Porting CSRF Protector PHP Wiki (from Github) to OWASP Wiki ===

'''Brief Explanation:'''

Currently we have wiki on how to use and deploy, at github. The task is to port them to OWASP Wiki as well so that it can be accessed directly.

'''Task Category:'''

Documentation

'''Expected Results:'''

Wiki for CSRF Protector php library in OWASP.ORG .

'''Knowledge Prerequisites:'''

Familiarity with wiki.

'''Reference'''

[https://github.com/mebjas/CSRF-Protector-PHP/wiki Github wiki for CSRF Protector php]

'''Mentors:''' Minhaz

=== Task 4: Porting mod_csrfprotector Wiki (from Github) to OWASP Wiki ===

'''Brief Explanation:'''

Currently we have wiki on how to use and deploy, at github. The task is to port them to OWASP Wiki as well so that it can be accessed directly.

'''Task Category:'''

Documentation

'''Expected Results:'''

Wiki for mod_csrfprotector library in OWASP.ORG .

'''Knowledge Prerequisites:'''

Familiarity with wiki.

'''References'''

[https://github.com/mebjas/mod_csrfprotector/wiki Github wiki for mod_csrfprotector]

'''Mentors:''' Minhaz

=== Task 5-6: Create screencasts on how to deploy both version of CSRF Protector individually ===
'''Brief Explanation:'''

Create two screencasts, one for each, which explains how to deploy CSRF Protector in your existing web application.

'''Task Category:'''

Screencast

'''Expected Results:'''

Screencasts explaining how to use CSRF Protector with existing web applications.

'''Knowledge Prerequisites:'''

Experience with php, HTML, and Apache (for mod_csrfprotector)

'''Mentors:''' Minhaz

== OWASP Code Review Project ==
https://www.owasp.org/index.php/OWASP_Code_review_V2_Project

=== Task 1: Code Samples ===

'''Brief Explanation:'''

Code review guide has example code in .Net and Java and in some cases C++. We also want to include sample code in PHP and Ruby. We have existing example code in Java, .Net c#.

'''Task Category:'''

Code

'''Expected Results:'''

Follow existing code samples we need you to create Ruby and PHP where needed. All work will be shown in code review guide wiki. Please review code samples in code review guide wiki.

'''Knowledge Prerequisites:'''

php, and or Ruby

'''Mentors:''' Larry Conklin, Gary Robinson

=== Task 1.1: Code Samples ===
Session Handling. Need php and Java code examples
https://www.owasp.org/index.php/CRV2_SessionHandling

=== Task 1.2: Code Samples ===
Input validation. Need php code examples
https://www.owasp.org/index.php/CRV2_InputValIntro

=== Task 1.3: Code Samples ===
Handling Error Messages. Need pho code examples
https://www.owasp.org/index.php/CRV2_ErrorHandlingMessages

=== Task 1.4: Code Samples ===
Persistent – The Anti pattern. Need Ruby code examples.
https://www.owasp.org/index.php/CRV2_RevCodePersistentAntiPatternRuby

=== Task 1.5: Code Samples ===
Reflected - The Anti pattern. Need Ruby code examples.
https://www.owasp.org/index.php/CRV2_RevCodeReflectedAntiPatternIRuby

=== Task 1.6: Code Samples ===
Ruby - AntiPatttern
https://www.owasp.org/index.php/CRV2_AntiPatternPHP

=== Task 2: Documentation ===
Reviewing by Technical Control
https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#Reviewing_by_Technical_Control

Reviewing by Vulnerability
https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#Reviewing_by_Vulnerability
We need content from last two sections pulled from the wiki and added to a word doc and if possible have the content put into the following word doc template. Email me and I will send you the word template.

We realize that all of the content will not easily fit into the word template but they can do the best they can and that will be fine with us. We only have three rules.

Don’t delete anything even if you don’t agree with it.
Don’t add anything unless it is well marked that you added it.
Have fun and please ask questions. Please remember we have full time jobs and families. We will answer questions but maybe not as quickly as you would like. Yea, we are old grouchy men.

'''Knowledge Prerequisites:'''

Basic understanding wiki editing, word understanding and ability to format text.

'''Mentors:''' Larry Conklin, Gary Robinson

== OWASP Security Controls in Web Application Development Lifecycle ==
https://www.owasp.org/index.php/OWASP_Security_Controls_in_Web_Application_Development_Lifecycle

=== Task 1: Web Application Architecture ===

'''Brief Explanation:'''

To come out with a diagrammatic explanation of how a web application works. Each and every section in the diagram must be explained.

'''Task Category:'''

Architecture

'''Expected Results:'''

The architecture must clearly explain how a web application works irrespective of any technology.

