لرن سرا

دسته: هسته اصلی سیستم‌عامل

  • Create PDF in PHP Using FPDF.

    Create PDF in PHP Using FPDF.


    Create PDF in PHP Using FPDF.

    In this post, I  will explain how to create a pdf file in php. To create a PDF file in PHP we will use the FPDF library. It is a PHP library that is used to generate a PDF. FPDF is an open-source library. It is the best server-side PDF generation PHP library. It has rich features right from adding a PDF page to creating grids and more.

    Example:

    <?Php
require('fpdf/fpdf.php');
$pdf = new FPDF(); 
$pdf->AddPage();
$pdf->SetFont('Arial','B',16);
$pdf->Cell(80,10,'Hello World From FPDF!');
$pdf->Output('test.pdf','I'); // Send to browser and display
?>

    Output:

     

     



    Source link

  • Operation Sindoor: Anatomy of a High-Stakes Cyber Siege

    Operation Sindoor: Anatomy of a High-Stakes Cyber Siege


    Overview

    Seqrite Labs,  India’s largest Malware Analysis lab, has identified multiple cyber events linked to Operation Sindoor, involving state-sponsored APT activity and coordinated hacktivist operations. Observed tactics included spear phishing, deployment of malicious scripts, website defacements, and unauthorized data leaks. The campaign exhibited a combination of cyber espionage tactics, hacktivist-driven disruptions, and elements of hybrid warfare. It targeted high-value Indian sectors, including defense, government IT infrastructure, healthcare, telecom, and education. Some of the activities were attributed to APT36 and Sidecopy, Pakistan-aligned threat groups known for leveraging spoofed domains, malware payloads, and credential harvesting techniques against Indian military and government entities.

    Trigger Point: Initial Access Vector

    On April 17, 2025, Indian cyber telemetry started to light up. Across the threat detection landscape, anomalies directed towards government mail servers and defence infrastructures. Lure files carried names that mimicked urgency and legitimacy:

    These weren’t ordinary files. They were precision-guided attacks—documents laden with macros, shortcuts, and scripts that triggered covert command-and-control (C2) communications and malware deployments. Each lure played on public fear and national tragedy, weaponizing recent headlines like the Pahalgam Terror Attack. Further technical details can be found at :

    Following the initiation of Operation Sindoor on May 7th, a surge in hacktivist activities was observed, including coordinated defacements, data leaks, and disruptive cyber campaigns.

    Activity Timeline Graph – Operation Sindoor

    APT36: Evolution of a Digital Predator

    APT36, long associated with the use of Crimson RAT and social engineering, had evolved. Gone were the older Poseidon loaders—Ares, a modular, evasive malware framework, now formed the new spearhead.

    Tools & File Types:

    • .ppam, .xlam, .lnk, .xlsb, .msi
    • Macros triggering web queries:
      fogomyart[.]com/random.php
    • Payload delivery through spoofed Indian entities:
      zohidsindia[.]com, nationaldefensecollege[.]com, nationaldefencebackup[.]xyz
    • Callback C2 IP: 86.97[.]58:17854

    APT36 used advanced TTPs during Operation Sindoor for stealthy infection, persistence, and command and control. Initial access was via spear phishing attachments (T1566.001) using malicious file types (.ppam, .xlam, .lnk, .xlsb, .msi). These triggered macros executed web queries (T1059.005) to domains like fogomyart[.]com. Payloads were delivered through spoofed Indian domains such as zohidsindia[.]com and nationaldefensecollege[.]com, with C2 communication via application layer protocols (T1071.001) to 167.86.97[.]58:17854. For execution and persistence, APT36 leveraged LOLBins (T1218), scheduled tasks (T1053.005), UAC bypasses (T1548.002), and obfuscated PowerShell scripts (T1059.001, T1027), enabling prolonged access while evading detection.

    Ares RAT grants full control over the compromised host, offering capabilities such as keylogging, screen capturing, file manipulation, credential theft, and remote command execution—similar to commercial RATs but tailored for stealth and evasion.

    Digital Infrastructure: Domains of Deception

    The operation’s domain arsenal resembled a covert intelligence operation:

    • pahalgamattack[.]com
    • operationsindoor2025[.]in
    • sindoor[.]website
    • sindoor[.]live

    These domains mimicked military and government entities, exploiting user trust and leveraging geo-political narratives for social engineering.

    Hacktivism in Tandem: The Shadow Battalion

    APT36 did not act alone. In parallel, hacktivist collectives coordinated disruptive attacks—DDoS, defacements, and data leaks—across key Indian sectors. Telegram groups synchronized actions under hashtags like #OpIndia, #OperationSindoor, and #PahalgamAttack, as portrayed in the image below.

     

    A quick timeline recap

    Most Targeted Sectors:

    The Operation Sindoor campaign strategically targeted India’s critical sectors, focusing on Defense entities like the MoD, Army, Navy, and DRDO. The hactivists claimed to have disrupted Government IT infrastructure, including NIC and GSTN with evidences of DDoS and data leak, while attempting breaches in healthcare institutions such as AIIMS and DRDO Hospitals. Telecom giants like Jio and BSNL were probed, alongside multiple state-level educational and government portals, showcasing the breadth and coordination of the cyber offensive.

