What's the point of a Web Application Firewall?

I recently learned about a kind of firewall designed to protect Web Applications: WAF (Web Application Firewall).

A WAF protects Web Applications from an attacher that makes requests using HTTP.

Malicious HTTP requests to the Web App are valid TCP requests, and a Network Firewall would recognize them as legit.

Indeed Network Firewall checks the low layers of the network stack (layers 3 and 4 of the OSI). Instead, a WAF works at the application layer.

A WAF can prevent many of the OWAPS top 10 attacks.

It is possible to design the Web App. with security in mind and protect it from attacks like SQL injection, Cross Site Scripting (XSS) or Traffic Flood.

Anyway, many web apps (especially legacy systems) lack security support. In those cases, deploying a WAF that protects all those applications is a wise solution.

Here is a brief and precise video on WAF: What is a Web WAF? By F5 DevCentral.

Stay in sync

Software developers love programming languages and tech in general. They love to code intelligent solutions with the languages they know, and they get excited when there is a chance to learn a new language (apart from Javascript :D and some old programming languages).

It is good to keep an eye on other languages and understand the best use cases for those, but is it the best thing to do for your career?

Often, a better understanding of business logic and operations, gives you an edge inside the company.

Spending more time studying - and not just fast reading - documentation and articles about the business field, and understanding the actors and processes would've made me more valuable for the project I was working on.

Once I spent six months getting a Google GCP Data professional certification. I wanted to be more valuable to the company (and gain more skills). But during that period, I lost focus and energy for the project I was working on. I didn't pass the exam the first time, so I stayed focused on studying data engineer, and eventually, I was removed from that project. (Ironically, a few days after that, I passed the exam and got the GCP professional certification, but I've never applied that knowledge)

Lesson learned: feel free to explore new technologies, but always stay in sync with the company and the project you work on.

- 04 Jan 2023 -

Kotlin and Golang on the Shoulders of Giants

I am interested in Kotlin these days. A few days ago, I attended a Kotlin meetup in which Andrey Breslav* gave a presentation called Shoulders of Giants: Languages Kotlin learned from.

Andrey Breslav is well-known in the Kotlin community. He led the design and development of Kotlin at JetBrains for ten years.

The talk's title reminded me of another presentation with the same title I watched on YouTube. But it was about the Go language (Golang). That's interesting! Actually, the original quote is from the famous scientist Isaac Newton, who once said: If I have seen further, it is by standing on the shoulders of giants.

In this case, the Giants are the previous languages that inspired the new language. As Andrey pointed out: Originality does not serve any practical purpose by itself. Building on top of other people's ideas is a good thing.

Kotlin rests on the shoulders of Java, Scala, Python and C#. The efficiency of C language and the simplicity of Python inspired Golang.

Kotlin has various ways to perform loops, but the designers omitted the C-Style for loops:

    for (int i = 0; i<10; i++)

Instead, Golang relies only on the C-Style for loops. A more flexible version, to be precise.

Whatever your favourite language is, some giants' shoulders support it, and finding out who they are is exciting and instructive.

Useful links:

- 14 Dec 2022 -

Advent of code 2022

What's the best for a software developer to dive Christmas spirit? Solving the daily coding puzzles of the Advent of Code 2022, of course!

I am having fun solving the daily coding puzzle using Kotlin. It's a great way to practice the language.

IntelliJ Idea makes coding in Kotlin a pleasure. It provides many prompts and tooltips, so you can spot and fix many mistakes before you compile.

- 12 Dec 2022 -