Wednesday, November 20, 2024

Key concepts in System Design

 System Design




  1. Load Balancing: Distributes incoming traffic across multiple servers to improve performance and availability.
  2. Caching: Stores frequently accessed data for quicker retrieval, reducing latency.
  3. Sharding: Splits a database into smaller, manageable parts for better performance and scalability.
  4. Replication: Copies data across multiple servers to ensure high availability and fault tolerance.
  5. Message Queues: Enables asynchronous communication, improving scalability and decoupling system components.
  6. Horizontal Scaling: Adds more servers to handle increased load, distributing workload across multiple machines.
  7. Vertical Scaling: Enhances the capacity of a single server by adding more resources (CPU, RAM, etc.).
  8. CAP Theorem: States that in distributed systems, you can only achieve two of the following three: Consistency, Availability, and Partition Tolerance.
  9. API Gateway: Manages API requests, aggregates responses, and provides centralized security and routing.
  10. Circuit Breaker Pattern: Prevents cascading failures by halting repeated failed operations.
  11. Monolithic Architecture: A single codebase containing interdependent components, simpler initially but harder to scale.
  12. Microservices: Breaks applications into smaller, independent services for better manageability and scalability.
  13. Fault Tolerance: Ensures the system continues functioning despite component failures by using redundancy.
  14. Service Discovery: Helps services dynamically locate and communicate with each other.
  15. Database Indexing: Speeds up data retrieval using indexed columns in the database.
  16. Rate Limiting: Controls the number of requests to ensure stability and prevent overload.
  17. Data Partitioning: Divides datasets into smaller parts to optimize performance.
  18. Event-Driven Architecture: Triggers actions based on events, enhancing inter-service communication.
  19. Consistent Hashing: Uniformly distributes data across nodes to minimize reorganization when scaling.
  20. Proxy Servers: Acts as intermediaries to enhance security, load balancing, and caching.

Tuesday, November 19, 2024

12 Essential Tips for API Security

 12 Essential Tips for API Security



APIs are the backbone of modern applications, enabling seamless integration and data sharing. But with great power comes great responsibility—API security is non-negotiable! 
Here are 12 essential tips to protect your APIs like a pro:


  1. Use HTTPS: Ensure all communications between clients and servers are encrypted to prevent interception.
  2. Use OAuth2: Implement OAuth2 for secure user authentication and resource access delegation.
  3. Use WebAuthn: Adopt Web Authentication for password-less, phishing-resistant authentication.
  4. Use Leveled API Keys: Assign API keys with access restrictions and implement rate-limiting.
  5. Authorization: Ensure users only access resources they are authorized to view or modify.
  6. API Versioning: Use proper versioning to manage updates and backward compatibility in APIs.
  7. Whitelisting: Implement allowlists for IP addresses or users to enhance security.
  8. Check OWASP API Security Risks: Regularly review the OWASP guidelines for API vulnerabilities.
  9. Use API Gateway: Employ an API gateway to manage access, load balancing, and security.
  10. Error Handling: Provide clear and helpful error messages without exposing internal stack traces.
  11. Input Handling: Validate and sanitize all user inputs to prevent injection attacks.
  12. Use Leveled API Keys (Rate Limiting): Apply rate limits based on IP, user, or action groups to control abuse.

API testing

 



1. Smoke Testing


Purpose: Quickly validate if the API is functioning correctly without detailed verification.

Key Check: Ensure “Nothing breaks?”


2. Functional Testing


Purpose: Verify the API’s functionality against functional requirements.

Steps:

Input data into the application.

Compare actual results with expected outcomes.


3. Integration Testing


Purpose: Test the interaction between multiple APIs to ensure they work together seamlessly.

Key Process:

Use input data from multiple sources.

Compare results against a test plan.


4. Regression Testing


Purpose: Confirm that recent updates or changes don’t disrupt existing API functionality.

Key Step: Compare results between the old and updated application versions.


5. Load Testing


Purpose: Evaluate the API’s performance under expected load conditions.