    Post-Campaign Threat Landscape

    From May 7–10, Seqrite telemetry reported:

    • 650+ confirmed DDoS/defacement events
    • 35+ hacktivist groups involved, 7 newly emerged
    • 26 custom detection signatures deployed across XDR

    Detection Signatures:

    Signature Name Description
    BAT.Sidecopy.49534.GC SideCopy loader script
    LNK.Sidecopy.49535.GC Macro-enabled shortcut
    MSI.Trojan.49537.GC MSI-based Trojan dropper
    HTML.Trojan.49539.GC HTML credential phisher
    Bat.downloader.49517 Download utility for RAT
    Txt.Enc.Sidecopy.49538.GC Obfuscated loader

     

    IOCs: Indicators of Compromise

    Malicious Domains:

    • pahalgamattack[.]com
    • sindoor[.]live
    • operationsindoor2025[.]in
    • nationaldefensecollege[.]com
    • fogomyart[.]com/random.php

    Malicious Files:

    Callback IP:

    • 86.97[.]58:17854 (Crimson RAT C2)

    VPS Traffic Origination:

    • Russia 🇷🇺
    • Germany 🇩🇪
    • Indonesia 🇮🇩
    • Singapore 🇸🇬

    The Mind Map of Chaos: Coordinated Disruption

    The hierarchy of the campaign looked more like a digital alliance than a lone operation:

    Seqrite’s Response

    To counteract the operation, Seqrite Labs deployed:

    • 26 detection rules across product lines
    • YARA signatures and correlation into STIP/MISP
    • XDR-wide alerting for SideCopy and Ares variants
    • Dark web and Telegram monitoring
    • Threat advisory dissemination to Indian entities

     

    Researcher’s Reflection

    Operation Sindoor revealed the blueprint of modern cyber warfare. It showcased how nation-state actors now collaborate with non-state hacktivists, merging technical intrusion with psychological operations. The evolution of APT36—especially the move from Poseidon to Ares—and the simultaneous hacktivist attacks signal a deliberate convergence of cyber espionage and ideological warfare.

    Instead of isolated malware campaigns, we now face digitally coordinated war games. The tools may change—macros, MSI files, DDoS scripts—but the objectives remain: destabilize, disinform, and disrupt.

    Conclusion

    Operation Sindoor represents a significant escalation in the cyber conflict landscape between India and Pakistan. The campaign, orchestrated by APT36 and allied hacktivist groups, leveraged a blend of advanced malware, spoofed infrastructure, and deceptive social engineering to infiltrate key Indian sectors.

    The strategic targeting of defense, government IT, healthcare, education, and telecom sectors underscores an intent to not just gather intelligence but also disrupt national operations. With the deployment of tools like Ares RAT, attackers gained complete remote access to infected systems—opening the door to surveillance, data theft, and potential sabotage of critical services.

    From an impact standpoint, this operation has:

    • Undermined trust in official digital communication by spoofing credible Indian domains.
    • Increased operational risks for sensitive departments by exposing infrastructure weaknesses.
    • Compromised public perception of cybersecurity readiness in government and defense.
    • Amplified geopolitical tension by using cyber means to project influence and provoke instability.

    The impact of this campaign on national cybersecurity and trust has been significant:

    • Data Exfiltration: Sensitive internal documents, credentials, and user information were exfiltrated from key organizations. This compromises operational security, strategic decision-making, and opens pathways for follow-up intrusions.
    • DDoS Attacks: Targeted denial-of-service attacks disrupted availability of critical government and public-facing services, affecting both internal workflows and citizen access during sensitive geopolitical periods.
    • Website Defacement: Several Indian government and institutional websites were defaced, undermining public confidence and serving as a psychological warfare tactic to project influence and cyber superiority.

    These developments highlight the urgent need for enhanced threat intelligence capabilities, robust incident response frameworks, and strategic public-private collaboration to counter such evolving hybrid threats.



    Source link

  • Angular Code Review Checklist. – PHPFOREVER

    Angular Code Review Checklist. – PHPFOREVER


    Introduction:

    Code review is a process where developers have their work reviewed by their peers to check the code’s quality and functionality. In the case of Angular, there are specific points that we must check to ensure code effectiveness, which we will be discussing in detail in our upcoming blog post. Effective code reviews are crucial to delivering high-quality applications to end-users. This process involves a peer review of developers’ work. The main aim of this evaluation is to detect any bugs, syntax issues, and other factors that could impact the application’s performance. However, code reviews can be time-consuming. Therefore, we have created a comprehensive list of the most crucial elements to consider during your Angular code reviews.

    Imports Organization:

    You should group your imports by source and arrange them alphabetically, which will help keep your import section organized and tidy.

    Bad Code Example:
    import { Component, OnInit, Input } from '@angular/core';
import { FormsModule } from '@angular/forms';

import { AuthService } from '../services/auth.service';
import { BehaviorSubject, Observable, Subject, timer } from 'rxjs';
import { UserService } from '../services/user.service';
import { SomeOtherService } from '../services/some-other.service';
import { SomeComponent } from '../some-component/some-component.component';
import { AnotherComponent } from '../another-component/another-component.component';
import { SharedModule } from '../shared/shared.module';
import { ActivatedRoute, Router } from '@angular/router';
import { HttpClient, HttpHeaders } from '@angular/common/http';

@Component({
  selector: 'app-component',
  templateUrl: './app.component.html',
  styleUrls: ['./app.component.css']
})
export class AppComponent implements OnInit {
  // ...
}

     

    Good Example (Organized imports order) 

    // Organize Angular modules separately
import { Component, OnInit, Input } from '@angular/core';
import { ActivatedRoute, Router } from '@angular/router';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { FormsModule } from '@angular/forms'; 


// Organize Rxjs imports separetly 
import { BehaviorSubject, Observable, Subject, timer } from 'rxjs';

// Organize services imports separetly
import { AuthService } from '../services/auth.service';
import { UserService } from '../services/user.service';
import { SomeOtherService } from '../services/some-other.service';

import { SomeComponent } from '../some-component/some-component.component';
import { AnotherComponent } from '../another-component/another-component.component';
    Service Injection:

    It is recommended to review dependency injection in components and utilize TypeScript’s access modifiers (public, private, etc.).