'''Knowledge Prerequisites:'''

Good understanding of web applications

=== Task 2: Project Logo ===

'''Brief Explanation:'''

To come out with a suitable logo for the project matching the project title

'''Task Category:'''

Designing Logo

'''Expected Results:'''

Project Logo

'''Knowledge Prerequisites:'''

Creative imagination

=== Task 3: Secure web application coding ===

'''Brief Explanation:'''

How to code a web application securely? E.g: Session Management, Input Validation, Error Logging, Configuration etc. with code examples. Technology : .NET / Java

'''Task Category:'''

Research & code snippets

'''Expected Results:'''
Theory and Code

'''Knowledge Prerequisites:'''

Good research skills, proper understanding of coding in .NET and Java

'''Mentor:''' Nilay Sangani

GCI2014 Ideas

2015-02-19T08:40:27Z

Seccoale: Seccoale moved page GCI2014 Ideas to OWASP Code Kids 2015 Ideas: It is no more a Google Code In

#REDIRECT [[OWASP Code Kids 2015 Ideas]]

User:Seccoale

2014-11-13T11:44:09Z

Seccoale:

[[File:SeccoAlessandro_PersonalInfo_Foto.jpg | 150px | left]]

Alessandro Secco (a.k.a Seccoale) is an already graduated computer engineer at the University of Padova (Italy) with a mark of 110/110 ''cum laude''.

He currently works at Capgemini as an IT consultant in Italy.

----

Some of the projects Alessandro worked for are:

* Web Quality Project: this project aimed to assess quality of web pages trying to define the human perception of quality and to correlate it with the automated quality scores computed by link analysis algorithms. This project required an exhaustive crawling of a domain specific subgraph of the World Wide Web (''.it'' domain).

* EdilDEI: Web Application based on Servlet/JSP and Ajax technique. Language used: Java, Jsp, HTML, XML, Javascript.

* eLaw: Design and implementation of the prototype of a distributed, easy to use management system for notaries and their offices team. The system was developed using open source technology and custom hardware in order to ensure maximum security and great scalability.

Alessandro partecipated to the Google Summer of Code 2013 with a project named "Dinamically Configurable Action" and mentored by Simon Bennetts (a.k.a. Psiinon).

For more detailed information see:

Github: seccoale

Bitbucket: seccoale

Ohloh: seccoale

LinkedIn: seccoale

or contact him via email: seccoale (AT) gmail (DOT) com

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: Alessandro is a karate instructor since he was 8 years old.

Chess: Alessandro likes playing chess and partecipated in various competitions as an amateur.

Music: Alessandro can play piano and keyboards. He is really interested in Hard Rock and Metal. He played in some amateur bands.

User:Seccoale

2014-11-11T11:27:53Z

Seccoale:

[[File:SeccoAlessandro_PersonalInfo_Foto.jpg | 150px | left]]

Alessandro Secco (a.k.a Seccoale) is an already graduated computer engineer at the University of Padova (Italy) with a mark of 110/110 ''cum laude''.

He currently works at Capgemini as an IT consultant in Italy.

----

Some of the projects Alessandro worked for are:

* Web Quality Project: this project aimed to assess quality of web pages trying to define the human perception of quality and to correlate it with the automated quality scores computed by link analysis algorithms. This project required an exhaustive crawling of a domain specific subgraph of the World Wide Web (''.it'' domain).

* EdilDEI: Web Application based on Servlet/JSP and Ajax technique. Language used: Java, Jsp, HTML, XML, Javascript.

* eLaw: Design and implementation of the prototype of a distributed, easy to use management system for notaries and their offices team. The system was developed using open source technology and custom hardware in order to ensure maximum security and great scalability.

Alessandro partecipated to the Google Summer of Code 2013 with a project named "Dinamically Configurable Action" and mentored by Simon Bennetts (a.k.a. Psiinon).

For other information see:

Github: seccoale

Bitbucket: seccoale

Ohloh: seccoale

LinkedIn: seccoale

or contact him via email: seccoale (AT) gmail (DOT) com

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, JQuery C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: Alessandro is a karate instructor since I was 8 years old.

Chess: Alessandro likes playing chess and partecipated in various competitions as an amateur.

Music: Alessandro can play piano and keyboards. He is really interested in Hard Rock and Metal. He played in some amateur bands.

File:SeccoAlessandro PersonalInfo Foto.jpg

2014-11-11T11:17:36Z

Seccoale: Alessandro Secco Personal Info Foto

Alessandro Secco Personal Info Foto

User:Seccoale

2014-11-11T08:02:20Z

Seccoale:

Alessandro Secco (a.k.a Seccoale) is an already graduated computer engineer at the University of Padova (Italy) with a mark of 110/110 ''cum laude''.

He currently works at Capgemini as an IT consultant in Italy.
Some of the projects Alessandro worked for are:

* Web Quality Project: this project aimed to assess quality of web pages trying to define the human perception of quality and to correlate it with the automated quality scores computed by link analysis algorithms. This project required an exhaustive crawling of a domain specific subgraph of the World Wide Web (''.it'' domain).

* EdilDEI: Web Application based on Servlet/JSP and Ajax technique. Language used: Java, Jsp, HTML, XML, Javascript.

