Description: The Project group comprises of a three member team
developing a prototype model ofNational Identity Card ensuring privacy
of individuals. My task is to implement Server-side API
using XML Signature & Encryption for securing the data used in Identity
Management. Also, I am involved in the development of Firefox plug-in to
dynamically authenticate the user with entities such as Banks, Employers and other
online services. AJAX and XUL was used to develop the front-end firefox
extension while C and Apache Portable Runtime libraries were used
to develop the back-end server module.
Vitech - V3 Benefits Administration System - Internships
Description: Firefuzzer is a penetration testing tool
and is expected to perform black-box scans over the web pages. It will target the
web page URL which is passed as an argument via command line and will mark the textboxes
within the HTML forms to inject unacceptable data. Then, FireFuzzer will inject
random textual data and submit the forms to see whether Exceptions are generated.
The aim of the fuzzer is to discover unknown vulnerabilities in web applications.
As per the requirement of the Project Proposal, the FireFuzzer application would
be executed from the Command Prompt.
It has two major modules:
1)Buffer Overflow
2)Cross Site Scripting (XSS)
In the case of Buffer Overflow module, Firefuzzer creates
random, possibly invalid text String and inserts into html input textboxes. All
the Forms present on the given page are then submitted one after the other and appropriate
look-up is performed for the status code response. Warnings are given for specific
HTTP Codes. For a normal web page which loads properly without any error, HTTP Status
Code 200 is sent as a response which means OK. HTTP Status Code 500 series of errors
indicate exceptions caused at the Server End.
In the case of Cross-Site Scripting module, Firefuzzer
will also target SQL injections where SQL commands are injected into the Login form
component. Attacker can also effectively insert code and modify SQL command. These
commands are then passed to Server end. Again, Look-ups are performed for the status
code response and appropriate warnings are issued.
Team used Java for the Core Application Development, Apache
Jakarta Components and Jericho HTML Parsing for HTML page handling.
KFrog - Programming Languages and Translators (COMS W4115)
Description: KFrog is a interpreted GPL (Graphical Programming
Language) devised with the naive idea to enable K-12 students to learn programming
in a fun-loving environment. It uses the concept of Pond as a Frame or Canvas and
an object known as 'KFrog' to draw graphical structures on the pond. The main concepts
we try to illustrate are spatial location, patterns, randomness, and concurrency
in a visual and fun manner. It was designed on Java platform harnessing the astute
power of ANTLR.
My role as part of the Project was primarily as a Tester
where I had to perform Secure Code Review. The source code was available to me regularly
for performing Unit Testing. I was implementing a test suite which would be able
to take 2 parameters as input.
1) Actual Result generated by the Compiler
2) Expected Result generated on the basis of Code Review
My Test Suite which I wrote in Java would perform pattern matching over both the
results and would specify “PASS” or “FAIL” depending on
the final outcome. Cases to handle were Randomness, Concurrency, Case-Sensitive
nature of Output and incorrect Arguments passed to functions.
Description: We designed and implemented the Translator
utilising Dual Stack, Static NAT-PT, Dynamic NAT-PT and IPv6 Tunneling methodologies.
These are the various technologiess proposed for IPv4 - IPv6 conversion over the
Internet. We even tried to compare and contrast the performance as well as pros
and cons of these methods using Linux hosts (Fedora Core 9). We had to do extensive
router configuration over the IOS (Internet Operating System) working on Cisco 2600
Router series.
Description: Project
was to devise a program that listens on a UDP port and reads packets addressed to
that port that simulate actual packets. The firewall reads the configuration file
which is manually generated by the User, then listens on a port for packets. A decision
must be made, according to these rules, about accepting or dropping each packet.