    Bad Code Example:
    @Component({
  selector: 'app-example',
  templateUrl: './example.component.html',
  styleUrls: ['./example.component.css']
})
export class ExampleComponent implements OnInit {
  // ...
 constructor(
    public dialog: MatDialog,
    authService: JobService,
    userService,
    public ref: ChangeDetectorRef,

  ) {
  }
}
    Good Example (With private access modifier ):
    @Component({
  selector: 'app-example',
  templateUrl: './example.component.html',
  styleUrls: ['./example.component.css']
})
export class ExampleComponent implements OnInit {
  // ...
 constructor(
    private dialog: MatDialog,
    private authService: JobService,
    private userService,
    private ref: ChangeDetectorRef,

  ) {
  }
}

     

    Observable Cleanup:

    Use the async pipe to simplify the component code instead of etching data with observables, doing the subscribe and cleanup in ngOnDestroy.

    Bad Code Example:
    import { Component, OnDestroy, OnInit } from '@angular/core';
import { Subscription } from 'rxjs';
import { DataService } from './data.service';

@Component({
  selector: 'app-data-list',
  template: `
    <h2>Data List</h2>
    <ul>
      <li *ngFor="let item of data">{{ item }}</li>
    </ul>
  `,
})
export class DataListComponent implements OnInit, OnDestroy {
  data: string[] = [];
  private dataSubscription: Subscription;

  constructor(private dataService: DataService) {}

  ngOnInit() {
    this.dataSubscription = this.dataService.getData().subscribe((result) => {
      this.data = result;
    });
  }

  ngOnDestroy() {
    if (this.dataSubscription) {
      this.dataSubscription.unsubscribe();
    }
  }
}
    Good Example ( With async pipe):
    import { Component } from '@angular/core';
import { Observable } from 'rxjs';
import { DataService } from './data.service';

@Component({
  selector: 'app-data-list',
  template: `
    <h2>Data List</h2>
    <ul>
      <li *ngFor="let item of data$ | async">{{ item }}</li>
    </ul>
  `,
})
export class DataListComponent {
  data$: Observable<string[]>;

  constructor(private dataService: DataService) {
    this.data$ = this.dataService.getData();
  }
}
    Property Initialization:

    It is considered a best practice to set default values for properties to prevent runtime errors.

    Bad Code Example ():
    import { Component } from '@angular/core';

@Component({
  selector: 'app-data-grid',
  template: `
    <!-- Data grid rendering code -->
  `,
})
export class DataGridComponent {
  data; // No initialization

  constructor() {
    // Imagine some logic to populate dataArray dynamically.
  }
}
    Good Example:
    import { Component } from '@angular/core';

@Component({
  selector: 'app-data-grid',
  template: `
    <!-- Data grid rendering code -->
  `,
})
export class DataGridComponent {
  data: any[] = []; // Initialize with an empty array

  constructor() {
    // Logic to populate dataArray dynamically.
  }
}

     

    Component Initialization:

    I recommend reviewing the ngOnInit  method, don’t make it too long. Try to break it into smaller methods for better readability and maintainability.

    Bad Code Example :

    import { Component, OnInit } from '@angular/core';
import { DataService } from './data.service';

@Component({
  selector: 'app-data-list',
  template: `
    <h2>Data List</h2>
    <ul>
      <li *ngFor="let item of data">{{ item }}</li>
    </ul>
  `,
})
export class DataListComponent implements OnInit {
  data: string[] = [];

  constructor(private dataService: DataService) {}

  ngOnInit() {
    // Fetch data from the service
    this.dataService.getData().subscribe((result) => {
      // Filter and transform the data
      const filteredData = result.filter((item) => item.length > 5);
      const transformedData = filteredData.map((item) => item.toUpperCase());

      // Sort the data
      transformedData.sort();

      // Set the component data
      this.data = transformedData;
    });
  }
}

    Good Example (Breaking Down ngOnInit)

     

    import { Component, OnInit } from '@angular/core';
import { DataService } from './data.service';

@Component({
  selector: 'app-data-list',
  template: `
    <h2>Data List</h2>
    <ul>
      <li *ngFor="let item of data">{{ item }}</li>
    </ul>
  `,
})
export class DataListComponent implements OnInit {
  data: string[] = [];

  constructor(private dataService: DataService) {}

  ngOnInit() {
    this.loadData();
  }

  private loadData() {
    this.dataService.getData().subscribe((result) => {
      const filteredData = this.filterData(result);
      const transformedData = this.transformData(filteredData);
      this.data = this.sortData(transformedData);
    });
  }

  private filterData(data: string[]): string[] {
    return data.filter((item) => item.length > 5);
  }

  private transformData(data: string[]): string[] {
    return data.map((item) => item.toUpperCase());
  }

  private sortData(data: string[]): string[] {
    return [...data].sort();
  }
}
    Consider Extracting Logic to Services:

    If a component logic can be reused in multiple places, we can extract it into services for better code organization and reusability.

