Building A Secure & Scalable System – A Case Study

Building a cloud-native application often requires us to focus on multiple aspects, in a holistic manner. The creation of just a working application is not good enough to call it a well-built application. In the past, the focus had always been more on functionality than on the critical aspects surrounding the application. Giving enough importance to these activities can quickly become our differentiator in building a resilient application.

Read more: https://analyticsindiamag.com/building-a-secure-scalable-system-a-case-study/

#casestudy

What is GEEK

Buddha Community

Building A Secure & Scalable System – A Case Study
Shardul Bhatt

Shardul Bhatt

1620797149

Python for Freight Forwarding: Proven Case Study for Logistics Company

Python is a popular web development language for enterprise and customer-centric applications. It is one of the top programming languages, according to TIOBE’s index. It has applications in web development, Machine Learning, Data Science, and other domains. The versatility of Python web development makes it the perfect language for applications in every project.

Amidst the hundreds of languages for web application development, Python stands out. It is powerful, scalable, and easy-to-learn. Python’s capabilities are useful in every sector — technology, FinTechHealthTechfreight forwarding industry, and more. The core functionality of Python takes care of all the programming tasks for every feature that needs to be added.

In this article, we will focus on the major aspects of Python that make it suitable for web applications of all kinds. We will then highlight the proficiency of Python using a proven case study that Python developers at BoTree have built. It is a freight forwarding software for international logistics service provider that uses Python in the main technology stack.

Checkout Top 10 real-world Python Use Cases and Applications

Let’s look at the case study and capabilities of Python in detail.

Why choose Python for Web Development

Python is now the first choice for web development, Unlike Ruby on Rails, it offers more flexibility in the process, Here are a few reasons why companies should choose Python for web development -

  • Readable: Python has an easily readable syntax. It is similar to the english language. Python developers admire the programming language as it is easy to read, write, and understand. You don’t have to write additional code to express concepts with ease. The emphasis on code readability, which enables you to maintain and update the code.
  • Multi-programming paradigms: Like all the other object-oriented and open-source programming languages, Python supports multi-programming paradigms. There’s a dynamic type system and automatic memory management. It simplifies the process of building large and complex enterprise scale applications.
  • Scalable: Python is highly scalable. Because of its in-built capabilities to minimize the errors during the development process, it is perfect for freight forwarding software solutions that require processing bills at a huge scale. It is also suitable for enterprise dashboards and other applications that need to handle massive server requests at once.
  • Versatile: Python is a heavily versatile programming language. It has diverse applications in various domains, including statistical analysis, numerical computations, data analytics and more. Companies can use it for web development or Machine Learning applications. Today, Python plays a crucial role in building data science models and intelligent algorithms.
  • Library
    One of the biggest reasons to choose Python is because of its library set. Python has libraries for almost everything — there’s TensorFlow, Selenium, Apache Spark, Requests, Theano, Py Torch and many more. The libraries enable adding functionalities and features, simplifying the process of building high-quality web applications.

Checkout Top Python Libraries for Data Science to use in 2020

As Python grows in popularity, its community also grows. There are more developers than any other programming language. They provide support for different development problems, support, and training for multiple projects.

Let’s look at a proven case study by BoTree Technologies that showcases Python’s capabilities in web development.

Python: Proven Case Study of a Logistics Company

At BoTree, we use Python development services for building dynamic web applications. Today we will discuss a case study on the freight forwarding services industry. We developed it using Python and other technologies. Let’s understand it better.

About the Case Study

We designed the freight forwarding software for a leading international logistics services provider. The system we created would collect the information from different freight forwarding websites using bill of lading or the container number. The information is then entered into the centralized system automatically for better management of the freight.

The main challenge was the manual processing of bills of lading. The information had to be gathered from a large number of websites. Each website had hundreds and thousands of bills. The manual process was lengthy and time-consuming. Because the freight forwarding companies were based out of different geographical locations, the client also faced language barriers while processing the B/L.

Our Technology Stack

The technology stack to add freight forwarding features was simple and powerful. We used Python, Postgresql, AWS SQS, EC2m, Puppeteer and Virtual Private Cloud. We offered web development, software testing, and continuous support and maintenance.

The technology stack we used was focused on simplifying the complications in the freight forwarding system. Because the solution had to be scalable, Python was the probably choice for building the web application.

Our Solution

We built a fully server-les architecture. It performs the mapping of the websites and analyzes the different fields for assessing the required details in freight forwarding.

The solution parses data from different websites and matches the fields with the required information. It also takes into account previously parsed data for making the decision.

The collected information is structurally arranged into a format. The entire data system is then pushed back to a centralized ERP system. All the data is accumulated at a single place, making it easier to process the B/L without any hassle.

