News

Neural Brothers is a sister company of MTR Design, established by our CEO and MTR Design's team of AI specialists, dedicated for projects that require implementing artificial intelligence techniques. In this case study the owner of Skoosh.com tells about the challenges his business was facing and how the solutions, developed by our team, improved the Skoosh system's productivity dramatically, allowing their business to grow exponentially. After implementing our automated review system, the Skoosh product pool grew more than ten times, while the manpower needed to maintain the data was reduced from one year for every 70 000 items, to about 3 days for every 100 000 items.

The SuccessFactors API gives us access to any data entity in the system with an easy to use interface. And I really mean easy -- the coolest thing about it is that it is based on the OData standard. OData is both simple to use in ad-hoc requests and there are a lot of client libraries out there that can make building queries easier. I usually prefer the former approach.

One of the most exciting things in our projects is working with new API's. This time it's the SAP Jam API. It has pretty good Java support, but I wanted to use it from our Python codebase, so I had to get creative.

If you had a slumberous February weekend, there is no reason to feel bad about it - after all, most of the world did. There was a special group of people, however, who gave up sleep and rest, in favor of creating awesome applications that could change the way you and I experience music. Yes, I'm talking about the hackers that took part in the MusicHackDay event in San Francisco. These are the guys pushing the envelope, and these are the ideas you should watch out for, in case you have anything to do with the music industry.

Cotton Cart, our newest project, has just launched. Some of you are probably already familiar with Dizzyjam - our e-commerce and merchandising platform which we created to make it easy and risk-free for anyone in the music industry to make money from their merchandise.

We've been invited to do another training session on Python and Django at the Telerik Academy.

In part 1 I covered the reasons why it is in your best interest to monitor your servers, and how can S2Mon help with that task. Well, we know that monitoring can be all cool and shiny, but how hard is it to set up? After all, the (real or perceived) effort required for the initial configuration is the single biggest reason why people avoid monitoring. In this part I'll explore the configuration process with S2Mon.

The more you free your people to think for themselves, the more they can help you. You don't have to do this all on your own.
— Richard Branson

We've all heard that servers sometimes break for one reason or another. We often forget, however, how inevitable it is. While everything is working, the system looks like a rock solid blend of software and hardware. You get the feeling that if you don't touch it, it would keep spinning for years.

Is your server/website secure? How do you really know? Let me get back to this in a while.

At MTR Design we are open to challenges so when the guys from KEO Films asked us whether we could create the longest webpage yet, we were more than pleased to accept the commission.

Here, at MTR Design, we are managing multiple web apps, servers and system components. All of them generate some kind of logs. Most of the time the logs are trivial and contain nothing that we should be concerned about. There is the odd case, however, where some log gets an entry that truly deserves our attention.

Why the Web Application security matters? Under these circumstances, it is not hard to answer this question. Since virtually anyone has access to "hacking resources", the threat to the information security has increased enormously. With the migration to the Web applications, combined with the whole fuzz around the cloud computing, the focus of the security specialists and researchers has shifted.

Here at MTR we try to make a difference every day, by challenging stereotypes and finding creative ways to deal with our tasks. This month, however, I will try to make a difference in another way - by doing some teaching. A Django Crash Course (in Bulgarian) will take place on Aug 31st, in the headquarters of the initLab hackerspace in Sofia. I've been thinking about this for a while, since Django is basically unknown around here, and I finally found the time to do a little (pr|t)eaching.

What can I say about file upload forms? Every pentester simply loves them - the ability to upload data on the server you are testing is what you always aim for. During a recent penetration test, I had quite the fun with this form that was supposed to allow registered users of the site to upload pictures and videos in their profiles. The idea behind the test was to report everything as it was found, and the developers would fix it on the fly. The usual SQL injection and XSS issues they had no problems with, but the image upload turned to be a real challenge. When I got to the file upload form, it performed no checks whatsoever. I tried to upload a PHP shell, and a second later I was doing the happy hacker dance.