    Bad Code Example:

    import { Component } from '@angular/core';
import { User } from './user.model'; // Assuming User model is imported

@Component({
  selector: 'app-user-management',
  template: `
    <h2>User Management</h2>
    <button Angular Code Review Checklist. - PHPFOREVER="generateTooltipForEditButton(currentUser)">Edit User</button>
  `,
})
export class UserManagementComponent {
  currentUser: User;

  constructor() {
    // Initialize the currentUser based on user data retrieval
    this.currentUser = this.getUser(/* specify user ID or other criteria */);
  }

  generateTooltipForEditButton(user: User): string {
    if (user) {
      if (user.state === 'SUSPENDED') {
        return 'This user is suspended and cannot be edited';
      } else if (user.state === 'INACTIVE') {
        return 'This user is inactive and cannot be edited';
      } else if (!user.authorizedToUpdate) {
        return 'You are not authorized to edit this user';
      } else {
        return 'Edit';
      }
    }
    return 'Edit';
  }

  // Simulated method to retrieve a user, replace with actual logic
  getUser(userId: number): User {
    return {
      id: userId,
      name: 'John Doe',
      state: 'ACTIVE',
      authorizedToUpdate: true,
    };
  }
}

     

    Good Example:

    import { Injectable } from '@angular/core';

@Injectable({
  providedIn: 'root',
})
export class UserService {
  // Other user-related methods and properties
// move the component fucntion to the service 
  getEditUserButtonTooltip(user: User): string {
    if (user) {
      if (user.state === 'SUSPENDED') {
        return 'This user is suspended and cannot be edited';
      } else if (user.state === 'INACTIVE') {
        return 'This user is inactive and cannot be edited';
      } else if (!user.authorizedToUpdate) {
        return 'You are not authorized to edit this user';
      } else {
        return 'Edit';
      }
    }
    return 'Edit';
  }
}




import { Component } from '@angular/core';
import { UserService, User } from '../user.service';

@Component({
  selector: 'app-user-management',
  template: `
    <h2>User Management</h2>
    <button Angular Code Review Checklist. - PHPFOREVER="generateTooltipForEditButton(currentUser)">Edit User</button>
  `,
})
export class UserManagementComponent {
  currentUser: User;

  constructor(private userService: UserService) {
    // Initialize the currentUser based on user data retrieval
    this.currentUser = this.userService.getUser(/* specify user ID or other criteria */);
  }

  generateTooltipForEditButton(user: User): string {
    return this.userService.generateTooltipForEditButton(user);
  }
}
    Hard-Coded Styles:

    It’s important to avoid using inline styles as they can be difficult to maintain. Instead, it’s recommended to define appropriate styling classes.

    Bad Example (Hard-Coded Styles in Template):

    <!-- bad-example.component.html -->
<div>
  <h2 style="font-size: 24px; color: red;">Welcome to our website</h2>
  <p style="font-size: 18px; color: blue;">This is some text with hard-coded styles.</p>
  <button style="background-color: green; color: white;">Click me</button>
</div>

    Good Example (Separate Styles in a CSS File) :

    <!-- good-example.component.html -->
<div>
  <h2>Welcome to our website</h2>
  <p>This is some text with Angular-applied styles.</p>
  <button (click)="onButtonClick()">Click me</button>
</div>

/* styles.css or component-specific styles file */
h2 {
  font-size: 24px;
  color: red;
}

p {
  font-size: 18px;
  color: blue;
}

button {
  background-color: green;
  color: white;
}

     

    Angular Dropdown With Search And Multi Select.   Quiz App In Angular.



    Source link

  • India Cyber Threat Report Insights for Healthcare Industry

    India Cyber Threat Report Insights for Healthcare Industry


    In 2024, one industry stood out in the India Cyber Threat Report—not for its technological advancements but for its vulnerability: healthcare. According to India Cyber Threat Report 2025, the healthcare sector accounted for 21.82% of all cyberattacks, making it the most targeted industry in India.

    But why is healthcare such a lucrative target for cybercriminals?

    The Perfect Storm of Opportunity

    Healthcare organizations are in a uniquely precarious position. They house vast amounts of sensitive personal and medical data, operate mission-critical systems, and often lack mature cybersecurity infrastructure. In India, the rapid digitization of healthcare — from hospital management systems to telemedicine — has outpaced the sector’s ability to secure these new digital touchpoints.

    This creates a perfect storm: high-value data, low resilience, and high urgency. Threat actors know that healthcare providers are more likely to pay ransoms quickly to restore operations, especially when patient care is on the line.

    How Cybercriminals are Attacking

    The India Cyber Threat Report highlights a mix of attack vectors used against healthcare organizations:

    • Ransomware: Threat groups such as LockBit 3.0 and RansomHub deploy advanced ransomware strains that encrypt data and disrupt services. These strains are often delivered through phishing campaigns or unpatched vulnerabilities.
    • Trojans and Infectious Malware: Malware masquerading as legitimate software is a standard tool for gaining backdoor access to healthcare networks.
    • Social Engineering and Phishing: Fake communications from supposed government health departments or insurance providers lure healthcare staff into compromising systems.

    What Needs to Change

    The key takeaway is clear: India’s healthcare organizations need to treat cybersecurity as a core operational function, not an IT side task. Here’s how they can begin to strengthen their cyber posture:

    1. Invest in Behavior-Based Threat Detection: Traditional signature-based antivirus tools are insufficient. As seen in the rise from 12.5% to 14.5% of all malware detections, behavior-based detection is becoming critical to identifying unknown or evolving threats.
    2. Harden Endpoint Security: With 8.44 million endpoints analyzed in the report, it’s evident that endpoint defense is a frontline priority. Solutions like Seqrite Endpoint Security offer real-time protection, ransomware rollback, and web filtering tailored for sensitive environments like hospitals.
    3. Educate and Train Staff: Many successful attacks begin with a simple phishing email. Healthcare workers need regular training on identifying suspicious communications and maintaining cyber hygiene.
    4. Backup and Response Plans: Ensure regular, encrypted backups of critical systems and have an incident response plan ready to reduce downtime and mitigate damage during an attack.

