Software And Architecture

A Detailed Comparison: WebAssembly vs. Java Applets WebAssembly and Java Applets are technologies aimed at enhancing web applications by enabling execution of code directly in the browser. However, they have significant differences in terms of architecture, performance, security, and modern web development practices. Let's compare these two technologies in-depth, along with scenarios and code samples. WebAssembly Architecture: WebAssembly is a binary instruction format that allows high-level languages to be compiled into a low-level bytecode that can run efficiently in browsers. It provides a secure sandboxed environment where code can execute without direct access to browser internals. WebAssembly modules can be integrated into web applications, enabling performance-critical components to run faster than JavaScript. Performance: WebAssembly code can achieve near-native performance, making it suitable for applications requiring complex computations or real-time interacti

Mitigating SQL Injection Attacks with Entity Framework Core Introduction:  SQL injection is a serious security vulnerability that occurs when an attacker manipulates input data to execute unauthorized SQL queries. Entity Framework Core (EF Core) is an Object-Relational Mapping (ORM) framework that provides built-in safeguards against SQL injection attacks. This article explores how EF Core helps prevent SQL injection, discusses common attack vectors, and provides code samples to illustrate the concepts. Understanding SQL Injection:  SQL injection occurs when untrusted user input is directly concatenated into SQL queries. Attackers exploit this vulnerability by injecting malicious SQL code, leading to data breaches, unauthorized access, and more. How EF Core Helps Prevent SQL Injection: Parameterized Queries: EF Core automatically generates parameterized queries. Instead of concatenating values directly into SQL statements, it binds input values as parameters. This prevents attacke

Securing Applications with ASP.NET Core OWIN Middleware Against Payload Attacks Introduction:  Cybersecurity is a crucial aspect of modern application development. One area of concern is preventing attacks that exploit vulnerabilities in request payloads. This article explores how to use ASP.NET Core OWIN middleware to enhance the security of your applications by addressing payload-based attacks. Vulnerability:  Payload Attacks Payload attacks involve sending malicious data in the request payload to exploit vulnerabilities. These attacks can lead to various security breaches, including data exposure, injection attacks, and remote code execution. Using OWIN Middleware:  ASP.NET Core provides the OWIN (Open Web Interface for .NET) middleware pipeline, which can be customized to intercept and process requests before they reach the application's core logic. This provides an opportunity to implement security measures. Sample Code Implementing Payload Inspection Middleware: Here'

GPG In this post today, we are going to look into the steps that we need to follow to generate and use a gpg  key with github Below given are the steps Installation Install  GnuPG for windows Validation of Installation Run the below command to verify if gpg is installed and working fine gpg --version Generate GPG key gpg --full-generate-key Running the above command will start running a command line wizard or sequence of steps, Choose the right length of the key Provide your username and email address Also provide a comment (Optional) Once done, approve with "O" Then the system will prompt for Key phrase, which will be used to secure the keys, so please remember and provide a secure value Listing the key List the keys that were generated as a result of the previous command using the below command gpg --list-secret-keys --keyid-format=long This command will produce a similar output gpg --list-secret-keys --keyid-format=long -------------------------------- pub   2048R/35F5FFB2

The Problem Statement There is an issue that an malicious attacker can inject iframes within the app so that the iframe can have a source to an external application that is outside of the parent app's domain. Sample Lets consider the app to be hosted at https://app.com/. The attacker could inject an iframe that will contain a source to https://malicious.com/ In this case, we have to prevent any iFrames injected in our app that can point to a domain that is different from ours. To fix this issue, add the following header in the response for each request Solution X-Frame-Options : SAMEORIGIN Web.config Solution <system.webServer> <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="SAMEORIGIN" /> </customHeaders> </httpProtocol> </system.webServer> Global.asax solution protected void Application_Start () { AntiForgeryConfig . SuppressXFrameOptionsHeader = true ; }

