In previous article we seen that how redis is working or redis’s system design, in this article we will see how replication is done in redis. Redis is following master-slave architecture. it allows replica Redis instances to be exact copies of master instances. data is stored on more then one server and That way, if a server goes down, data is not lost since it is available on the other server. and another advantage of replica is we can use as a load balancer.

Redis follow master-slave architecture, so that whenever write happen then slave also fetch that data from…


Hello guys, Today I am talk about Redis. but for that we need to understand about caching. I know that you know caching that’s why you are learning redis. I will talk about how redis system design so you can understand how it is working.

There are many use case of redis but main thing is caching. so, let’s talk about caching.

What is best practice for caching ?

Validity — means data is in cache is right or not.

Hit VS Miss in cache is if users requested data is in cache then it get hit if not in cache then request take time and need…


Cross-Site Request Forgery (CSRF) is the opposite of an XSS exploit. Where XSS takes advantage of the user by means of a trusted web site, CSRF takes advantage of the web site by means of a trusted user.

We already know solution of Cross Site Scripting right ? really ?

Ya, We Know remember escaping, encoding like html escaping, javascript escaping and sanitization. Cross Site Scripting means inject javascript code in website. know more about XSS.

Suppose an attacker who sends out fake emails with a link to delete a blog post or email. The target user clicks the link…


Authorisation is like role management suppose in you have blogging system. In that you have 2 role or 2 user, Admin User and normal user. Normal User can only read blogs add comment or a like and Admin User can Edit blog. for that we need to check User is Admin or Normal while Login ya right let check how we can do that in better way.

Authentication is the process of recognizing a user’s identity. means we are not checking what kind of privilege user contain. Authorisation means what kind of privilege or permission user have. …


hi guys, this is regarding login Security Development. In Some scenario Developer is using simple Authentication like take password of 8 character, alphanumeric and Developer are thinking that we have good protection on password but if your company data base hacked or data breach happened any reason like SQL injection or some data leak then your all data is also known to attacker right and also in some scenario what happen developer use salt but it also store in database in this case Attacker try different different Algorithm and use to decrypt that hash it take time but it not…


hasky created web application which like data management. it take data from user and save to database and show to user or we can say user write data using browser and in node or any backend Technology save that data in Database and when user want that data then user can see that data in browser.

but if user is malicious and that user enter some malicious thing like enter javascript or HTML then what happened it cause XSS (cross side scripting)or HTML Injection. for XSS we talk in incoming time. HTML injection is like you are injecting HTML tag…


What is typecasting?

for security and data integrity, is to typecast known formats. Since JavaScript is dynamically typed, a value can be any type. By typecasting the value, you can verify that the data matches are what you expect. Recall the previous MySQL example. If the ID came from a variable, it would make sense to typecast it, only if you know it should always be an integer, like this:

type cast to number

In Our case we know that id is integer because we assign id = 1001. but suppose it coming from user input and user can send anything because of that sometime it generate…


What is mass assignment?

In order to reduce the work for developers, many frameworks provide convenient mass-assignment functionality. This lets developers inject an entire set of user-entered data from a form directly into an object or database. Without it, developers would be forced to tediously add code specifically for each field of data, cluttering the code base with repeated form mapping code. I said by rope security.

Let’s understand in easy word with one example suppose in application there is sign up page and User has two roles normal user and Admin User. so, how to find user that user is admin or not…


story time, hasky is web developer and he got one project to do some feature development in MySQL database so he need to do some code and send query to database and database give response with value. let’s assume that client need feature like student data management. In that hasky need to create application like add new student, update student data, soft delete on student data and view student data. after this application deployed on xyz and we know that Attacker can be anyone and can be do anything.

One day, Jon from the admin office called hasky to ask…


Hello Friends, I am starting new blog series on how to secure node Application or develop secure node Application and also assuming that you have basic knowledge of Node.js and Express because it is Prerequisites for this course.

Current scenario most of the developer only want to complete his/her work but don’t understand that his/her code is secure or not. it is possible to small mistake in code can be huge problem for his/her system.

here his/her is very annoying so let’s take alias as hasky.

Node.js Doesn’t provide security by default but it provide some package for solve that.

Hasky

Developer , Pentester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store