    Looking Ahead

    The India Cyber Threat Report 2025 is a wake-up call. As threat actors grow more sophisticated — using generative AI for deepfake scams and exploiting cloud misconfigurations — the time for reactive cybersecurity is over.

    At Seqrite, we are committed to helping Indian enterprises build proactive, resilient, and adaptive security frameworks, especially in vital sectors like healthcare. Solutions like our Seqrite Threat Intel platform and Malware Analysis Platform (SMAP) are built to give defenders the needed edge.

    Cyber safety is not just a technical concern — it’s a human one. Let’s secure healthcare, one system at a time.

    Click to read the full India Cyber Threat Report 2025



    Source link

  • How to Style Even and Odd Div.

    How to Style Even and Odd Div.


    style even and odd

    We can easily change the background color of div’s even and odd index using the:nth-child pseudo-class with the even and odd keywords, respectively. Odd and even are keywords that can be used to match child elements whose index is odd or even (the index of the first child is 1). Here, we specify two different background colors for odd and even p elements.

    Example:

    <!DOCTYPE html>
<html>
<head>
    <title>Even Odd Example</title>
    <style type="text/css">
    div :nth-child(even){
        background-color: yellow;
    }
    div :nth-child(odd){
        background-color: blue;
    }
    </style>
</head>
<body>
<div id="main">
    <div>1</div>
    <div>2</div>
    <div>3</div>
    <div>4</div>
    <div>5</div>
    <div>6</div>
    <div>7</div>
    <div>8</div>
    <div>9</div>
    <div>10</div>
</div>	

</body>
</html>

     

     



    Source link

  • Custom Pipe Example In Angular. Pipe example get month name.

    Custom Pipe Example In Angular. Pipe example get month name.


    Custom Pipe Example In Angular.

    This tutorial will show you how to create an Angular Custom Pipe. It is handy if we want to reuse some logic across our applications. It allows us to change the format in which data is displayed on the pages. For instance, consider the date of birth as 01-01-2024 and we want to display it as 01-January-2023. To achieve this we will make one pipe that can be used anywhere in our application. In angular

    Types of Pipe.
    •  Pure Pipe.
    •  Impure pipes.
    Pure Pipe.

    The pure pipe is a pipe called when a pure change is detected in the value. It is called fewer times than the latter.

    Impure Pipes.

    This pipe is often called after every change detection. Be it a pure change or not, the impure pipe is called repeatedly.

    Steps to Create Pipe

    Below are the steps to create the custom pipe.

    1. Create a pipe class.
    2. Decorate the class with the @Pipe decorator.
    3. Give a pipe name under name metadata in @Pipe decorator.
    4. Implement the PipeTransform interface and it will contain only one method that is transform.
    5. The transform method must transform the value and return the result.
    6. Import the pipe class in the component.
    7. Use the custom pipe by its name in the HTML file.
    Example.

    Create a pipe class and add the below code.

    import { Pipe,PipeTransform } from '@angular/core';

@Pipe({
    name: 'custompipe',
    standalone: true,
})

export class custompipePipe implements PipeTransform {

    monthNumbers:any = ['January','February','March','April','May','June','July','August','September','October','November','December'];
    transform(value: any) {
        let date = value.split(/[.,\/ -]/);
        if(date[1]>12 || date[1]<1 || isNaN(date[1])){
            return "Invalid Month";
        }else{
            date[1] = this.monthNumbers[date[1]-1];
            return date.join('-');
        }   
         
    }
}

    Import the custom pipe in pipe-example.componenet.ts file and add the below code.

    import { Component } from '@angular/core';
import { custompipePipe } from '../custompipe/custompipe.pipe';

@Component({
  selector: 'app-pipe-example',
  standalone: true,
  imports: [custompipePipe],
  templateUrl: './pipe-example.component.html',
  styleUrl: './pipe-example.component.css'
})

export class PipeExampleComponent{

  monthName:number = 0;
  ngOnIt(){

  }

  getMonthName(event:any){
    this.monthName = event.target.value;
  }
}

    Add the below code in pipe-example.component.html file

     <input type="text" placeholder="Enter Month Name" (keyup)="getMonthName($event)" autofocus>    
Month Name: {{ monthName | custompipe}}

    Input: 12-02-2023

    Output: 12-February-2023

     

    JavaScript Program To Count The Frequency Of Given Character In String.          Angular Dropdown With Search And Multi Select.



    Source link

  • how to generate qr code in angular.

    how to generate qr code in angular.


    How To Generate QR Code In Angular:

    In the modern digital era, QR codes have become essential for quickly sharing information through a simple scan. QR codes provide a versatile solution for marketing purposes, linking to a website, or sharing contact details. In this blog post, we’ll explore how to generate QR codes in your Angular applications using the angularx-qrcode library.

    We’ll guide you through the installation process, show you how to integrate the library into your Angular project and provide a complete example to get you started. By the end of this tutorial, you’ll be able to create and customize QR codes effortlessly, adding an extra layer of interactivity and functionality to your applications. Perfect for developers of all levels, this step-by-step guide ensures you can implement QR code generation quickly and efficiently. Join us as we dive into the world of QR codes and enhance your Angular projects with this powerful feature!

    Below are the steps to implement it.

    Step 1: Set Up Your Angular Project.

    If you don’t have an existing Angular project, create a new one using the Angular CLI:

    ng new qr-code-app
cd qr-code-app
    Step 2: Install angularx-qrcode
    Install the angularx-qrcode library using npm:
    npm install angularx-qrcode

    Step 3: Create a Component and import the QRCodeModule.

