Sunday, 20 August 2017

Google Search Tips, Tricks and Techniques

Google Search Tips, Tricks and Techniques


Google search is usually used in it’s non-advance form, just putting the keyword in box and hit enter.  Ada Kadabra  Google does rest of the magic.


Luckily there is a faster and advance way of getting your search done with Google. There are advance tips, tricks and technique in google which can be used to achieve the custom or filtered searches in google.

Everything need to be done efficiently in the world of information.There are many hidden secret in Google search, knowing those tips, tricks and techniques can make you the master at doing Google search, as you will be able to focus on your search by narrowing it down with advanced google operators.

By getting acquainted with these tips and tricks we are making sure that you will be able to find the hidden information rather easily, for instance looking for a specific information or keyword in the website. Also, Searching for a specific word phrase in url or negating some of the keyword while searching will be easier for you. This kind of search is known as Google Advanced Search technique and tricks.

With these right tricks and techniques you can find right results…

Google advanced search is used for specific complex searches, which are not easily accessible through simple Google search. Advance google search option has some requirements about your desired search for a better result rather than simple one.

Example:


Technical universities of certain cities.
Searching a book with a specific title, heading, description or author.
Google advanced search has more accurate and filtered result than normal search. Google advanced search works on special Input queries.
Why we use advanced google search?

Google advanced search option provides more favorable results in less time.
Google advanced search helps you find accurate result.



Google Advanced search options


1. Search in Page Title


Title page tag is an HTML tag for a web page, it defines what page is about. If you are dealing with coffee machine and want to know more about your competitors in the similar domain, you can search in the page title and see what kind of product do they have.

Example

allintitle: ‘place your search query here’
intitle: ‘place your search query here’


How to use
Searching for “best web design software” in title page

allintitle: best
web design software
intitle: Yodiz agile management tool

2. Search in anchor text


Anchor text is a hyperlink text, which is shown as highlighted in a blog or web page. Like you can hyperlink a productivity technique text in your blog.
User google searches you can even search in the anchor text which is hyperlinked, this is one of the technique for SEO which is used quite heavily to gain more points from google when comes to page ranking.

Here is how you can search in anchor text
Example

allinanchor: ‘place your search query here’
inanchor: ‘place your search query here’


How to use:

allinanchor: scrum
inanchor: Yodiz team productivity

3. Search in URL


If you are writing a blog, it will be good to know what are the existing blogs out there with similar keywords or title, the best to do is to search in the URL of blogs or website, you can use the bellow “allinurl” for this purpose

Example

allinurl: ‘place your search query here’


inurl: ‘place your search query here’
How to use

Allinurl: product owner role
inurl: product owner role
inurl: Top SEO tools complete list free and paid 106 SEO tools

4. Search Missing Words


Find missing words in phrases by using star technique. Just place the star signs around the missing words.
How to use

better to be *pirate then*
What can we gain you *if we are not able to cross the abyss that separates*

5. Search Result By Time


Google “search result by time” technique allows you to find your result in a specific time period. Like if you are a follower of a blog, but you missed last month’s posts then this trick help you to find only previous one month posts.
First, search your query then after result adds “&tbs=qdr:h” at the end of SERP URL.
Example

&tbs=qdr:m – Results from past month,
How to use:

Search your result first like site: yodiz.com scrum
After result appearance add the code (&tbs=qdr:m) in search result url
Some other options

&tbs=qdr:s – Results from past sec,
&tbs=qdr:n – Results from past minute,
&tbs=qdr:h – Results from past hour,
&tbs=qdr:d – Results from past day,
&tbs=qdr:w – Results from past week,
&tbs=qdr:y – Results from past year,

 

6. Search Result by Date


You can also search your desired result in a specific date range. After searching your result place the operator bellow at the end of url.
Example

&tbs=cdr:1,cd_min:(Start Date),cd_max:(End Date)


How to use:

&tbs=cdr:1,cd_min:1/01/2010,cd_max:2/06/2012

7. Search using TO or OR


If you want to search result with several keywords then use word “TO” or “OR”.
How to use:

football worldcup 2009 to 2016
agile or scrum -rugby

8. Translate Quickly


If you need the translation of words then this simple google advanced search trick helps you a lot.


