Don't roll your own HTTP server

•Als PPTX, PDF herunterladen•

0 gefällt mir•267 views

This is a session given by Joel W. Kall at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: A lot of of today’s APIs are available using HTTP, so it’s no surprise that there are many options available for the software that actually handles the requests. There are giants like Microsoft and Apache, and there are small, modular packages from smaller vendors and independent developers. But if you only need 1% of the features, isn’t it tempting to just write your own HTTP parser? We did, and we wish we didn’t. And now we’ll tell you all about it so you won’t make the same mistakes we did.

Technologie

DON’T ROLL YOUR
OWN HTTP SERVER
JOEL W KALL, CHIEF CCO OFFICER @ LOOP54

Loop54
• On-site e-commerce search engine
• SaaS
• Relevant search results
• Machine learning

In the beginning
• Small scale prototype
• Nothing fancy – just accept requests
• No configuration

HTTP request-response sample
POST /path HTTP/1.1
Content-Type: application/json
Content-Length: 28
{
“key”:”value”
}
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 31
{
"anotherkey":"andavalue"
}

KEEP-ALIVE & PIPELINING
THE NAIL IN THE COFFIN

Kestrel to the resqueue
• Part of ASP.NET Core, embeddable
• Cross-platform
• 5% faster, 15% less memory
• Full HTTP support
• Probably more secure

DON’T DO IT!
BUT IF YOU DO, READ UP BEFOREHAND

Weitere ähnliche Inhalte

Was ist angesagt?

Automate it with Azure Functions

Jaap Brasser

Let’s dive into the world of serverless and give you real world examples of how to get started. We will focus on Azure Functions in Java and discuss how to provision, deploy and test them in a productive environment. In my demos we will see the ease of local development leveraging from the great integration in Visual Studio Code. Finally, let’s ship our samples and scale them in Azure. If you are tired of server maintenance and want to achieve more with your java functions, check out the recording: https://www.youtube.com/watch?v=bZ_aewihpXA&feature=emb_logo

Go Serverless with Java and Azure Functions

Sandra Ahlgrimm

Fastest to Mobile with Scalatra + Swagger

Tony Tam

There is no doubt that security has been in the spotlight over the last few years, recent events have been responsible for the increased demand for better and more secure systems. Security was often treated as an afterthought or something that could be implemented ‘later’. In this session, we will go over some best practices, using existing tools and frameworks to help you set up a more secure environment and to get a grasp of what is happening in your environment. We will leverage your existing automation skills to secure and automate these workflows. Expect a session with a lot of demos and resources that can directly be implemented. What to do in order to access systems that would otherwise be inaccessible, we will go in depth on how to resolve this using PowerShell and additional methods.

Secure your environment by automation

Jaap Brasser

Ohio Devfest - Visual Analysis with GCP

Wesley Workman

Automate it with Azure Functions

Jaap Brasser

Inside Wordnik's Architecture

Tony Tam

Automating everything with Microsoft Flow

Jaap Brasser

Drupal Café: Building Node.js Accelerator for Your Headless Drupal

Exove

The GUI, calling it our mortal enemy would probably be a bit too far. There are some obvious use-cases in which using a GUI to discover new functionality and to get acquainted to a new product would be a solid approach. In this session, we will do exactly that, we will setup a number of different components on a server while using PowerShell logging to record what is happening on the background. We will analyze these logs and retrieve a step-by-step playbook to reproduce the configuration.

Breakdown the GUI - PowerShell logging to automate everything

Jaap Brasser

Creating Hyper Performant Web Apps with React

Jp DeVries

The GUI, calling it our mortal enemy would probably be a bit too far. There are some obvious use-cases in which using a GUI to discover new functionality and to get acquainted to a new product would be a solid approach. In this session, we will do exactly that, we will setup several different components on a server while using PowerShell logging to record what is happening on the background. We will analyze these logs and retrieve a step-by-step playbook to reproduce the configuration.

From zero to hero – learn how to automate from the gui

Jaap Brasser

Zero to #Serverless in 60 seconds, anywhere

Alex Ellis

Introduction to Django-Celery and Supervisor

Suresh Kumar

The guardian and app engine

Michael Brunton-Spall

In this session we will cover a range of topics regarding Chat automation and the possibilities this gives us. We will dive into the concept of ChatOps, what it is, how we can implement it and what the benefits are. After this brief introduction we will dive into real-world examples of setting up and configuring your first chatbot, configuring security and resolving real-world incidents using this chatbot.

Chat automation in a modern it environment

Jaap Brasser

Postman

Igor Shubovych

Premature optimisation: The Root of All Evil

Fabio Akita

Ein Microservice alleine macht noch keinen Sommer. Interessant wird es erst, wenn viele scheinbar unabhängige Services ein großes Ganzes bilden. Als Kommunikationsmuster zwischen den einzelnen Services wird dabei nicht selten auf REST zurückgegriffen. So weit, so gut. Aber wie sieht eine wirklich gute, und vor allem zukunftssichere REST-Schnittstelle aus? Welches Austauschformat sollte man wählen? XML, JSON, Binary oder am besten gleich alle drei? Wie geht man mit dem Thema Versionierung um? Und wie sichert man das API gegen unbefugte Benutzung ab? Welche Rolle spielen die Response-Header? Was ist mit dem Thema „Error Handling“? Und wie nutzt man möglichst effektiv die verschiedenen HTTP-Statuscodes? Macht es Sinn, für unterschiedliche Channels unterschiedliche Schnittstellen anzubieten? Und was ist noch einmal dieses HATEOAS? All diese Fragen – und viele weitere – wollen wir uns am Beispiel eines eigenen API-Designs anschauen. Ausgehend von einer einfachen REST-Schnittstelle, werden wir Schritt für Schritt neue Anforderungen einführen und dafür passende praxisnahe Lösungen entwickeln.