     

    import { Component } from '@angular/core';
import { MatFormFieldModule } from '@angular/material/form-field';
import { QrCodeModule } from 'ng-qrcode';


@Component({
  selector: 'app-qrcode',
  standalone: true,
  imports: [MatFormFieldModule,QrCodeModule],
  templateUrl: './qrcode.component.html',
  styleUrl: './qrcode.component.css'
})
export class QrcodeComponent {

  value: string = 'QRCODE Generator';
}
    4. Update the QR Code Component.

     

    <div class="container">   
    <h1>Generate QR Codes Example</h1>
    <qr-code value="{{value}}" size="300" errorCorrectionLevel="M"></qr-code>
</div>
    5. Run the Application.
    ng serve

    Navigate to http://localhost:4200/ in your web browser. You should see a QR code generated based on the data provided.

    Summary

    1. Set up your Angular project.
    2. Install the angularx-qrcode library.
    3. Import QRCodeModule in the imports section.
    4. Create a new component for the QR code.
    5. Update the component to generate and display the QR code.
    6. Run your application.

    This setup allows you to generate and display QR codes in your Angular application easily.

    Weather App In JavaScript                 Custom Pipe Example In Angular.

    https://www.npmjs.com/package/angularx-qrcode



    Source link

  • Is XDR the Ultimate Answer to Withstanding the Modern Cyberwarfare Era?

    Is XDR the Ultimate Answer to Withstanding the Modern Cyberwarfare Era?


    The digital realm has morphed into a volatile battleground. Organizations are no longer just facing isolated cyber incidents but are squarely in the crosshairs of sophisticated cyberwarfare. Nation-states, organized cybercrime syndicates, and resourceful individual attackers constantly pursue vulnerabilities, launching relentless attacks. Traditional security measures are increasingly insufficient, leaving businesses dangerously exposed. So, how can organizations effectively defend their critical digital assets against this escalating tide of sophisticated and persistent threats? The answer, with increasing certainty, lies in the power of Extended Detection and Response (XDR).

    The Limitations of Traditional Security in the Cyberwarfare Era

    For years, security teams have been navigating a fragmented landscape of disparate security tools. Endpoint Detection and Response (EDR), Network Detection and Response (NDR), email security gateways, and cloud security solutions have operated independently, each generating a stream of alerts that often lacked crucial context and demanded time-consuming manual correlation. This lack of integration created significant blind spots, allowing malicious actors to stealthily move laterally within networks and establish long-term footholds, leading to substantial damage and data breaches. The complexity inherent in managing these siloed systems has become a major impediment to effective threat defense in this new era of cyber warfare.

    READ: Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government

    XDR: A Unified Defense Against Advanced Cyber Threats

    XDR fundamentally breaks down these security silos. It’s more than just an upgrade to EDR; it represents a transformative shift towards a unified security incident detection and response platform that spans multiple critical security layers. Imagine having a centralized view that provides a comprehensive understanding of your entire security posture, seamlessly correlating data from your endpoints, network infrastructure, email communications, cloud workloads, and more. This holistic visibility forms the bedrock of a resilient defense strategy in the face of modern cyberwarfare tactics.

    Key Advantages of XDR in the Age of Cyber Warfare

    Unprecedented Visibility and Context for Effective Cyber Defense:

    XDR ingests and intelligently analyzes data from a wide array of security telemetry sources, providing a rich and contextual understanding of emerging threats. Instead of dealing with isolated and often confusing alerts, security teams gain a complete narrative of an attack lifecycle, from the initial point of entry to lateral movement attempts and data exfiltration activities. This comprehensive context empowers security analysts to accurately assess the scope and severity of a security incident, leading to more informed and effective response actions against sophisticated cyber threats.

    Enhanced Threat Detection Capabilities Against Advanced Attacks

    By correlating seemingly disparate data points across multiple security domains, XDR can effectively identify sophisticated and evasive attacks that might easily bypass traditional, siloed security tools. Subtle anomalies and seemingly innocuous behavioral patterns, which could appear benign in isolation, can paint a clear and alarming picture of malicious activity when analyzed holistically by XDR. This significantly enhances the ability to detect and neutralize advanced persistent threats (APTs), zero-day exploits, and other complex cyberattacks that characterize modern cyber warfare.

    Faster and More Efficient Incident Response in a Cyber Warfare Scenario

    In the high-pressure environment of cyber warfare, rapid response is paramount. XDR automates many of the time-consuming and manual tasks associated with traditional incident response processes, such as comprehensive data collection, in-depth threat analysis, and thorough investigation workflows. This automation enables security teams to respond with greater speed and decisiveness, effectively containing security breaches before they can escalate and minimizing the potential impact of a successful cyberattack. Automated response actions, such as isolating compromised endpoints or blocking malicious network traffic, can be triggered swiftly and consistently based on the correlated intelligence provided by XDR.

    Improved Productivity for Security Analysts Facing Cyber Warfare Challenges

    The sheer volume of security alerts generated by a collection of disconnected security tools can quickly overwhelm even the most skilled security teams, leading to alert fatigue and a higher risk of genuinely critical threats being missed. XDR addresses this challenge by consolidating alerts from across the security landscape, intelligently prioritizing them based on rich contextual information, and providing security analysts with the comprehensive information they need to quickly understand, triage, and effectively respond to security incidents. This significantly reduces the workload on security teams, freeing up valuable time and resources to focus on proactive threat hunting activities and the implementation of more robust preventative security measures against the evolving threats of cyber warfare.

    READ: Seqrite XDR Awarded AV-TEST Approved Advanced EDR Certification. Here’s Why?