Example

translate [word] to [language]


How to use:

Translate “how are you” to spanish

9. Looking For Comparison


You can easily find comparison of two different product

How to use:

PHP VS Java
Red Team vs Blue Team


10. Exclude From Search Result


If you are searching for something and don’t want certain information appear in your search then use “-” before the keyword to excluded in search.

How to use

SW development methodologies -waterfall
best agile books -site:www.amazon.com


11. Search for Differences


If you are searching difference between two words, then simply put the “ “|”” between two titles.
How to use:

Agile “|” waterfall


 

12. Quick Calculation


If you are in a restaurant and want to know about tip percentage of the bill, then this simple google advanced search calculator will help you a lot.

How to use:

Tip calculator

13. Online Timer


Search online timer on google by simply type timer.

14. Search for Title, Text in a Site


To Find Specific Title, Text on Site easy this trick.
Find those pages whose titles are “Agile”, text of the page is scrum and find on yodiz.com site only.

Example

intext:(Query) intitle:(Query) site:(Site URL)
How to use

intext:scrum intitle:Agile site:yodiz.com
intext:coffee intitle:chocolate – site:*.com


15. Search Time


If you want to know about the exact time of your location then type “time” and city name simply in google search box..

How to use
Time Nairobi

16. Know Your IP Address


Search your IP address by just simply type IP address in google search box.
IP address

Search By Location

If you want to find a specific result like best IT universities in USA the replace this code in your search engine box. Find a specific result on a specific location:

How to use:

Kenya: “Infosec Certifications”

17. Convert Counting


If you want to convert a big amount of counting in english then use this simple easy trick.
Example

Counting= Language
How to use

11,200,670,000= Eleven billion two hundred million six hundred seventy thousand

18. Search Related Sites


If you are a chef and want to search other sites for recipes, or you are fond of reading blogs and searching more blogs then use this trick to find more similar sites.

Example

Related: ‘place your search query here’
How to use

Related: bestbuy.com
related: hotmall.com


19. Search Origin Of Word


If you are looking of any words origin then simply type Etymology before the word.

Example

Etymology (Word, Name, Place)
How to use

Etymology admiral

20. Specific Complex Search


If you want to find a result from a specific site with a specific phrase, and exclude some keywords also, and want to search in a specific time period then alter this given trick to your search.

Site:techcrunch.com ”mobile”-apple 2014..2015

21. Search By File Type


Find PDF documents with a specific topic.
How to use

filetype:pdf Scrum vs kanban
Filetype:doc (Search Query)
Filetype:ps (Search Query)
Filetype:doc (Search Query)
Filetype:xls (Search Query)
Filetype:ppt (Search Query)
Filetype:rtf (Search Query)


eg filetype:pdf johny chen google hacking

22. Search By Domain Extension


If you are looking a special government, educational or training site then use this technique to get more efficient way.
How to use

site:.org OR site:.edu OR site:.gov “cancer research”


23. Search On a Specific Site


If you want to search a specific result from a specific site then use this technique.

How to use

site mit.edu admissions

24. Find Recipes


If you are fond of eating or want to search any food item then use the given trick to get more accurate result.
Example
Recipe site: ‘place your search query here’
How to use

recipe site: ratatouille

25. Search Site Cache


If you want to search any site cache then simply type cache: now place site address.

cache:http://www.globalguideline.com/

26. Search for Exact Phrase


Use quotation marks for an exact phrase search, with same words in the same order.
Place quotation marks (“) around the phrase you’d like to search for.

How to use

“ Security Mistakes and Practices when developing applications”


27. Online Stopwatch


Search online stopwatch on google by simply type stopwatch.

