All posts by Christy Hillebrink

Uniface gets to work in the Martell cellars

Pernod Ricard

PR

A world leader in Wines and Spirits, Pernod Ricard have 90 subsidiaries and 100 production sites in 80 countries. The company was founded in 1975 and has 40 years of innovation, excellence and a portfolio of prestigious products. The group’s strategy currently focuses on the “Top 14” premium brands including Chivas Regal, Jameson, and Absolut.

The Challenge

The challenge for Pernod Ricard was to develop a mobile application, available offline, intended to manage and inventory all spirit barrel movement by scanning their barcodes, then synchronizing post-clearance data stored in SQLite embedded database with the Central Oracle database.

Digitalizing the processes

In 2012 the group’s IT systems were to be digitalized and Pernod Ricard looked to develop mobile functionality for the management of their cellars.

The cellars are considered having an “explosive atmosphere” (ATEX regulations) and may not be equipped with either Internet or Wi-Fi. It is, therefore, essential that the mobile devices work offline on an embedded database and then synchronize that database afterwards with the central system.

Cognac

Uniface: Technological expertise serving mobility

Equipped with Uniface for over 20 years, we continue to help Pernod Ricard meet their needs when business or technical issues require their intervention.

“Implementing the offline scans, for example, required a very sharp and pointed expertise for which we preferred to turn to Uniface,” Jean Jacques Delavaud, Head of Competency Center.

Working with Pernod Ricard, we developed an embedded SQLite database solution and our team developed a specific driver enabling the two systems to integrate.In May 2015, both the driver and the new version of Uniface were delivered and the Pernod Ricard teams are in the process of creating a prototype.

Supplier Relationship Management tool

A Supplier Relationship Management tool is already under development. Which allows providers follow their delivery status, billing information or even trace their last sample.

Pernod Ricard can then use this to gather information on projects, activities, provider issues, and better target projects to attract customers and build loyal relationships. Such successful solutions will give the group a significant competitive advantage in an increasingly complex and volatile economic environment.

By Fall 2015 the mobile application should be fully operational in two of the group’s companies for the management of more than 6.2 million barrels.

You can find out more about how Uniface helped Pernod Ricard here.

Using Standard Deployment for your Uniface Applications

Author: Michel van den Berg, Uniface Software Architect

Deploying your Uniface applications with standard deployment is a methodology that can perhaps make your life easier. With the classic style of deployment, rolling out your application is not always that straight forward. The following graphic shows this, .dol and .urr files are shared over the components, making it difficult to structure.

Classic Style

With Uniface Standard Deployment, the runtime environment will be different, all objects are delivered in single or a small set of  archives.  This of course brings many benefits, such as easier application distribution, updates and partitioning. No more .dol’s or .urr’s files getting mixed together over applications.

USD

To help you get started with using Standard Deployment for your Uniface applications, join this online seminar that will show you the overview of the functionality so you can learn how to move from classic to standardized deployment style.  Registration is open, hope to see you there on January 7th.

Uniface Details its Mobile Strategy and Roadmap during North American User Group Event

Other Conference Highlights Include Keynotes from Forrester Research and Uniface 10 Workshops

photo 5

Uniface is hosting its annual North American user conference in Las Vegas this week, which brings together its many users from across the United States.

During the conference, Uniface will detail its mobile strategy to create cross platform mobile applications; and how it can help address the current opportunities and challenges of developing mobile apps. Mike Gualtieri, Principal Analyst, Forrester Research will add to the discussion with two keynote presentations – ‘Mobile Is the Norm, Now Innovation Must Begin’ and ‘ The Future of Application Development’. It is an information packed agenda with sessions updating attendees on the ‘new’ Uniface, customer presentations, Uniface 10 workshops, a speed networking event and much more.  This event kicks off a Uniface world tour to help customers address the pressing challenge of mobile development with events in Germany, the Netherlands, Mexico and Japan scheduled this year and other locations in the planning.

This Week: Uniface Hosts Inaugural, Global Distributors and Resellers Conference 2014

Uniface’s Inaugural Global Distributors and Resellers Conference Entitled – “ABC = Always Be Closing”

Uniface is looking forward to its inaugural conference, which brings together its leading distributors and resellers from across the globe in Amsterdam this week.

Uniface is pleased to offer the chance to its distributors and resellers to attend the Inaugural Conference, which gives attendees a range of commercial and technical topics, over three intense days of sessions. These are all aimed to give maximum knowledge to key players in our global distributors and resellers’ network along with the opportunity to increase awareness and understanding of our product and services, and develop enhanced partnerships within our partner ecosystem. The event aims to boost our understanding of distributors and resellers’ requirements by providing feedback opportunities on the range of benefits offered.