    Proactive Threat Hunting Capabilities in the Cyber Warfare Landscape

    With a unified and comprehensive view of the entire security landscape provided by XDR, security analysts can proactively hunt for hidden and sophisticated threats and subtle indicators of compromise (IOCs) that might not trigger traditional, signature-based security alerts. By leveraging the power of correlated data analysis and applying advanced behavioral analytics, security teams can uncover dormant threats and potential attack vectors before they can be exploited and cause significant harm in the context of ongoing cyber warfare.

    Future-Proofing Your Security Posture Against Evolving Cyber Threats

    The cyber threat landscape is in a constant state of evolution, with new attack vectors, sophisticated techniques, and increasingly complex methodologies emerging on a regular basis. XDR’s inherently unified architecture and its ability to seamlessly integrate with new and emerging security layers ensure that your organization’s defenses remain adaptable and highly resilient in the face of future, as-yet-unknown threats that characterize the dynamic nature of cyber warfare.

    Introducing Seqrite XDR: Your AI-Powered Shield in the Cyberwarfare Era

    In this challenging and ever-evolving cyberwarfare landscape, Seqrite XDR emerges as your powerful and intelligent ally. Now featuring SIA – Seqrite Intelligent Assistant, a groundbreaking virtual security analyst powered by the latest advancements in GenAI technology, Seqrite XDR revolutionizes your organization’s security operations. SIA acts as a crucial force multiplier for your security team, significantly simplifying complex security tasks, dramatically accelerating in-depth threat investigations through intelligent contextual summarization and actionable insights, and delivering clear, concise, and natural language-based recommendations directly to your analysts.

    Unlock Unprecedented Security Capabilities with Seqrite XDR and SIA

    • SIA – Your LLM Powered Virtual Security Analyst: Leverage the power of cutting-edge Gen AI to achieve faster response times and enhanced security analysis. SIA provides instant access to critical incident details, Indicators of Compromise (IOCs), and comprehensive incident timelines. Seamlessly deep-link to relevant incidents, security rules, and automated playbooks across the entire Seqrite XDR platform, empowering your analysts with immediate context and accelerating their workflows.
    • Speed Up Your Response with Intelligent Automation: Gain instant access to all critical incident-related information, including IOCs and detailed incident timelines. Benefit from seamless deep-linking capabilities to incidents, relevant security rules, and automated playbooks across the Seqrite XDR platform, significantly accelerating your team’s response capabilities in the face of cyber threats.
    • Strengthen Your Investigations with AI-Powered Insights: Leverage SIA to gain comprehensive contextual summarization of complex security events, providing your analysts with a clear understanding of the attack narrative. Receive valuable insights into similar past threats, suggested mitigation strategies tailored to your environment, and emerging threat trends, empowering your team to make more informed decisions during critical investigations.
    • Make Smarter Security Decisions with AI-Driven Recommendations: Utilize pre-built and intuitive conversational prompts specifically designed for security analysts, enabling them to quickly query and understand complex security data. Benefit from clear visualizations, concise summaries of key findings, and structured, actionable recommendations generated by SIA, empowering your team to make more effective and timely security decisions.

    With Seqrite XDR, now enhanced with the power of SIA – your GenAI-powered virtual security analyst, you can transform your organization’s security posture by proactively uncovering hidden threats and sophisticated adversaries that traditional, siloed security tools often miss. Don’t wait until it’s too late.

    Contact our cybersecurity experts today to learn how Seqrite XDR and SIA can provide the ultimate answer to withstanding the modern cyberwarfare era. Request a personalized demo now to experience the future of intelligent security.

     



    Source link

  • ZTNA Use Cases and Benefits for BFSI Companies

    ZTNA Use Cases and Benefits for BFSI Companies


    In an era of digital banking, cloud migration, and a growing cyber threat landscape, traditional perimeter-based security models are no longer sufficient for the Banking, Financial Services, and Insurance (BFSI) sector. Enter Zero Trust Network Access (ZTNA) — a modern security framework that aligns perfectly with the BFSI industry’s need for robust, scalable, and compliant cybersecurity practices.

    This blog explores the key use cases and benefits of ZTNA for BFSI organizations.

    ZTNA Use Cases for BFSI

    1. Secure Remote Access for Employees

    With hybrid and remote work becoming the norm, financial institutions must ensure secure access to critical applications and data outside corporate networks. ZTNA allows secure, identity-based access without exposing internal resources to the public internet. This ensures that only authenticated and authorized users can access specific resources, reducing attack surfaces and preventing lateral movement by malicious actors.

    1. Protect Customer Data Using Least Privileged Access

    ZTNA enforces the principle of least privilege, granting users access only to the resources necessary for their roles. This granular control is vital in BFSI, where customer financial data is highly sensitive. By limiting access based on contextual parameters such as user identity, device health, and location, ZTNA drastically reduces the chances of data leakage or internal misuse.

    1. Compliance with Regulatory Requirements

    The BFSI sector is governed by stringent regulations such as RBI guidelines, PCI DSS, GDPR, and more. ZTNA provides centralized visibility, detailed audit logs, and fine-grained access control—all critical for meeting regulatory requirements. It also helps institutions demonstrate proactive data protection measures during audits and assessments.

    1. Vendor and Third-Party Access Management

    Banks and insurers frequently engage with external vendors, consultants, and partners. Traditional VPNs provide broad access once a connection is established, posing a significant security risk. ZTNA addresses this by granting secure, time-bound, and purpose-specific access to third parties—without ever bringing them inside the trusted network perimeter.

    Key Benefits of ZTNA for BFSI

    1. Reduced Risk of Data Breaches

    By minimizing the attack surface and verifying every user and device before granting access, ZTNA significantly lowers the risk of unauthorized access and data breaches. Since applications are never directly exposed to the internet, ZTNA also protects against exploitation of vulnerabilities in public-facing assets.