Monday, 26 June 2017

My Experience At AfricHackon 2017 #AH2017 #AH4

AfricHackon 2017 #AH2017 #AH4


AfricaHackon is one of the best information security conference in Kenya and every year everyone from the InfoSec community attends it. I have a great interest in Security and hacking ( though software devt is all i do.) and yes I too look forward to the conference. Every year most of my friends who are into security attend AfricaHackon. It has been running the last 4 years and this year it was greater bigger and different.

The Tickets

The getting of tickets wasn't hard .Safaricom ,staunch supporters of AfricaHackon ,were the platinum sponsors and also provided a mobile payment platform ,Paybill which made it easy to pay for the tickets. Jambo pay (a sponsor) provided the ticketing and online purchase of the tickets .Two tickets types were available Corporate and student pass . There was an offer for students to a minimum of 2k. This time tickets were available for purchase  to the last day.Being a Kenyan we love the last minute purchase of tickets.The conference was being hosted in one of the big five hotels in the city under the sun -Nairobi. 5 minutes from the CBD about 3km. The serene was amazing.

Conference


Before the AfricaHackon conference ,there was a conference a week before Organised by CIO Africa and it was more of a talk and presentation Information Security conference, being a techy ,i shifted my focus to AfricaHackon conference.Through the  AfricaHackon website (https://africahackon.com/) the schedule of speakers was available and the topics of discussion were amazing.

Most of the talk in AfricaHackon were great and was very informative;

Day 1


  1. A 13 year old doing a presentation on  Internet Safety from a 13-year-old  -Joseph Kyalo (Moi Education Centre)
  2. A talk by Michael Mbuthia – CIO KBA-IPSL 
  3. PLENARY: Next level of Cyber Security for Africa: Thinking Proactively - this session opened our minds and man did we ask alot of questions regarding the enacted ICT Bill
  4. The Enterprise Immune System – Darktrace: Eleanor Weaver She did the best presentation on the Daktrace system .The use of AI in IDS systems
  5. Phoenix SIEM (Security Information and Event Management) by Samuel Wachira-this is a kenyan home based system by a local enterprenuer and techy who used to work at Rapid7
  6. Naked in Cyberspace: The Corporate CyberSpace Menace you don’t know by Jimmy Wayans- Jimmy as always reminding us how if we dont configure our systems well we gonna cry.
  7. Breaking the Core (The troubles of Mobile Banking) by Charles Muiruri (icrackthecode):well he brought the concept of secure software development of mobile apps.more in case the Banking Mobile Apps.
  8. Fuzzing BaseBand (Trigger Remote Actions on phone within 100m) by Jade Solomon (http://blog.0x7678.com/).jade a firend of many years .he did best at what he does a good engineer in the GSM field he took everything to the next level.He should have been a comedian but well that jade for you.He showcased how  Dynamic Binary Instrumentation can be used to access the memory of an application and get  details of a mobile app user.Will go back to using a scrambler no smart phone hehehehehe.


Day 2

The day to was more of a practical session and without wait the sessions started straight at (.00 am.


  1. Anatomy of a Targeted Attack (Kill-chain From Infection to ExFiltration) by Gabriel Mathenge & Trune
  2. Hiding in Plain Sight: Dropbox Command and Control by Vince Obilo
  3. “HoneyHouse: A Damn Vulnerable Home Automation System” by  Peter Ouma -This dude is one innovative guy. He showcased IOT hacks 
  4. Launching AfricaHackOn SecOps by Sam Gichuru & Dr. Bright G. Mawudor.-- The AHSecOps this will be a platform with meetups where people with interest in infosec will learn and share skills.It will be hosted at Nailab ,an ICT  incubation center.
  5. The Art of Boot-loader Unlocking: Exploiting Samsung Sboot by  Nitay Artenstein
  6. The Making of the AfricaHackon Badge by Chrispus Kamau.A friend who loves network and anything that has waves and bandwidth. His presentation was on use of conference badges and wireless spoofing (mdk)