The freight forwarding solution consisted of the following features built using Python -

Core Features

  • B/L Processing: The system could easily parse 15000 B/L in a single day.
  • Efficiency delivery: The process became efficient by 30% for processing the B/L.
  • Activity log maintenance: There’s a proper record of all the records that take place in the system.
  • Multiple languages: The freight forwarding software could easily parse B/L in different languages.

Conclusion

Python is a powerful programming language for enterprise-grade applications. Logistics companies heavily benefit from investing in freight forwarding solutions. Shipping systems are essential for managing the timely delivery of products and services. An internal system for B/L processing can enable you to reap the benefits of swift deliveries.

BoTree Technologies is a custom software development company that has Python experts who can build quality applications for enterprises. We have experience in the logistics, healthcare, fintech, education, and multiple other industries.

Connect with us today for a FREE CONSULTATION in the next 24 hours!

Originally published at https://www.botreetechnologies.com on May 11, 2021.

#python case study for logistics company #b/l processing system #freight forwarding case study #logistics case study #case study for logistics company #python web development

Wilford  Pagac

Wilford Pagac

1596789120

Best Custom Web & Mobile App Development Company

Everything around us has become smart, like smart infrastructures, smart cities, autonomous vehicles, to name a few. The innovation of smart devices makes it possible to achieve these heights in science and technology. But, data is vulnerable, there is a risk of attack by cybercriminals. To get started, let’s know about IoT devices.

What are IoT devices?

The Internet Of Things(IoT) is a system that interrelates computer devices like sensors, software, and actuators, digital machines, etc. They are linked together with particular objects that work through the internet and transfer data over devices without humans interference.

Famous examples are Amazon Alexa, Apple SIRI, Interconnected baby monitors, video doorbells, and smart thermostats.

How could your IoT devices be vulnerable?

When technologies grow and evolve, risks are also on the high stakes. Ransomware attacks are on the continuous increase; securing data has become the top priority.

When you think your smart home won’t fudge a thing against cybercriminals, you should also know that they are vulnerable. When cybercriminals access our smart voice speakers like Amazon Alexa or Apple Siri, it becomes easy for them to steal your data.

Cybersecurity report 2020 says popular hacking forums expose 770 million email addresses and 21 million unique passwords, 620 million accounts have been compromised from 16 hacked websites.

The attacks are likely to increase every year. To help you secure your data of IoT devices, here are some best tips you can implement.

Tips to secure your IoT devices

1. Change Default Router Name

Your router has the default name of make and model. When we stick with the manufacturer name, attackers can quickly identify our make and model. So give the router name different from your addresses, without giving away personal information.

2. Know your connected network and connected devices

If your devices are connected to the internet, these connections are vulnerable to cyber attacks when your devices don’t have the proper security. Almost every web interface is equipped with multiple devices, so it’s hard to track the device. But, it’s crucial to stay aware of them.

3. Change default usernames and passwords

When we use the default usernames and passwords, it is attackable. Because the cybercriminals possibly know the default passwords come with IoT devices. So use strong passwords to access our IoT devices.

4. Manage strong, Unique passwords for your IoT devices and accounts

Use strong or unique passwords that are easily assumed, such as ‘123456’ or ‘password1234’ to protect your accounts. Give strong and complex passwords formed by combinations of alphabets, numeric, and not easily bypassed symbols.

Also, change passwords for multiple accounts and change them regularly to avoid attacks. We can also set several attempts to wrong passwords to set locking the account to safeguard from the hackers.

5. Do not use Public WI-FI Networks

Are you try to keep an eye on your IoT devices through your mobile devices in different locations. I recommend you not to use the public WI-FI network to access them. Because they are easily accessible through for everyone, you are still in a hurry to access, use VPN that gives them protection against cyber-attacks, giving them privacy and security features, for example, using Express VPN.

6. Establish firewalls to discover the vulnerabilities

There are software and firewalls like intrusion detection system/intrusion prevention system in the market. This will be useful to screen and analyze the wire traffic of a network. You can identify the security weakness by the firewall scanners within the network structure. Use these firewalls to get rid of unwanted security issues and vulnerabilities.

7. Reconfigure your device settings

Every smart device comes with the insecure default settings, and sometimes we are not able to change these default settings configurations. These conditions need to be assessed and need to reconfigure the default settings.

8. Authenticate the IoT applications

Nowadays, every smart app offers authentication to secure the accounts. There are many types of authentication methods like single-factor authentication, two-step authentication, and multi-factor authentication. Use any one of these to send a one time password (OTP) to verify the user who logs in the smart device to keep our accounts from falling into the wrong hands.

9. Update the device software up to date

Every smart device manufacturer releases updates to fix bugs in their software. These security patches help us to improve our protection of the device. Also, update the software on the smartphone, which we are used to monitoring the IoT devices to avoid vulnerabilities.