    1. Improved Compliance Posture

    ZTNA simplifies compliance by offering audit-ready logs, consistent policy enforcement, and better visibility into user activity. BFSI firms can use these capabilities to ensure adherence to local and global regulations and quickly respond to compliance audits with accurate data.

    1. Enhanced Customer Trust and Loyalty

    Security breaches in financial institutions can erode customer trust instantly. By adopting a Zero Trust approach, organizations can demonstrate their commitment to customer data protection, thereby enhancing credibility, loyalty, and long-term customer relationships.

    1. Cost Savings on Legacy VPNs

    Legacy VPN solutions are often complex, expensive, and challenging to scale. ZTNA offers a modern alternative that is more efficient and cost-effective. It eliminates the need for dedicated hardware and reduces operational overhead by centralizing policy management in the cloud.

    1. Scalability for Digital Transformation

    As BFSI institutions embrace digital transformation—be it cloud adoption, mobile banking, or FinTech partnerships—ZTNA provides a scalable, cloud-native security model that grows with the business. It supports rapid onboarding of new users, apps, and services without compromising on security.

    Final Thoughts

    ZTNA is more than just a security upgrade—it’s a strategic enabler for BFSI organizations looking to build resilient, compliant, and customer-centric digital ecosystems. With its ability to secure access for employees, vendors, and partners while ensuring regulatory compliance and data privacy, ZTNA is fast becoming the cornerstone of modern cybersecurity strategies in the financial sector.

    Ready to embrace Zero Trust? Identify high-risk access points and gradually implement ZTNA for your most critical systems. The transformation may be phased, but the security gains are immediate and long-lasting.

    Seqrite’s Zero Trust Network Access (ZTNA) solution empowers BFSI organizations with secure, seamless, and policy-driven access control tailored for today’s hybrid and regulated environments. Partner with Seqrite to strengthen data protection, streamline compliance, and accelerate your digital transformation journey.



    Source link

  • Top 10 PHP Security Best Practices.

    Top 10 PHP Security Best Practices.


    Top 10 PHP Security Best Practices.

    In today’s digital landscape, security is a paramount concern for developers and users alike. With the increasing sophistication of cyber threats, ensuring the security of web applications is more critical than ever. PHP, being one of the most widely used server-side scripting languages, powers millions of websites and applications. However, its popularity also makes it a prime target for attackers.

    As a PHP developer, it is your responsibility to safeguard your applications and user data from potential threats. Whether you’re building a small personal project or a large-scale enterprise application, adhering to security best practices is essential. In this blog post, we will delve into the top PHP security best practices every developer should follow. From input validation and sanitization to secure session management and error handling, we’ll cover practical strategies to fortify your PHP applications against common vulnerabilities.

    Join us as we explore these crucial practices, providing you with actionable insights and code snippets to enhance the security of your PHP projects. By the end of this post, you’ll have a solid understanding of implementing these best practices, ensuring your applications are robust, secure, and resilient against potential attacks. Let’s get started on the path to mastering PHP security!

    Here are some top PHP security best practices for developers:

    1. Input Validation and Sanitization
    • Validate Input: Always validate and sanitize all user inputs to prevent attacks such as SQL injection, XSS, and CSRF.
    • Use Built-in Functions: Use PHP functions like filter_var() to validate data, and htmlspecialchars() or htmlentities() to sanitize output.
    2. Use Prepared Statements
    • SQL Injection Prevention: Always use prepared statements and parameterized queries with PDO or MySQLi to prevent SQL injection attacks.
    $stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email');
$stmt->execute(['email' => $email]);
    3. Cross-Site Scripting (XSS) Prevention
    • Escape Output: Escape all user-generated content before outputting it to the browser using htmlspecialchars().
    • Content Security Policy (CSP): Implement CSP headers to prevent the execution of malicious scripts.
    4. Cross-Site Request Forgery (CSRF) Protection
    • Use CSRF Tokens: Include a unique token in each form submission and validate it on the server side.
    // Generating a CSRF token
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));

// Including the token in a form
echo '';
    5. Session Management
    • Secure Cookies: Use secure and HttpOnly flags for cookies to prevent XSS attacks.
    session_set_cookie_params([
'lifetime' => 0,
'path' => "https://phpforever.com/",
'domain' => '',
'secure' => true, // Only send cookies over HTTPS
'httponly' => true, // Prevent access via JavaScript
'samesite' => 'Strict' // Prevent CSRF
]);
session_start();
    • Regenerate Session IDs: Regenerate session IDs frequently, particularly after login, to prevent session fixation.
    session_regenerate_id(true);
    6. Error Handling and Reporting
    • Disable Error Display: Do not display errors in production. Log errors to a file instead.
    ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', '/path/to/error.log');
    7. Secure File Handling
    • File Uploads: Validate and sanitize file uploads. Restrict file types and ensure proper permissions are set on uploaded files.
    $allowed_types = ['image/jpeg', 'image/png'];
if (!in_array($_FILES['file']['type'], $allowed_types)) {
die('File type not allowed');
}
    8. Secure Configuration
    • Use HTTPS: Always use HTTPS to encrypt data transmitted between the client and server.
    • Secure Configuration Files: Restrict access to configuration files. Store sensitive information like database credentials securely.
    9. Keep Software Updated
    • Update PHP and Libraries: Regularly update PHP, frameworks, and libraries to the latest versions to patch security vulnerabilities.
    10. Use Security Headers
    • Set Security Headers: Use headers like X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security to enhance security.
    header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');

     

    By following these best practices, PHP developers can significantly enhance the security of their applications and protect against common vulnerabilities and attacks.

    Ajax Live Search Example In PHP & MYSQL.



    Source link