The AH Badge

Finally met these awesome people

It was a great experience,meeting and networking I met a lot of people whom i earlier met online.like Essenkey ,the guy online he sounds like a mafia but face to face he is a chilled guy,Munir (alien-within),he looks more of a literature professor ,chilled.One john ( @me ) ......that a story for another day.
Joe Wambugu from Hotmall ,that guy is an entrepreneur,the last time i saw him(6 months ago) he was talking he needs to understand info-sec ,now he is working on a DNS tool he want to launch end of July.waiting for the better version.



I did not attend much talks as i was busy meeting new people, networking and eating. A lot of companies who are related to security came to AfricaHackon and it was a great opportunity to know what is the latest things that are going on in security. Also job offers by few of the companies that visited AfricaHackon eg Daktrace are opening an office in Kenya .

I know a lot of people online who are into security and AfricaHackon was the best platform to meet them in person also I made lots of friends there.






Conclusion

It was a great experience. Many people say that we can watch the talk online too why to spend so much money going to conference? the thing is the experience that we get when we visit conferences like is something that cannot be get just by watching the talk videos. I would like to thank all the awesome people of AfricaHackon to make the conference such a success.

THANK YOU

Friday, 26 May 2017

Secure Software Development

Overview

Software development has been a profession taken as just a career but the solutions implimented have a high impact to users and the industry.
Not only should the intended solution be achieved but the new aspect of data security and integrity of the data must be maintained.The value of the solution should be based on Data integrity ,flexibilty,agility ,user confidence et al.
Applications are increasingly targeted by attackers, which demonstrates the need to build security into an application from the very beginning.  Thus the need to forge a secure and reduce risk in approaching a product develooment


Introduction

Developing secure software is critical to a company’s reputation and bottom line. The impact of a software malfunction or security breach can result in a massive recall, millions in lost revenue, the loss of sensitive customer data.
Faced with having to maintain software quality and security while accelerating innovation, companies with internal defined standard code development processes are looking for new ways to further reduce wholesome program risk. Traditionally, companies would perform security testing near the end of the software development lifecycle, before the product release but that process can put release schedules at risk and l defects found cost more to sort them out.
To more effectively address security, some of these companies are now adopting secure development lifecycle initiatives where security deliverables are inserted in all phases of development. As a result, companies are finding that the benefits of fewer security incidents, faster time to sort out issue incidents and earlier visibility into areas of risk far outweigh the costs of implementing these initiatives.

Developing secure software is still a challenge

Developing secure software is a tough challenge that confronts IT teams – both security and development
teams. Traditionally, computer science programs have focused on producing programmers with a foundation to become
good application developers but not necessarily security experts. As a result, developers are unaware
of the different ways they can introduce security problems into their code.


  1. Misaligned priorities - Development teams are focused on product innovation to meet business needs. Vulnerabilities eminating from code defects are seen as potential problems, therefore not a priority compared to feature functionality and on-time delivery. QA teams are concerned about buggy software and customer dissatisfaction. Security teams are focused on the availability and protection of sensitive assets – they are tasked with securing in-house and commercial applications, often having to address vulnerabilities exposed by software code after it is deployed.
  2. Misaligned process - Security audits and QA testing happen at the end of the development cycle where issues are most expensive to fix and when developers are focused on getting the release out and moving on to the next release. Audits are typically done late in the cycle to avoid having security experts review and re-review code that is likely to change before release. Also, security audits typically happen outside the standard development workflow, which means developers are likely to ignore security issues identified during the audit because it is hard to go back and change “working” code without causing an expensive and lengthy testing cycle. Therefore security issues identified late present business stakeholders a difficult decision between time to market and security.
  3. Misaligned tools - Developers resist changes to their workflow and find it difficult to use tools designed for security experts. They require too much security expertise and do not provide directly actionable information for fixing defects. Putting security auditing tools in the hands of a developer is not a practical solution as these tools are designed to find every possible issue resulting in a high false positive rate. Developers will often ignore the tools analysis results if they have to wade through a high volume of noise to identify critical defects that must be fixed.