10. Track the smartphones and keep them safe

When we connect the smart home to the smartphone and control them via smartphone, you need to keep them safe. If you miss the phone almost, every personal information is at risk to the cybercriminals. But sometimes it happens by accident, makes sure that you can clear all the data remotely.

However, securing smart devices is essential in the world of data. There are still cybercriminals bypassing the securities. So make sure to do the safety measures to avoid our accounts falling out into the wrong hands. I hope these steps will help you all to secure your IoT devices.

If you have any, feel free to share them in the comments! I’d love to know them.

Are you looking for more? Subscribe to weekly newsletters that can help your stay updated IoT application developments.

#iot #enterprise iot security #how iot can be used to enhance security #how to improve iot security #how to protect iot devices from hackers #how to secure iot devices #iot security #iot security devices #iot security offerings #iot security technologies iot security plus #iot vulnerable devices #risk based iot security program

Fredy  Larson

Fredy Larson

1598419500

Building Scalable Systems

Building a Reactive System is all about the balance between consistency and availability and the consequences of picking one over the other. This article mainly focuses on consistency and availability and how they impact the scalability of a system.

What is Scalability, Consistency and Availability?

A system is scalable if it can meet the increase in demand while remaining responsive.

It is consistent if all the nodes show the same data at the same time.

It is available if it remains responsive despite any failures.

How does the scalability of a system differs from the performance of the system?

Scalability and performance are related but different concepts and we need to understand what the difference is.

Scalability is the number of requests system can handle at a time, i.e. load. It’s about optimizing the ability to handle load, which means improving how many requests system can handle at a time. Performance on the other hand is the time system takes to complete a single request, i.e. latency. It’s about optimizing the response time, which means improving how quickly system can handle a single request.

Performance has a limit on reducing the response time, and we will eventually reach that limit. Whereas, scalability has no theoretical limit. We may be restricted by the implementation. But in a perfectly scalable system, we could scale forever.

So when we build Reactive Micro-services we tend to focus on improving scalability than improving performance.

How can we measure scalability and performance of a system?

Measurement like requests-per-second actually measures both. This makes it a valuable metric because we can use it to see whether we have improved our scalability or our performance. But it also means that it is somewhat restrictive in the sense that if it improves we can’t tell which one changed. So if we want to know where that improvement came from then we have to track scalability and performance individually.

How can we explain consistency in distributed systems?

Distributed systems are systems that are separated by space. This means, the system could be deployed across multiple data centers or within the same data center, or just deployed to different hardware or to the same hardware.

Even if it’s deployed to the same hardware, a distributed system is one where information has to be transferred between different parts of that system and when that information is transferred it’s crossing some sort of space. It could be going over a local network, or it could be writing to a disk, or it could be writing to a database.

Information cannot be transferred instantaneously, it takes some time. Granted that time could be very small but there is an amount of time that elapses during the transfer of information. Within that time duration when the transfer the information takes place, the state of original sender may change.

The key here is to recognize that when we are dealing with a distributed system, we are always dealing with stale data. Reality is basically eventually consistent.

What is Eventual Consistency?

When a system stops receiving updates at least for some period of time, we can guarantee that all parts of the system will eventually converge on the same state. Thus in this way we can reach that level of consistency.

Common source control tools (Git, Subversion, etc) operate on an eventually consistent model. They rely on a later merge operation in order to bring things back into alignment. That’s how modern source control tools achieve consistency and it’s all an eventually consistent system.

Traditional monolithic architectures are usually based around strong consistency they use a strongly consistent database like a SQL database.

What is Strong Consistency?

When all members of a system agree on the state, before it becomes available, then we reach the level of strong consistency.

We can achieve strong consistency by introducing mechanisms like locks. Distributed system problem occurs when we have multiple things which are responsible for the same piece of data. As long as only one thing is responsible for that data, as long as we only have one instance of the lock, it’s not a distributed system problem anymore. Thus in this way we can resolve the distributed system problem by using a non distributed resource(lock).

But when we introduce a lock, it introduces overhead in the form of contention. That overhead has consequences to our ability to be elastic, to be resilient, and it has other consequences as well.

#microservices #reactive architecture #tech blogs #cap theorm #laws of scalability #reactive microservices #reactive systems #scalability #scalable systems

Case study on mobile app; DreamG

Dream-G application will allow user to chat, voice calls and video calls to random people through the mobile application. The User can create a profile and perform all these actions in addition to searching for a person using their name.

Client Requirement
The client came with the requirement of developing a unique mobile application for users to chat with others and make voice and video calls. Furthermore, the user should be able to subscribe to the plan by paying a certain amount.