Introduction Policies are a fine grained model of applying security restrictions on the various entities in the business application.  Can I achieve fine grained access only with Policies? The answer is NO. There are ways where we can model the same with the entity level permissions like feature. So what is so special about policies. Policies are typically a agreed upon JSON format that can be used to be built by the user and tie up with any entity or specific record in the entity. Since this is a JSON, it is easy to define and contain wildcards, regex matches etc which kind of becomes difficult to manage in other formats. Design The below diagram illustrates how the policies can be created and enforced in an application. As shown above, the Administrator is responsible to create the policies and bind them with the entities. Enforcement of the policies are done as part of the entity service, which passes on the request for access to a policy manager. The policy manager talks to the dat

Introduction Which database strategy do I choose from and what are the options on the table? This post aims to help the developer / architect to choose the database strategy for a multi-tenant application In a multi-tenant application, there are many areas or concerns that require attention like the cost, data isolation and protection, maintenance, and disaster recovery. Multi-tenant solutions can opt any strategy from one database per tenant (fully isolated) to one row per tenant (shared database) or to have separate schema per tenant in the same database (Shared server, separate schemas).

There exists a notion that in order to achieve the better security, we should opt for the physical isolation of databases This is not true in reality, we can design using the right patterns so that we can still have the single table which have all the tenant information and still use the row level security pattern to restrict the data access by the tenant. However, this has to be done for a MVP and based on the various parameters, this design is to be revisited and incase of having a tenant that has a very huge volume of data, in that case, we can migrate the tenant data to a separate database. The migration of the data might be taking more time, so there should be a suitable connector that is built so that the tenant filter is applied during the data migration in the appropriate value. The approach of having a single database is not applicable when there are GDPR or other HIPPAA compliances to be enforced.

Row Level Security The need for row level security stems from the demand for fine-grained security to the data. As the applications are generating vast amounts of data by the day. Application developers are in need of making sure that the data is accessible to the right audience based on the right access level settings. Even today, whenever an application was built, the application development team used to spend a lot of time researching the approach, implementing multiple tables multiple logics 25 queries to add filters to manage the data security for every query that gets transferred from the end user request to the application database. This approach requires a lot of thought process, testing and security review because the queries needs to be intercepted, updated and the data retrieval to be validated to make sure the end-users see only the data that they are entitled to. Implementation With the advent of of row level security feature being rolled out in main d

Why a Vault? The reason for having a vault is to have the secrets for the application stored in a very "safe" / "secure" location so that only trusted clients of the Vault (Web Apps / Services etc ) can get access to the secrets. When we do not use a vault, the dev team will check-in the secrets like Database Credentials, AWS credentials etc to the source control, which leaves it open to be accessible to anyone that gets access to source code. There are a lot of Vaults out there in AWS, Azure etc, but this system is opensource and we have full control of the installation and security, which piqued my interest and hence I started exploration. Dangers of exposing Secrets In the hands of wrong person, it could be disastrous, especially if the secret has more privileges, more the depth of the damage Developers might get to try out changes with these credentials. In recent years, a colleague of mine forgot to append the where clause in the production

User Authentication in Multi-Tenant SaaS Apps Introduction We will cover few scenarios that we can follow to perform the user authentication in a Multi-Tenant SaaS application. Scenario 1 - Global Users Authentication with Tenancy and Tenant forwarding In this scheme, we have the SaaS Provider Authentication gateway that takes care of Authentication of the users by performing the following steps Tenant Identification User Authentication User Authorization Forwarding the user to the tenant application / tenant pages in the SaaS App This demands that the SaaS provider authentication gateway be a scalable microservice that can take care of the load across all tenants. The database partitioning (horizontal or other means) is left upto the SaaS provider Service. Scenario 2 - Global Tenant Identification and User Authentication forwarding   In the above scenario, the tenant identification happens on part of the SaaS provider Tenant Identification gateway. Post which, the