Tool Example: Apache JMeter.

Goal: Assess the application’s capacity.


6. Stress Testing


Purpose: Test API behavior under extreme or high load conditions to identify breaking points.

Tool Example: Apache JMeter.

Focus: Check stability and robustness under high traffic.


7. Security Testing


Purpose: Validate the API’s resistance to potential external threats or vulnerabilities.

Key Check: Ensure “Nothing breaks?” under malicious attacks.


8. UI Testing


Purpose: Verify how the API integrates and interacts with the User Interface (UI).

Goal: Ensure smooth and consistent interaction between UI and APIs.


9. Fuzz Testing


Purpose: Test the API’s stability and robustness by sending unexpected or invalid data.

Goal: Identify vulnerabilities or errors.




Monday, November 18, 2024

𝗗𝗲𝘀𝗶𝗴𝗻 𝗣𝗮𝘁𝘁𝗲𝗿𝗻𝘀

 𝗗𝗲𝘀𝗶𝗴𝗻 𝗣𝗮𝘁𝘁𝗲𝗿𝗻𝘀




Here are the common design patterns, categorizing them into Structural and Creational types. Here's a quick breakdown of each pattern in the image:

Structural Patterns

  1. Adapter: Converts an interface into one expected by clients, enabling interaction between incompatible interfaces.
  2. Proxy: Provides a surrogate or placeholder to control access to another object.
  3. Bridge: Decouples an abstraction from its implementation to enable independent development.
  4. Composite: Represents tree structures for part-whole hierarchies, treating individual objects and compositions uniformly.
  5. Decorator: Dynamically adds responsibilities to objects without altering their structure.
  6. Facade: Simplifies subsystem interfaces by providing a unified high-level interface.
  7. Flyweight: Minimizes memory usage by sharing as much data as possible with similar objects.

Creational Patterns

  1. Abstract Factory: Creates families of related objects without specifying their concrete classes.
  2. Builder: Constructs complex objects step by step, separating construction logic from representation.
  3. Factory Method: Defines an interface for creating objects but lets subclasses decide the instantiation.
  4. Prototype: Clones objects to produce new instances without using the new keyword.
  5. Singleton: Ensures a class has only one instance and provides a global point of access.

SQL Mindmap : Dive Deep into SQL

 SQL Mindmap



Dive Deep into SQL

  • DDL (Data Definition Language): Commands like CREATE, DROP, TRUNCATE, and ALTER.
  • DML (Data Manipulation Language): Commands like SELECT, INSERT, UPDATE, and DELETE.
  • DCL (Data Control Language): Commands like GRANT and REVOKE.
  • TCL (Transaction Control Language): Commands like COMMIT, ROLLBACK, and SAVEPOINT.
  • Aliases: Using AS to rename columns or tables.
  • GROUP BY and ORDER BY: Organizing data with GROUP BY and sorting it with ORDER BY ASC/DESC.
  • JOINs: Combining tables using INNER JOIN, LEFT JOIN, RIGHT JOIN, and FULL JOIN.
  • Functions: Aggregate functions like AVG(), SUM(), COUNT(), MIN(), and MAX().
  • Window Functions: Commands like OVER(), ROW_NUMBER(), RANK(), and others for advanced queries.
  • Logical Operators: Including AND, OR, NOT, BETWEEN, and more.







  • Sunday, November 17, 2024

    𝐂𝐨𝐦𝐩𝐨𝐧𝐞𝐧𝐭𝐬 𝐨𝐟 𝐌𝐢𝐜𝐫𝐨𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞

    𝐂𝐨𝐦𝐩𝐨𝐧𝐞𝐧𝐭𝐬 𝐨𝐟 𝐌𝐢𝐜𝐫𝐨𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞

    Microservices architecture breaks down applications into smaller, independent services. Here's a rundown of the 𝟏𝟎 𝐤𝐞𝐲 𝐜𝐨𝐦𝐩𝐨𝐧𝐞𝐧𝐭𝐬 in this architecture:

    1. 𝐂𝐥𝐢𝐞𝐧𝐭

    These are the end-users who interact with the application via different interfaces like web, mobile, or PC.