The output of the firewall is a list of packets received, their disposition, and
the number of the rule that caused the action.
genSpace Project (Messaging Component) - Research (COMS 6901)
Description: genSpace is a scientific collaborative tool
to assist effective knowledge sharing of information gathered over Social Networking
Websites. The project aims to observe and monitor the traits of a User regarding
the usage of tools or set of tools in a domain. The knowledge gathered will help
to build social network models inorder to provide useful features such as suggestions,
automatically generated sequences of actions based on past usage amongst the members
of a social network or an entire community. We implemented effective data-mining
and also a stable-implementation of a Messaging system capable of providing low
cost database-driven communication mechanism. Work was done using Java over geWorkBench
tool, which is a Java-based open-source
platform for integrated genomics.
Description: WIKEA is an online inventory management system
inspired by the Swedish firm IKEA which is famous for having self-assembly furniture
products. In the project, we have Manufacturer and Sub-Dealer as part of the users
of the system. Manufacturer also acts as Administrator. We have the sub-dealer directly
interacting with the Manufacturer and placing the order on an Order Processor which
was implemented using Microsoft Messaging Queue. The highlight of the Project was
we implemented it using pair-programming practice which is effective as project
got implemented well within stipulated time period, bug handling became effective
and overall stability of the product was guaranteed. The project was based on .NET
3-layer Architecturr. We implemented the project using ASP .NET in Presentation
Layer, C# in Middle Layer and typed-datasets as well as SQL-Server database in Data
Access Layer. Visual Studio 2005 Professional and SQL Server 2005 Professional were
the tools used in the Project.
GX College Networking Project- Databases (COMS W4111)
Description: GX College Networking Project was based on
the idea of having a social networking utility for the members (professors, students)
of a typical university. This would be productive approach as it would help to enhance
the interaction between the members and allow proper as well as effective sharing
of information. The features of the project were User-profile, management of multimedia
objects (photos), communication via mail messages implemented using database transactions
and allowing members to acknowledge as well as become friends named as 'contact'.
The web-based system was implemented using PHP as front-end and Oracle XE Express
Edition as back-end. We modelled the database tables as RDBMS concept and implemented
Multimedia Objects as BLOBs.
Process Flow Tracking for Biomass Distribution Project - Internship
Description: At Larsen & Toubro Infotech India Ltd.,
my team worked on a SCM (Supply Chain Management) based project titled 'Process
Flow Tracking of Biomass Distribution System'. We strictly adhered to the Waterfall
model of SDLC (Software Development Life Cycle) while taking in consideration the
different entities such as Manufacturer, Distributor, Sub-Dealer, Customer and the
Head-Office. Project dealt with designing the complete delivery-cycle starting from
Manufacturer to the end Customer and thereby, describes the process-flow for the
Product (Pellet & Appliance) distribution. Pellet and Appliance manufacturer
(Biomass) will provide the respective product to the Customer passing through district
and rural levels. Distributor is receiving the various products from the manufacturer
and supplies these products to Sub-Dealer. Customer purchases the required product
from the Sub-Dealers. There is a possibility that dealing partners may attain some
defective products. In such cases, similar but backward flow (Customer to Sub-Dealer
to Resp. Manufacturers) is applied to turn back the defective products. Different
parameters and transactions such as Defect Product Code, Lot Number and Warranty
status has to be tracked in the database. Entire process is monitored by the Organization’s
Head Office.
The entire project was completed well within the time
of the Demo (24-April-2008). following rigourous project scheduling practise. The
Software Application was developed using.NET's n-layered architecture utilising
the extensive flexibility and power of ASP .NET (on Visual Studio 2005 and
.NET framework 2.0) along with the robustness of SQL Server 2005.
Figure above shows the process flow design of the biomass
project
Process Flow Diagram Explanation:
P1, P2, P3, P4: The Biomass Products (pellets and appliances)
P1D, P2D, P3D, P4D: The Biomass Defective Products (pellets
and appliances)
The above figure shows the progressive stages performed
during our entire Project
Sample code from our Project emphasizing on 3-Layered
Architecture:
Presentation Layer:
The Products and their details can be viewed by all the Users in the system.
But modification of price is handled by the Head-Office only. The warranty is displayed
by the Description box in the Detailsview section.