* eLaw: Design and implementation of the prototype of a distributed, easy to use management system for notaries and their offices team. The system was developed using open source technology and custom hardware in order to ensure maximum security and great scalability.

Alessandro partecipated to the Google Summer of Code 2013 with a project named "Dinamically Configurable Action" and mentored by Simon Bennetts (a.k.a. Psiinon).

For other information see:

Github: seccoale

Bitbucket: seccoale

Ohloh: seccoale

LinkedIn: seccoale

or contact him via email: seccoale (AT) gmail (DOT) com

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, JQuery C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: Alessandro is a karate instructor since I was 8 years old.

Chess: Alessandro likes playing chess and partecipated in various competitions as an amateur.

Music: Alessandro can play piano and keyboards. He is really interested in Hard Rock and Metal. He played in some amateur bands.

User:Seccoale

2014-11-10T14:21:52Z

Seccoale:

My name is Alessandro Secco.
I'm a computer engineer graduated with 110/110 cum laude at the University of Padova (Italy) in 2014.
I contributed to OWASP ZAP and Mozilla Zest attending the Google Summer of Code in 2013 with the project "Dinamically Configurable Actions" mentored by Simon Bennetts (psiinon).

Currently I'm an Analyst Consultant at Capgemini.

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, JQuery C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

Github: seccoale

Bitbucket: seccoale

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: I'm a karate instructor since I was 8 years old

Chess: I love playing chess. I partecipated in various competitions as an amateur

Music: I can play piano and keyboards. I'm really interested in Hard Rock and Metal. I played in some amateur bands.

User:Seccoale

2014-11-10T14:20:16Z

Seccoale:

I'm a computer engineer graduated with 110/110 cum laude at the University of Padova (Italy) in 2014.
I contributed to OWASP ZAP and Mozilla Zest attending the Google Summer of Code in 2013 with the project "Dinamically Configurable Actions" mentored by Simon Bennetts.
Currently I'm an Analyst Consultant at Capgemini.

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, JQuery C, C++, Bash, HTML, CSS, JavaScript

Operating System: Linux, Windows, Android

Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap

IDEs: Eclipse, NetBeans and QtCreator

Version Control Systems: Mercurial, Git and SVN

Others Office suites: Microsoft Office, OpenOffice and Libreoffice

Github: seccoale

Bitbucket: seccoale

----

'''Professional Interests:'''

IT in general

Software Engineering

Java

----

'''Hobbies:'''

Karate: I'm a karate instructor since I was 8 years old

Chess: I love playing chess. I partecipated in various competitions as an amateur

Music: I can play piano and keyboards. I'm really interested in Hard Rock and Metal. I played in some amateur bands.

User:Seccoale

2014-11-10T14:19:44Z

Seccoale:

I'm a computer engineer graduated with 110/110 cum laude at the University of Padova (Italy) in 2014.
I contributed to OWASP ZAP and Mozilla Zest attending the Google Summer of Code in 2013 with the project "Dinamically Configurable Actions" mentored by Simon Bennetts.
Currently I'm an Analyst Consultant at Capgemini.

----

'''Knowledges:'''

Programming Languages: Java, JavaScript, JQuery C, C++, Bash, HTML, CSS, JavaScript
Operating System: Linux, Windows, Android
Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap
IDEs: Eclipse, NetBeans and QtCreator
Version Control Systems: Mercurial, Git and SVN
Others Office suites: Microsoft Office, OpenOffice and Libreoffice
Github: seccoale
Bitbucket: seccoale

----

'''Professional Interests:'''

IT in general
Software Engineering
Java

----

'''Hobbies:'''

Karate: I'm a karate instructor since I was 8 years old
Chess: I love playing chess. I partecipated in various competitions as an amateur
Music: I can play piano and keyboards. I'm really interested in Hard Rock and Metal. I played in some amateur bands.

User:Seccoale

2014-11-10T14:18:52Z

Seccoale:

I'm a computer engineer graduated with 110/110 cum laude at the University of Padova (Italy) in 2014.
I contributed to OWASP ZAP and Mozilla Zest attending the Google Summer of Code in 2013 with the project "Dinamically Configurable Actions" mentored by Simon Bennetts.
Currently I'm an Analyst Consultant at Capgemini.

----

Knowledges:
Programming Languages: Java, JavaScript, JQuery C, C++, Bash, HTML, CSS, JavaScript
Operating System: Linux, Windows, Android
Frameworks: OpenOffice, Qt, Maemo, JDOM, Castor, JDBC, Bootstrap
IDEs: Eclipse, NetBeans and QtCreator
Version Control Systems: Mercurial, Git and SVN
Others Office suites: Microsoft Office, OpenOffice and Libreoffice
Github: seccoale
Bitbucket: seccoale

----

Professional Interests:
IT in general
Software Engineering
Java

----

Hobbies:
Karate: I'm a karate instructor since I was 8 years old
Chess: I love playing chess. I partecipated in various competitions as an amateur
Music: I can play piano and keyboards. I'm really interested in Hard Rock and Metal. I played in some amateur bands.