Unfortunately as we know, all too often defects ignored or overlooked during the development process end up causing major issues down the road. Due to the rapid growth of software based solutions, we are at that uncomfortable stage in the history of software development where we are seeing firms suffer businesses disruption and negative publicity because they failed to manage risks posed by insecure code practices. Attackks as a result of application vulnerabilities have been reported across industry segments and geopolitical boundaries as we have seen recently with the wannacryt ransomware.

Way foward

In software development, security element needs to be brought in from all aspects of the software development process – it is only by pushing past the operational view of security that we can begin to build software systems that can stand up under attack. Security defects can, and should be treated like software defects and managed as part of the development process. A distinction between security and quality can sometimes be put as one; the bug that generates as
a system failure could be exploited by an attacker tomorrow.

For secure solution the important people to be involvd are the builder of the solution/code -the software developers.

Wednesday, 1 February 2017

Things I Wish I Would Have Known When I Started My Software Development Career


I well started my career in ICT over 7+ years ago.

The experience and change of specialization has taught me alot. As a software engineer (what i believe i am) i have come to know that 


1.There is no “right way” in software development


Most Developers fresh from university will argue that this-way-that-way is the best approach. Patterns and the logic -which is which-, collections vs array list ,when to implement threads vs asynchronous io et al.

i have spent time trying to convince my workmates that my approach is good but i have come to learn that the circumstances determine the "right way" to develop a software solution.
There is no best practice that is universal.The academically defined best practice are to guide in solution implementation but not actual implementation.

The practical approach gives a better development and implementation than wasting time in trying to do it the "right way".


2.Reading books cover to cover not the best way to learn


I have done a number of programming languages and most i have learnt on the job.Books and videos have been helpful but i haven't read the books completely. Skimming was what i was doing

the best way i have found to learn a now software development is to immerse myself into a project and learn the language as i design a solution.This has helped me in my learning curve of the language.

i am taking my 1st steps in reverse engineering and its not as i thought

There are smart ways to become smart, and then there are dumb ways to become smart. 


3. The Software development community


Talking and socializing is not my strong points. I have found myself needing the software communities and interacting with different groups on different devt platform.

Local meetups and online meetups and forums are very essential in a software developer life.The communities help members when they have an issue an you get to learn allot on different implementation techniques of a solution.

You might be a member of a coding community already, but you just haven’t realized it yet. For example, those who’re learning Python, Java or Ruby (for example), might find that they’re often using sites that have – already – built a community around itself. The absolute best example of this would be Codecademy, and their learning to program platform.

Communities like the ones in our chart provide “room” for asking the right questions, and more often than not, people will be eager to help you, offer advice and different perspectives on how-to tackle your bugs. The key element to these communities is to research your questions before you ask them!

What else?
  1. Up-to-date information and problem solving.
  2. Insightful answers, new perspectives.
  3. Tips and tricks for all-level programmers.
  4. Links to resources, talks and research papers.
  5. Meeting new friends, code buddies, potential partners.
I’d rather have real programmers throw stones at me, than to wait in line for an answer from the poor webmaster who’s already so caught up in his own projects, that he instantly regrets the idea of starting his own community in the first place. I’ve been there, I should know.




The chart above tries to display the programming communities that you’re going to find in list by their popularity , and it is the order that I feel is the most appropriate, personal preferences will differ and please don’t let your opinion discourage you.

Massive amount of online communities at once might seem like an overkill, but try to browse these few websites at least a couple of times, in the worst case scenario it will engrave the history in your Google searches, and make it easier to find content (answers) that way.

and the journey continues...

These are just a few of the things that I wish I had known when I first started my software development career, but there are many more and lots of other things that I did do right from the beginning.

