In a Cross Site Scripting (XSS) attack, an attacker could execute a malicious script in the victim’s browser. This is typically done by inserting malicious code in a legitimate web page.
Using this technique, an attacker could:

  • Modify the content of the web page
  • Redirect the user to a different website
  • Access user’s cookies and utilize this information to impersonate the user
  • Access critical information about the user’s system, such as geolocation, web cam, their file system, etc.
  • Inject trojan functionality into the application

The impact of XSS can be critical for many applications, especially if the compromised user has…


Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.

Authentication identifies the user and confirms that he is who he says he is and Authorization checks if the user has access to the resource she requests.

Simply put, applications with access control vulnerability expose information to users who are not really authorized to access them.
This can be

  • resources left wide open to the public
  • users able to access other…

RabbitMQ and Kafka are the two popular technologies for asynchronous communication. Both technologies are fundamentally different. Kafka is newer and comes with lot more features when compared to Rabbit but at the same time is much more complex. Below are few details and comparison between these two technologies.

Rabbit

Messages are published to Exchange, which then distributes message copies to Queues using rules called Bindings.

When a message is delivered to a consumer the consumer sends message acknowledgment to the broker, which then deletes the message from the queue.

Exchanges and Queues can be either transient or durable. A durable one…


Software maintenance is an ever lasting phase in software development lifecycle. In this phase, we are fixing bugs, addressing security vulnerabilities, making performance improvements and addressing tech debt to name a few. But what about the software that our software depends on? This could be third party dependencies such as libraries and docker base images. These go through similar changes as well.

Typically we upgrade a dependency when we want to leverage a new feature or a security fix in the newer version. It would be a grave mistake to not upgrade when there is a security fix available.

Sometimes…


Pivotal Cloud Foundry is a Platform as a Service unlike AWS or Azure, which are Infrastructure as Services. There are some great benefits with using PCF, especially in a Hybrid environment. PCF provides a layer of abstraction on top of the underlying infrastructure and can run on both public cloud and on premise while development teams interact with the same interface to deploy and monitor their applications. But be aware that if you are running PCF in a public cloud environment, you will not only pay for PCF, you will also be paying for the public cloud.


Telemetry helps us learn what is going on inside the application. Its data can empower both operators and the development team to detect trends or issues in a live application.

The sheer ability to correlate data from different sources in a single dashboard can be a game changer!

For example

  • What pages in the application do users visit most? Where do they spend most of their time in the application?
  • Multiple applications are currently showing slowness, is the slowness coming from the OAuth server?
  • There is a high rate of exception count with our application. This can indicate that something…


In a distributed system, one of the challenges is to continuously test the integration between components. Let’s take a simple challenge to test one api to api integration. For the sake of discussion, we will call them producer api and consumer api.

Phani Susarla

Software professional with a passion for new technologies

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store