System Design, Development, Deploy and Infra

API Security Do's and Don'ts Don't trust input data for an API and do validate all inputs. Ensure you understand security and keep sensitive data out of code. Don't hardcode keys/tokens Don't reveal useful info in error messages. Don't have hidden/unadvertised features. Don't filter data in UI - control at app level Don't confuse authentication and authorization Always use API gateways to control access and traffic Do require API documentation. Do expect users/hackers to find and use undocumented endpoints Do continuous testing - attack simulation, test configs, fuzzing, injections OWASP API Security Top 10 Vulnerabilities 2023 API-1:2023 - Broken Object Level Authorization: BOLA is still the leading vulnerability that plagues APIs. When data objects do not have sufficient access controls in place, resources can be accessed by unauthorized users. API-2:2023 - Broken Authentication  Broken Authentication contains all vulnerabilities associated with auth...

  In the Open Systems Interconnection (OSI) model, Layer 7 is the Application Layer . It is the topmost layer and is responsible for providing network services to user applications. This layer interacts directly with the software applications that users interact with, providing the interface for them to access network resources. Functions of the Application Layer: User Interface: Provides a way for users to interact with network services through applications like web browsers, email clients, and file transfer programs. Application Services: Offers services like file transfer, email, remote login, and directory services. Service Identification: Identifies and distinguishes between different types of network services (e.g., HTTP for web browsing, SMTP for email). Data Representation: Ensures that data is in a format that can be understood by both the sending and receiving applications. Encryption and Decryption: Handles encryption and decryption of data for security purp...

The main purpose of the load balancer is to distribute the traffic evenly across multiple servers. The Load Balancer promises the efficient usage of the back-end servers without overloading and not keeping the server in busy times. Avoiding the server overload will reduce the downtime. Table of Content: Different types of LB Algorithms used by ALB ALB Features  Questions Configuring ALB in AWS  Creating K8S config files Factors to consider to ALB design There are different types of load balancers: Application Load Balancer (Layer 7) Network Load Balancer Global Server Load Balancer Let's narrow our discussion to Application Load Balancer(ALB). The ALB operates on layer 7 of OSI model.   Algorithms used by ALB are: Round Robin   Least connections Weighted Round Robin IP hash Least Connections Response time The ALB evaluates incoming requests to ensure efficient and reliable traffic distribution. LB has to ensure. High availability Scalability Performance opt...

SKUs define what you get.  Tenants define who gets it in a securely isolated way. A SaaS provider benefits from SKUs for tiered pricing and multi-tenancy for efficient resource usage.   SKU (Stock Keeping Unit) Features and Pricing: SKUs in a SaaS application typically dictate the set of features, functionalities, and usage limits (e.g., storage, number of users, API call volumes) available to a customer. Customer Choice: Customers choose an SKU based on their needs and budget. Higher-tier SKUs usually offer more capabilities and resources at a higher cost. Within a Tenant: A single tenant (customer) can only be subscribed to one SKU at a time, but may potentially upgrade or downgrade over time. Tenant Data Isolation: A tenant represents a logically isolated instance of the SaaS application dedicated to a specific customer or organization. A customer's data, configurations, and often customizations are kept completely separate from other tenants. Multi-Te...