By attempting and doing it the wrong way i got to learn the best way to do things like implementing classes,linked list,dynamic loading and the simplicity in designing a simple software.complexity doesn't make a software good.the user using it does.


Tuesday, 24 January 2017

How i got here



Pascal was my 1st programming language and it was the only lesson where i could have fun in class ,writing endless loop trying to come up with a matrix kind of screen but that would lead to computer restart.

After college i thought all was smooth ,little did i know its a hell of a career with its intrigues .In my 1st job i got immediately blindsided by unwritten rules and other day-to-day mix, that no one bothered to caution me about. And programming is no exception.

I learnt thats as a programmer, to get work done, you need to know

1. Version control systems
 Universities teach how to create source code for programs, but usually ignore everything about the management of that code. Every programmer should know how to create repositories, edit and commit code, and branch and merge effectively as part of a project workflow using Git or Azure ,BitBucket et al Subversion. By using the version control tools a programmer knows how to keep track and organise his work

2. Communication
I used to miss this classes and downplayed the content. waaaaah the 1st time i wrote a report it was a hectic session .trying to write a good report ,know which pre-position to write where .....i learnt that You also have to write release notes for your projects. You write commit messages for version control. You write tickets for bugs in the system. All of these and many more require clear, effective English communication – a skill that computer science programs seldom emphasize.

3.. Using libraries
Nobody needs to use a regular expression to extract the hostname from a URL. Every modern programming language includes a standard library of common functionality, or has standard libraries easily available.

Programmers need to understand that code that has already been written, tested, and debugged is going to be better quality than new code that she has to create. Even more important, code that doesn’t have to be written can be implemented much faster.

DONT be a google programmer who just copy pastes codes and move on .understand what that code does.


4. SQL
All the SQL I know I learned on the job.

Everything goes into and out of a database, and SQL is the language that’s used to retrieve it. SQL is also a declarative language, not a procedural language, and so requires learning a new way of thinking about problem solving. But every programmer should understand the basics of database normalization and be able to do SELECTs (including basic INNER and OUTER JOINs), INSERTs, UPDATEs and DELETEs.

5. Tool usage: IDEs, editors tools

It’s the job of programming tools to help manipulate the source code and all other data in the computer to make the programmer’s life easier. The Unix command-line, shell scripting, find, grep, and sed should be part of every programmer’s knowledge set.and working on different platforms helps as some commands and activities are still command-line based

6. Debugging
Every programmer should be able to debug with an interactive debugger .The ability to track down a problem through step-wise refinement is too important.

7. Defensive programming
Even rockstar programmers are fallible, much of the world is out of our control, and things will go wrong. Defensive programming is about understanding that simple truth. If things didn’t go wrong, we wouldn’t have to check file opens for success, or assert that customer IDs are valid integers, or to test our code to make sure that it works properly.

Programmers need to grasp that compiler warnings are helpful tools that make life easier, not nuisances to be avoided. Every programmer should know why each PHP program should start with
error_reporting(E_ALL), or c#.


 try
            {
                result = SafeDivision(a, b);
                Console.WriteLine("{0} divided by {1} = {2}", a, b, result);
            }
            catch (DivideByZeroException e)
            {
                Console.WriteLine("Attempted divide by zero.");
            }

8. Teamwork
Very few programming jobs allow you to work entirely on your own–and those that do are often intellectually crippling and leave you a worse programmer than when you started. Your code must interact with code written by others, or often be intermingled with code from others. No matter how talented, a programmer who can’t collaborate on projects with others has negative productivity, and quickly becomes a liability to the organization.

9. Working on existing code
In school, every class assignment is a new, greenfield project. That’s not how it works in the real world. The first thing that happens to new hires is they get assigned to fix ticket #8347 in the bug tracking system. After that, they have to add a small new complementary feature to an existing system with an established codebase. Designing new code comes months later, if they’re lucky.