Posts

Showing posts from 2022

OWASP Security

 API Security Broken Object Level Authorization Aka IDOR (In-secured Direct Object Reference) - Accessing unauthorized objects using same token due to lack of authorization checks Mitigation implement authorization checks with user policies and hierarchy dont rely on IDs sent from client. Use IDs from session Check authorization each time there is client request to access database Use random non guessable IDs (UUIDs) Broken Authentication Due to Lack of best practices.  Mitigation Check all possible ways to authenticate to all APIs  Password reset APIs and one-time links also allow users to get authenticated and should be protected just as seriously  Use standard authentication, token generation, password storage, MFA  Use short-lived access tokens  Authenticate your apps (so you know who is talking to you)  OAuth token is not authentication (hotel key analogy) Use stricter rate-limiting for authentication, implement lockout policies and weak password ...

Code Review Best Practices

Some hate it and some love it. It depends on style and intent of code review done by reviewer or understanding of reviewee.  A great code review can reduce overall development cycle by minimizing bug leaks to higher environments and lead to a high-quality final product. On the other hand, poor code reviewing strategy can add unnecessary latencies in development cycle without mitigating any bugs.  What is code review? A manual process of reviewing source code developed by a fellow programmer of a team. It can be performed by multiple people or be performed multiple times by the same person for a thorough analysis. Fews steps can be automated using code analysis tools available. Why do we need code review? The most apparent benefit is making sure bad code is not leaked to production. Other benefits of good code reviews are standardization, knowledge sharing, security checks, and building a sense of teamwork and collaboration. How-to do-good code reviews? There are several aspect...

Detect multiple tabs open in vanilla javascript

<script>      // Broadcast that you're opening a page.      localStorage.openpages = Date.now();      window.addEventListener('storage', function (e) {          if (e.key == "openpages" ) {              // Listen if anybody else is opening the same page!              localStorage.page_available = Date.now();          }          if (e.key == "page_available" ) {              alert( "One more page already open" );          }      }, false ); </script> You might need to read the following steps 2 or 3 times to grab the concept properly. When you open the 1 st ...

React project best practices and code snippets

React Project Best Practices Code Snippets Functional components are far more efficient than class based components. There is also less code that is needed to be written to achieve the same goal.  Execute code on mount and unmount in functional components Answer is useEffect hook . If we pass an empty array as the second argument, it tells useEffect to fire on component load. This is the only time it will fire. import React, { useEffect } from 'react' ; const ComponentExample = () => {     useEffect(() => {         // Anything here is fired on component mount     }, []); }; If you add a return function inside the useEffect function, it is triggered when a component unmounts from the DOM.   const ComponentExample2 = () => {     useEffect(() => () => {         // Anything here is fired on component unmount     }, []); }; You can use componentDidMount, and componentWillUn...

React Boilerplate

Setup VSCode Create new react project Setup package.json Setup Typescript Setup Webpack Setup folder Structure src APIs Assets Components Models Containers/Pages Hooks Redux/store Utils Wrappers (optional) tests configs

React Style Guide

  Naming Extensions : Use  .jsx  extension for React components. eslint:  react/jsx-filename-extension Filename : Use PascalCase for filenames. E.g.,  ReservationCard.jsx . Reference Naming : Use PascalCase for React components and camelCase for their instances. Component Naming : Use the filename as the component name. For example,  ReservationCard.jsx  should have a reference name of  ReservationCard . However, for root components of a directory, use  index.jsx  as the filename and use the directory name as the component name: // bad import Footer from './Footer/Footer' ; // bad   import   Footer from './Footer/index' ;   // good   import   Footer from './Footer' ; Always use camelCase for prop names, or PascalCase if the prop value is a React component. Always define explicit defaultProps for all non-required props. Why? propTypes are a form of documentation, and providing defaultProps means the reader ...

Git Strategies for developers

Git is a version control system or VCS that is primarily employed for source code management and also for keeping track of changes made to a file or a set of files. It enables streamlining the individual processes of multiple developers working on the same project. What makes a Good Commit ? Rule1-  Keep your commits small Rule2-  Keep related changes only in a commit Rule3-  Write meaningful commit messages.  Try using Conventional Commit Messages -  Developers working on real projects in teams, should prefer using conventional commit message standard for consistency and tracking.  Share Git Stash with another Dev or machine Create a patch The following git command will create a patch file that contains all the differences represented by the set of changes in the stash. git stash show "stash@{0}" -p > changes.patch The “stash@{0}” is the ref of the stash. If you want a different one just use $ git stash list to see your list of stashes and select wh...