    2. 𝐂𝐃𝐍 (Content Delivery Network)

    CDNs deliver static content like images, stylesheets, and JavaScript files efficiently by caching them closer to the user's location, reducing load times.

    3. 𝐋𝐨𝐚𝐝 𝐁𝐚𝐥𝐚𝐧𝐜𝐞𝐫

    It distributes incoming network traffic across multiple servers, ensuring no single server becomes a bottleneck and improving the application's availability and reliability.

    4. 𝐀𝐏𝐈 𝐆𝐚𝐭𝐞𝐰𝐚𝐲

    An API Gateway acts as an entry point for all clients, handling tasks like request routing, composition, and protocol translation, which helps manage multiple microservices behind the scenes.

    5. 𝐌𝐢𝐜𝐫𝐨𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬

    Each microservice is a small, independent service that performs a specific business function. They communicate with each other via APIs.

    6. 𝐌𝐞𝐬𝐬𝐚𝐠𝐞 𝐁𝐫𝐨𝐤𝐞𝐫

    A message broker facilitates communication between microservices by sending messages between them, ensuring they remain decoupled and can function independently.

    7. 𝐃𝐚𝐭𝐚𝐛𝐚𝐬𝐞𝐬

    Each microservice typically has its database to ensure loose coupling. This can involve different databases for different microservices

    8. 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐏𝐫𝐨𝐯𝐢𝐝𝐞𝐫

    This component handles user authentication and authorization, ensuring secure access to services.

    9. 𝐒𝐞𝐫𝐯𝐢𝐜𝐞 𝐑𝐞𝐠𝐢𝐬𝐭𝐫𝐲 𝐚𝐧𝐝 𝐃𝐢𝐬𝐜𝐨𝐯𝐞𝐫𝐲

    This system keeps track of all microservices and their instances, allowing services to find and communicate with each other dynamically.

    10. 𝐒𝐞𝐫𝐯𝐢𝐜𝐞 𝐂𝐨𝐨𝐫𝐝𝐢𝐧𝐚𝐭𝐢𝐨𝐧 (e.g., Zookeeper)

    Tools like Zookeeper help manage and coordinate distributed services, ensuring they work smoothly.

    What is a Deadlock

    What is a Deadlock?

    A deadlock occurs when two or more processes are unable to proceed because each is waiting for the other to release a resource.

    Coffman Conditions (Necessary for Deadlock):

    1. Mutual Exclusion: At least one resource is held in a non-shareable mode.

    2. Hold and Wait: A process is holding at least one resource and is waiting for additional resources held by others.

    3. No Preemption: Resources cannot be forcibly taken from a process holding them.

    4. Circular Wait: A circular chain of processes exists, where each process is waiting for a resource held by the next process in the chain.

    Deadlock Example with Transactions:

    • Transaction A:

    • Holds payments resource.

    • Requests orders resource.

    • Transaction B:

    • Holds orders resource.

    • Requests payments resource.

    • This forms a circular wait between the two transactions.

    Steps Demonstrated:

    1. Transaction A locks payments.

    2. Transaction B locks orders.

    3. Transaction A requests orders but is blocked.

    4. Transaction B requests payments but is blocked.

    This cycle causes a deadlock.

    Deadlock Recovery Methods:

    1. Select a victim: Choose a process to terminate or roll back.

    2. Rollback: Undo part of the process to break the deadlock.

    Deadlock Prevention Techniques:

    1. Request resources in a strictly increasing order.

    2. Timeout or rollback processes holding resources for too long.

    3. Banker’s Algorithm: A technique to avoid deadlocks by simulating resource allocation.

    Key concepts in System Design

     System Design Load Balancing : Distributes incoming traffic across multiple servers to improve performance and availability. Caching : Stor...