Radhakrishnan Perumal

  API Security — How Attackers Break 1. Broken Authentication How attackers break it: Using stolen/breached passwords Credential stuffing Brute-force login Bypassing MFA Using replay attacks on JWT tokens Example: /login endpoint accepts unlimited attempts → brute force Tokens are not rotated → attacker reuses 2. Broken Authorization (IDOR) The #1 cause of API data breaches. How attackers break it: Change the object ID in a URL to access others’ data GET /accounts/123 → change to → GET /accounts/124 Real issue: Developers validate that the resource exists, but don’t validate ownership. 3. Lack of Rate Limiting How attackers break it: Brute force your login Denial-of-service by sending massive calls Enumerating IDs Scraping customer data 4. Missing Input Validation How attackers break it: SQL Injection NoSQL Injection Command Injection XML External Entities (XXE) Path Traversal Example: GET /files?path=../../etc/passwd 5. Excessive Data Exposure How attackers break i...

Core Architecture Principles   I. Core Architecture Principles Vertical vs Horizontal Scaling Vertical scaling  means upgrading a single machine, like adding more CPU, RAM, or faster storage. Horizontal scaling  means adding more machines and spreading work across them. Vertical is easier but hits hardware limits and becomes expensive. Horizontal scaling is more complex because it requires load balancing, stateless services, and shared storage. Think of it this way: vertical is one superhero getting stronger, horizontal is building a team. CAP Theorem CAP Theorem  says that in the presence of a network partition, a distributed system must choose between  Consistency  and  Availability . Consistency means every user sees the same data at the same time. Availability means the system always responds, even if the data might be slightly stale. You cannot have perfect consistency and perfect availability when your network is broken, so you decide which one t...