Pragmatic REST aka praxisnahes Schnittstellendesign

OPEN KNOWLEDGE GmbH

Was ist angesagt? (19)

Automate it with Azure Functions

Go Serverless with Java and Azure Functions

Fastest to Mobile with Scalatra + Swagger

Secure your environment by automation

Ohio Devfest - Visual Analysis with GCP

Automate it with Azure Functions

Inside Wordnik's Architecture

Automating everything with Microsoft Flow

Drupal Café: Building Node.js Accelerator for Your Headless Drupal

Breakdown the GUI - PowerShell logging to automate everything

Creating Hyper Performant Web Apps with React

From zero to hero – learn how to automate from the gui

Zero to #Serverless in 60 seconds, anywhere

Introduction to Django-Celery and Supervisor

The guardian and app engine

Chat automation in a modern it environment

Postman

Premature optimisation: The Root of All Evil

Pragmatic REST aka praxisnahes Schnittstellendesign

Ähnlich wie Don't roll your own HTTP server

How to Build a High Performance Application with PHP and Swoole?

Albert Chen

Webapp security testing

Tomas Doran

Webapp security testing

Tomas Doran

Applications increasingly talk to each other behind the scenes via APIs. Google’s recent acquisition of Apigee, an API management company, is an indicator of the continued importance of APIs. APIs are like building blocks, providing services and data that can be connected with other APIs to build powerful customized apps. However, developing and testing an API can be challenging because there is no built-in interface, breaking changes can cause widespread outages, sensitive data may be exposed or accessed, and accepted agile testing paradigms can be difficult to adapt to APIs. This session is an introduction to restful APIs and how to test them for security, performance, functionality, and backwards-compatibility risks.

Api fundamentals

AgileDenver

Api FUNdamentals #MHA2017

JoEllen Carter

Oracle REST Data Services: POUG Edition

Jeff Smith

Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism. Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour

Soroush Dalili

Clack: glue for web apps

fukamachi

Untangling spring week11

Derek Jacoby

Many developers struggle with how to properly secure REST APIs. If you are like me, you followed a process from a trusted provider like Amazon, Google, etc. What if I told you there was a better way? It’s JOSE, a collection of open standards from the IETF that has strong library support. It’s also the basis of OAuth 2.0 and OpenID Connect. Let me show you how to make a highly secure API for today and well into the future built on the framework of JOSE.

Don't Loose Sleep - Secure Your Rest - php[tek] 2017

Adam Englander

Performance tuning

Eric Phan

CPAN Gems From The Far East

lestrrat

Big Data Warehousing Meetup: Developing a super-charged NoSQL data mart using Solr sponsored by O'Reilly Media! Caserta Concepts shared one of their innovative DW projects using Solr. See how open source search technology can serve high performance analytic use cases. Presentation and solution walk-through given by Caserta Concepts' Joe Caserta and Elliott Cordo. For more information, visit www.casertaconcepts.com

Big Data Warehousing Meetup: Developing a super-charged NoSQL data mart using...

Caserta

Untangling spring week1

Derek Jacoby

Chef Cookbook Workflow

Amazon Web Services

Team Foundation Server (TFS) has been around for over a decade now(!) and Visual Studio Team Services (VSTS) has been around for several years. One of the reasons TFS/VSTS has been successful for so many years lies in the extensibility model provided by Microsoft. VSTS/TFS provides a large set of capabilities out of the box but no platform can be everything to everyone. With a rich extensibility model, however, you can shape, mold and extend VSTS/TFS to suit your organization's specific needs. In this talk, we will cover the rich set of REST APIs that Microsoft provides for extending VSTS/TFS. We will take a look at the capabilities that are currently available as well as address some of the features that have yet to make it into the REST APIs. We'll take a look at some code examples and patterns that make it easy to integrate with the REST APIs so you can quickly get up and running with your own customizations.

Using REST with VSTS and TFS

Jeff Bramwell

Approaching APIs

Ross Singer

How to scale your app and win the cloud challenge

Quentin Adam

Designing your API Server for mobile apps

Mugunth Kumar

Have I Been Pwned and Cloudflare

StefnJkullSigurarson1

Ähnlich wie Don't roll your own HTTP server (20)

How to Build a High Performance Application with PHP and Swoole?

Webapp security testing

Api fundamentals

Api FUNdamentals #MHA2017

Oracle REST Data Services: POUG Edition

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour

Clack: glue for web apps

Untangling spring week11

Don't Loose Sleep - Secure Your Rest - php[tek] 2017

Performance tuning

CPAN Gems From The Far East

Big Data Warehousing Meetup: Developing a super-charged NoSQL data mart using...

Untangling spring week1

Chef Cookbook Workflow

Using REST with VSTS and TFS

Approaching APIs

How to scale your app and win the cloud challenge

Designing your API Server for mobile apps

Have I Been Pwned and Cloudflare

Mehr von Nordic APIs

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

Don't roll your own HTTP server

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (19)

Ähnlich wie Don't roll your own HTTP server

Ähnlich wie Don't roll your own HTTP server (20)

Mehr von Nordic APIs

Mehr von Nordic APIs (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Don't roll your own HTTP server

Hinweis der Redaktion