App Features and Functionalities
The User can see the list of the people and able to view the profile of a particular person and able to chat, voice call, and video call.
The user can see the list of entertainers and can chat, Voice call and Video call them.
User can search for any person by entering the name.
Through the chat option, the user can see the past history of the chat with all the users. The user can also open any chat and again send messages.
The user can see the profile details and able to edit or modify the profile photo, name, and other details. The user can see the call log details.
The user can see the number of coins available with them and through these coins, the user will able to make voice and video calls.
The user can purchase the plan listed in the application according to the requirements, and will be able to chat with the people.
The User can refer the mobile application to other people and earn rewarding coins.

Challenges
To create a unique user experience for the Chat, Voice, and Video Calls.

Technical Specification & Implementation
Integration with the payment Gateway
Android: Android Studio with Java
Solution
We successfully developed and implemented the Dream-G mobile application through which the user will able to chat, voice call, and video call to other people. The user will also be able to purchase the subscription plan and refer the application to other people.

Read more: https://www.prismetric.com/work/dreamg-app/

#case #study #case-study-on-mobile-app #mobile-app-case-study

Hollie  Ratke

Hollie Ratke

1604257200

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe

More than 100 smart-irrigation systems deployed across the globe were installed without changing the factory’s default, passwordless setting, leaving them vulnerable to malicious attacks, according to recent findings from Israeli security research firm Security Joes.

The researchers immediately alerted CERT Israel, the affected companies and the irrigation system vendor, Mottech Water Management, which did not immediately respond to a request for comment from Threatpost.

Mottech’s system allows for real-time control and monitoring of irrigation for both agricultural and turf/landscaping installations, via desktop and mobile phone. Sensor networks allow for the flexible and real-time allocation of water and fertilizer to different valves in the system. Access to the network could result in an attacker being able to flood fields or over-deliver fertilizer, for instance.

Security Joes regularly scans for Israeli open devices on the internet to check for vulnerabilities, the firm’s co-founder Ido Naor told Threatpost. Recently, its researchers discovered that 55 irrigation systems within Israel were visible on the open internet without password protections. After expanding their search, they found 50 others scattered around the world in countries including France, South Korea, Switzerland and the U.S.

“We’re talking about full-fledged irrigation systems, they could be entire cities,” Naor said. “We don’t look closely at what’s behind the address, because we don’t want to cause any trouble.”

Naor said that at last check, only about 20 percent of the identified vulnerable irrigation devices have had mitigation efforts taken to protect them so far.

Israel’s Water Systems Under Attack

There’s good reason for alarm about water systems not being secured, particularly in Israel. Just last April, a cyberattack on Israeli water systems, reportedly launched by Iran, attempted to increase the mix of chlorine in the water to poison the civilian population and ultimately interrupt the population’s water supply, The Times of Israel reported.

Yigal Unna, the head of the country’s National Cyber Directorate addressed the CybertechLive Asia conference in late May with the ominous warning that the direct cyberattack on people represented a new chapter in cyberwarfare, according to The Times of Israel.

“Cyber-winter is coming and coming even faster than I suspected,” he told the conference, according to the report. “We are just seeing the beginning.”

Unna was correct. Just weeks later in July, the Israeli Water Authority said that it was able to stop an attack on agricultural water pumps in Galilee, and another on water-supply infrastructure in the “center of the country,” reports.

The irrigation systems which were discovered without password protection aren’t related to the previous attacks, Naor said.

Locking Down Utilities Beyond Israel

These types of vulnerabilities certainly aren’t limited to Israel.

Last month, six critical flaws in CodeMeter, software used to power industrial systems in the U.S., including water and electric utilities, were discovered which could be exploited to launch attacks or even allow third-party takeovers of systems.

Over the summer, researchers found that VPNs used for remote access to operational technology (OT) networks in industrial environments left field devices open to attacks, which could cause shutdowns or even physical damage.

Governments are making attempts to keep up with the proliferation of internet-of-things (IoT) devices throughout critical-infrastructure systems. In the U.S., the House of Representatives passed legislation in September establishing minimum requirements for IoT devices within the federal government.

“Most experts expect tens of billions of devices operating on our networks within the next several years as the [IoT] landscape continues to expand,” the legislation’s so-sponsor Senator Cory Gardner (R-Co.) said in a press release. “We need to make sure these devices are secure from malicious cyberattacks as they continue to transform our society and add countless new entry points into our networks, particularly when they are integrated into the federal government’s networks.”

#cloud security #critical infrastructure #iot #web security #connected devices #cory gardner bill #critical infrastructure #cyberattack #cybersecurity #default password #galilee #government #infrastructure security #internet of things #irrigation systems #israel #mottech water management #open to internet #security joes #smart irrigation #water system attacks