So let’s say you get the plumbing bug when you’re a kid.
I don’t know how, maybe you fixed your childhood home’s water pressure issue by watching a Youtube video and got hooked on valves, pipes and plungers.
So you start helping out with other projects, your uncle installing a radiator, your neighbour’s new bathroom etc; you go on forums, get advice, get good, start giving advice, and you’re still just a kid. Everyone thinks you’re a genius.
We all know about DOS attacks coming from a flood of requests overwhelming a server, or clever manipulations/abuses of web infrastructure, but what if I told you a simple but mis-implemented bit of input validation could also lead to your servers downfall?
There seems to be a wealth of information about the technicalities of HTTPS and server certs, but very little user-friendly introductions about what problems they try to solve, which probably explains why so few developers bother with them. But they are worth understanding, especially as you may find yourself in a small-shop or devops role where you will need to use them extensively; on top of that, it’s actually quite interesting once you get into it….
What if I told you that by submitting a single, basic URL, an attacker could totally own your whole AWS account?
Let’s say you have a client app that needs to connect to a third party backend system via your servers. The backend requires several query parameters (the part of the URL after the “?”) to be specified in the request (say, bit rate ranges for a given video configuration) but for business reasons you can’t have requests that carry query parameters. How do you get the relevant parameters to the backend? Apache rewrite rules is how! Continue reading
So you know about the seven layers of the OSI Network model, but now I hear you ask, “what can it do for me, as a developer?”
One of the key architectural decisions you’ll have to make when building a new networked system is how to apply load balancing. Load balancing is simply the spreading of requests between several servers running the same application, and is normally done at the network architecture level. I’m not going to go into the pros and cons of different strategies, but one thing you should know about is the difference between load balancing at the transport layer (TCP/IP, or Layer 4) and the application layer (Later 7) as this will massively impact how your application is structured, especially if you are using TLS/PKI/HTTPS….
Networking is not something a lot of developers look into. We assume that the requests come in from the network and the responses go out, without thinking about how the data is actually sent around. This is for the best, normally; network infrastructure is a field unto itself. However, in these days of micro-services, cloud computing and full stack development, you might be asked to make choices about the network, such as what load balancers to use and where. Therefore a basic understanding of the principles underlying these networks is very important.
One of the key concepts to understand is the idea of Network Layers. This breaks the passage of information around the network into several incremental ideas or abstractions, built on e on top each-other. Think of it like a house; you have the land, an architect will have to think of one way, then the foundations that are built into the land, which will have to thought of in a different way with a different set of knowledge, then the load bearing walls which again are different etc. until you have a full house. So it goes for the idea of a network. The actual name of this model is the Open Systems Interconnection Model, but that sounds far more intimidating that it actually is.
It’s really quite simple, when you break it down into questions…..
I remember when I was first drafted into the security council of my then employers. I was just a developer keen to improve my understanding of application security, and there I was with the senior architects and developers, along with the devision’s head of delivery. And yet I did something that inadvertantly propelled me into the role of being one of the leaders of the council, significantly raising my profile within the devision and leading to more opportunities. Read on to find out more….