We would like to take this opportunity to welcome this year’s attendees: Acenet Oy, Finland; ACRUX, Mexico; COMPUAMERICA C.A., Venezuela; Freelance Consultant, Italy; Icignus Tecnologia, Brazil; IT IS, The Netherlands; Labinf Sistemi, Italy; ONE1, Israel; Shanghai Yungoal Info Tech Co., Ltd, China; Sogeti, The Netherlands; TaKT, Japan; Techshire, India; Wizrom Software, Romania; XEE Tech – Mobilne Aplikacije d.0.0., Croatia.

Automated Security Analysis for Uniface Web Applications

Guest contributor, Job Jonkergouw, Uniface Intern

Last February I started my internship at the Uniface. In need of a research project for my Master’s in Software Engineering, I tried my luck at the Uniface headquarters in Amsterdam which offered a subject that was both challenging and socially relevant: security of web applications.

Security is a hot issue in today’s IT landscape as news of stolen user databases and hacked websites regularly hit the headlines. Traditionally, developers react by implementing counter measures such as firewalls and SSL but according to experts this is not enough: “secure features do not equal security features” (see Howard & LeBlanc, Writing Secure Code). Software has to be written with security in the mind and hearts of the developers.

In an attempt at ensuring code security, models like Microsoft’s MS SDL and OWASP’s SAM recommend various steps in development. These include security requirement specification, architecture review, threat modeling and other practices. Another important guideline is security code review. However, done by humans this can be tedious and requires a high level of expertise, which is why many developers opt for something quicker.

Automated code review will be familiar to anyone who has used Word’s spell checker or a sophisticated IDE such as Eclipse. For the purpose of security analysis, automated tools can check each line of code for dangerous function calls, iffy comments or unchecked in and output. This is commonly known as static security analysis, contrasting with a technique called dynamic security analysis: emulating actual attacks on the web application. Also known as pen testing, it is commonly executed by sending HTTP requests containing dangerous payloads such as SQL injection or cross-site scripting.

The objective of my research project was to gauge the difference between using dynamic and static security analysis for Uniface web applications. To test this empirically, I designed an experimental website that contained several exploitable vulnerabilities. Several tools — both dynamic and static — were then tested by their ability to find each of these exploits.

The first objective was to identify the security analysis tools that were to be used. Some of the popular brands such as IBM’s AppScan and HP’s WebInspect require thousands of dollars of licensing fees, making them impractical for my studies, while others don’t support the technologies used by the Uniface framework. Another issue concerned how more and more commercial products are being offered as a Software-as-a-Service (SaaS) on the cloud. While this makes it easier for the vendor to manage their licenses, it can be detrimental for developers who would not like to upload their source code to a third party or to have a testable web application deployed live on the web.

Although the previously mentioned scrapped many of the popular solutions from my list, there were still enough tools left to experiment with, most of the open source. Making the final cut were five static analysis tools – FindBugs, LAPSE+, VCG, Veracode and Yasca ­– and five dynamic analysis tools – IronWASP, N-Stalker, Wapiti, w3af and ZAP.

The test environment was developed quickly using the Uniface Development Framework. During this step, I injected several vulnerabilities by removing a few important lines of proc code and twisting the properties of some of the widgets. These included accessing other user pages by modifying the user ID in the URL and unrestricted file uploading. As these were mainly behavioral issues, these types of exploits were only detectable with dynamic analysis as no static tools can read proc code.

Other modifications I made at the Java source code level on the web server. These included important sanitization checks that normally prevent dangerous attacks such SQL injection and cross-site scripting. Notably different is that Java code is well understood by many static analysis tools.

 

Job blog1

 

The resulting website containing the vulnerabilities is shown above. Each tool was tested on its rate of discovery and the number of false positives. This latter number was much higher for most static tools, but was expected due to prior research and for theoretical reasons. The number of vulnerabilities tool found what varied widely as can be seen in the graphs below. Some vulnerabilities itself were hard to found altogether (such as path traversal requiring guessing of the right file name). But this was perhaps due to the nature of Uniface of being hard to scan, which makes it harder for actual attackers. A more detailed discussion on the results can be found in my final thesis [link].

Job blog2

Despite the results containing few surprises, the internship offered me a great time at the Uniface development department, which proved to be both helpful and educational.

In just a few months’ time I was able to learn a new development language, build an application and carry out the work for my thesis thanks to the working environment and colleagues that helped me overcome any big hurdle. For this, my gratitude.