Software Engineer at AWS | Tech & Product Musings at https://aastikta.substack.com/

Primer to understand basics of threat modeling and things to keep in mind while building a threat model for an API

Image for post
Image for post
Photo by James Sutton on Unsplash

Introduction

APIs have become one of the most common ways of communication and provide an entry point to any application and their data. Along with the flexibility and ease of integration, APIs also bring with them potential risks, vulnerabilities and threats to their systems. It becomes important to secure APIs during their development phase and threat modeling helps in achieving it.

Threat Modeling is the approach to design risk tolerant and secure systems by identifying threats to the API and building mechanisms to mitigate those. There can be several factors contributing to the exposed risks of any API and as per Open Web Application Security Project (OWASP) some of the top 10 risks of 2019 included broken object level authorization, broken user authentication, data exposure, lack of resources & rate limiting, broken function-level authorization, mass assignment, security mis-configuration, injection, improper asset management, and insufficient logging and monitoring. …

Which one is right for your deploy needs?

six small rocks balanced on top of each other in front of a waterfall
six small rocks balanced on top of each other in front of a waterfall
Photo by Martin Sanchez on Unsplash

Introduction

Load balancing is the process of evenly distributing your network load across several servers. It helps in scaling the demand during peak traffic hours by helping spread the work uniformly. The server can be present in a cloud or a data center or on-premises. It can be either a physical server or a virtual one. Some of the main functions of a load balancer (LB) are:

  • Routes data efficiently
  • Prevents server overloading
  • Performs health checks for the servers
  • Provisions new server instances in the face of large traffic

Types of Load Balancing Algorithms

In the seven-layer OSI model, load balancing occurs from layers 4 (transport layer) to 7 (application layer). …

Concepts to think about when building out your API

Kid flexing by the sea.
Kid flexing by the sea.
Photo by Ben White on Unsplash.

An API is the building block of any client-server communication because it helps exchange information in the form of a request-response pattern. In any distributed system, it becomes immensely important to build APIs that are robust in nature and highly available even in the face of a network issue.

This article will explore a couple of good practices that help in developing highly available, robust APIs.

Idempotency

In the face of a network failure, the API design must be expected to provide a response in a consistent way when the system comes back up. This is one of the most common issues in a distributed systems world where a failure either on the client or server side leads to a retry on the API operation. In such scenarios, APIs should be built in an idempotent way. As many times as you call the API with identical requests, the response will remain the same. …

https://aastikta.substack.com/welcome
https://aastikta.substack.com/welcome

DNS provides an easy, human readable way to map naming for any resources that are connected to internet. You can consider DNS as like a phonebook that stores IP addresses of various domains. In every communication on network, DNS plays a crucial role to lookup the destination IP address and hence, DNS service is one of the most important parts of any network communication.

In a distributed systems world, there are several times when the network issues baffle us with an unprecedented spike in traffic or increased failure rate of any dependent services. DNS service, being a crucial part of any distributed system, should try to build a safety net around itself to avoid large scale failures during lookup. …

Image for post
Image for post
Image captured by me during the Keynote session at GHC 2017

Yes! I finally return from Orlando with a brain full of ideas, phone full of photos, LinkedIn full of new connections and a bag full of swags. Grace Hopper was one of the major highlights for me this year and I will always remember 2017 as the year when I got an opportunity to attend it. A big shout out to Microsoft for making my dream come true. 😊

Image for post
Image for post

Now, it’s time to pass it on to the future attendees(hopefully me too!) and future first time attendees (like me!). There was a lot of learning for me starting from registration process to actually attending the conference. …

Original Article published on theashani.com

Image for post
Image for post
So many options!

The financial topic which is most talked among the international students(I know, first is the student loan part!) is credit history. The day you enter United States you start hearing about credit history from your relatives, friends, colleagues, everybody!

I am not a financial expert but being an international student in US has taught me various things which I believe is known to every person coming to States. …

Image for post
Image for post

Google has always been a huge proponent of Artificial Intelligence and Machine Learning and have always been an active participant in trying to develop something cooler than ever. It has come up with Self-driving cars (though market is yet to see it getting launched), better page ranking algorithms to do the best searches, etc. and now it has introduced ALLO and DUO to revolutionize the world of communication.

Google announced the launching of two messaging apps in 10thGoogle I/O 2016 Conference and promised to give the world a new way of messaging with its two new apps, Allo and Duo. …

Apocalypse of Unicorn Age: The truth behind the waning of the Startups

Image for post
Image for post

Silicon Valley has mostly been dominated by the startups worth $1 billion or more, which we proudly call as the Unicorns. Their glory marked 2015 as the new era of technology and ideas that were established to change the way investors dive into this market. In fact, Forbes even marked 2015 as the Age of Unicorns. A billion dollar tech startup, which was once considered as a myth, was becoming the reality in 2015. But, it’s just a year and the news have already been flooded with the end of it. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store