Tuesday 13 April 2021

OWASP Top 10 Security Risks and Vulnerabilities

OWASP Top 10 Security Risks and Vulnerabilities



Question: What Is OWASP?
Full form of OWASP is Open Web Application Security Project.
It is community which includes small and big IT companies and individual people etc, they provide us Top Vulnerabilities in IT.
Its is not an official standard, it is just a white paper that is used by many organizations, vulnerability bounty programs, and cyber security experts etc

 
Question: What are Top 10 Security Risks and Vulnerabilities?
  1. Injection :
    With use of Structured Query Language(SQL), unauthorized person try to get the data which he have not access, modify/delete the data which he have not access.

  2. Broken Authentication :
    With use of Some cookie/Sessions, unauthorized person try to login in the system

  3. Sensitive Data Exposure :
    When we use website with Http URL (unsecured data transmission), data can be read by unauthorized person/organization

  4. XML External Entities :
    Many times organization provide the XML data which is public, Attackers attack on the public data which leads to shut down the server.

  5. Broken Access Control :
    Due to In proper coding/testing, Normal user switch to Admin user by manipulating some param.

  6. Security Mis-configuration:
    Default Server configuration must be need check and update before go live.

  7. Cross site scripting (XSS):
    With use of javascript, Attackers post on malicious code and it damage the server or effect the other users

  8. Insecure Deserialization :
    When we transform the data from one format to another format, sometime data change to dramatically bad.

  9. Using component with Known vulnerabilities :
    When we use the third party component without deep analysis, It can baddly effect of server or application.

  10. Insufficient Logging and monitoring :
    We must add the proper logs to analyse in future



Labels: ,

Sunday 28 March 2021

Graphql basic example with code snippet

Graphql basic example with code snippet
Question: What is GraphQL?
GraphQL is a query language for API, and it is server-side runtime for executing queries by using a type system you define in server.


Question: What is GraphQL used for?
Load data from a server to a client (API)


Is GraphQL a REST API?
GraphQL follows the same set of constraints as REST APIs, but it organizes data into a graph. GraphQL can speed up development and automation in comparison to REST API.


Is GraphQL frontend or backend?
Its neither frontend or backend. Its language to exchange the data between client and server.


Does Facebook use GraphQL?
Facebook used GraphQL since 2012.


Who uses GraphQL?
Facebook. Instagram. Shopify. Twitter. StackShare. Stack. The New York Times. Tokopedia. etc


GraphQL Example 1 with Node
var { graphql, buildSchema } = require('graphql');

var schema = buildSchema(`
  type Query {
    name: String,
    age: String,
  }
`);

var root = { name: () => 'My Name is Arun kumar.', age: ()=> '20 Year' };

graphql(schema, '{name}', root).then((response) => {
  console.log(response);
});



GraphQL Example 2 with Node
var { graphql, buildSchema } = require('graphql');

var schema = buildSchema(`
  type Query {
    name: String,
    age: String,
  }
`);

var root = { name: () => 'My Name is Arun kumar.', age: ()=> '20 Year' };

graphql(schema, '{name,age}', root).then((response) => {
  console.log(response);
});



GraphQL Example 3 with Node
var { graphql, buildSchema } = require('graphql');

var schema = buildSchema(`
  type Query {
    name: String,
    age: String,
    address: String,
  }
`);

var root = { name: () => 'My Name is Arun kumar.', age: ()=> '20 Year', address: ()=>'#238, Palm city, Sector 127, kharar'};

graphql(schema, '{name,age,address}', root).then((response) => {
  console.log(response);
});



GraphQL Example 4 with Node
const express = require('express');
const { ApolloServer, gql } = require('apollo-server-express');

const typeDefs = gql`
  type Query {
    hello: String,
    name: String,
    age: String,
    address: String,
    city: String,
  }
`;


const resolvers = {
  Query: {
    hello: () => 'Hello world!',
    name: () => 'My Name is Arun kumar.',
    age: ()=> '20 Year',
    address: ()=>' Sector 127, mohali',
    city:()=> 'kharar'
  },
};

const server = new ApolloServer({ typeDefs, resolvers });

const app = express();
server.applyMiddleware({ app });

app.listen({ port: 4000 }, () =>
  console.log('Now browse to http://localhost:4000' + server.graphqlPath)
);



GraphQL Example 5 with Node
var express = require('express');
var { graphqlHTTP } = require('express-graphql');
var { buildSchema } = require('graphql');

var schema = buildSchema(`
  type Query {
    hello: String,
    name: String,
    age: String,
    address: String,
    city: String,
  }
`);

var root = {
  hello: () => 'Hello world!',
  name: () => 'My Name is Arun kumar.',
  age: ()=> '20 Year',
  address: ()=>' My city, Sector 127',
  city:()=> 'kharar'
};

var app = express();
app.use('/graphql', graphqlHTTP({
  schema: schema,
  rootValue: root,
  graphiql: true,
}));
app.listen(4000, () => console.log('Now browse to localhost:4000/graphql'))




Labels: ,
Subscribe to: Posts ( Atom )