Insertion sort using go

Naveen — Mon, 28 Jun 2021 04:17:47 +0000

Sorting is always a good start point to learn algorithm. Not only it is easy but it also quite challenging too, that's why we have plenty of sorting algorithms are available.

Now, lets talk about Insertion Sort.

Insertion Sort

Insertion Sort algorithm is relatively a simple an efficient algorithm for sorting a smaller array.
It works the way many people sort a hand of playing cards.

We start an empty hand, remove one card from the table and one card into the hand in the correct position.
For that, we need to compare the previous card from hand. If the previous value is bigger than new card then move previous card to right and move current card to the left (Basically, just swap position based on value).

Enough talk, let do this in code.

package main

import "fmt"

func main() {
    // declare an array
    items := [6]int{5, 2, 4, 6, 1, 3}
    // calculate length of array
    var n = len(items)
    // loop through array
    for i := 1; i < n; i++ {
        // set limit for current index (for leftside shift)
        j := i
        // loop through array until we reach the last element
        for j > 0 {
            // If the Item from right side is greater than left side
            // we need to swap the values
            if items[j-1] > items[j] {
                items[j-1], items[j] = items[j], items[j-1]
            }
            /*
            * else {
            * no need to swap, because this unit already sortted
            * }*/

            // reduce inner index by one
            j = j - 1
        }
    }
    fmt.Println(items)
}

Gist Link :https://gist.github.com/NaveenDA/3f71583594a2795c838ab4e044c09d35

I recommend everyone should try this algorithm in your favorite programming language. It improve our knowledge and more importantly it gives some challenges until we solve it.

Thanks for reading <3.

What everyone must know about front end security?

Naveen — Fri, 10 Jul 2020 13:53:20 +0000

Is Front End Security is a real thing?
Hmm… the truth is yes, it is.

Security is of paramount importance, no matter front end security or backend security. When I googled “Front End Security”, I could found the proper article, so I decided to write an article about “The Ultimate Guide To Front End Security”.

In this article, I will show some of the important concepts & best practice for improving your application front-end security.

XSS

Cross side script is one of the deadliest things when comes to security.

Why it so evil?

In every year OSWAP top 10 vulnerabilities list, definitely it in the list.
It a client-side code injection, Imagine if you add a comment a blog post with some javascript, now you access every user's cookie who read your blog.
Sometimes it called as Landmine.

Okay reading a cookie is a potential threat, but what are the things are XSS can do.

Ad-Jacking - If you manage to get stored XSS on a website, just inject your ads in it to make money ;)

Click-Jacking - You can create a hidden overlay on a page to hijack clicks of the victim to perform malicious actions.

Session Hijacking - HTTP cookies can be accessed by JavaScript if the HTTP ONLY flag is not present in the cookies.

Content Spoofing - JavaScript has full access to client-side code of a web app and hence you can use it show/modify desired content.

Credential Harvesting - The most fun part. You can use a fancy popup to harvest credentials. WiFi firmware has been updated, re-enter your credentials to authenticate.

Forced Downloads - So the victim isn’t downloading your malicious flash player from absolutely-safe.com? Don’t worry, you will have more luck trying to force a download from the trusted website your victim is visiting.

Crypto Mining - Yes, you can use the victim’s CPU to mine some bitcoin for you!

Bypassing CSRF protection - You can make POST requests with JavaScript, you can collect and submit a CSRF token with JavaScript, what else do you need?

Keylogging - You know what this is.

Recording Audio - It requires authorization from the user but you access victim’s microphone. Thanks to HTML5 and JavaScript.

Taking pictures - It requires authorization from the user but you access victim’s webcam. Thanks to HTML5 and JavaScript.

Geo-location - It requires authorization from the user but you access victim’s Geo-location. Thanks to HTML5 and JavaScript. Works better with devices with GPS.

Stealing HTML5 web storage data - HTML5 introduced a new feature, web storage. Now a website can store data in the browser for later use and of course, JavaScript can access that storage via window.localStorage() and window.webStorage() Browser & System

Fingerprinting - JavaScript makes it a piece of cake to find your browser name, version, installed plugins and their versions, your operating system, architecture, system time, language and screen resolution.

Network Scanning - Victim’s browser can be abused to scan ports and hosts with JavaScript.

Crashing Browsers - Yes! You can crash browser with flooding them with….stuff.

Stealing Information - Grab information from the webpage and send it to your server. Simple!

Redirecting - You can use javascript to redirect users to a webpage of your choice.

Tabnapping - Just a fancy version of redirection. For example, if no keyboard or mouse events have been received for more than a minute, it could mean that the user is AFK and you can sneakily replace the current webpage with a fake one.

Capturing Screenshots - Thanks to HTML5 again, now you can take a screenshot of a webpage. Blind XSS detection tools have been doing this before it was cool.

Perform Actions - You are controlling the browser,

Taken from https://security.stackexchange.com/a/206526

How to prevent it?

You have to more carefully when comes to display user input.
Use Front Framework like react, angular, etc. It designs that to rid the XSS

CSP

Content security policy is the security layer is used to detect and prevent various attack including XSS.
Strong CSP can able to prevent much potential thread. You can easily enable by adding Content-Security-Policy header.
Read more about CSP on MDN Docs

Referrer value

If the link is taken to a third party domain, that domain has access to your last URL. You might think, it is not potential thread, but that URL might contain sensitive data like session-id, API-key, etc.

To prevent this attack, set the Referrer-Policy header with no-referrer value.

"Referrer-Policy": "no-referrer"

Feature policy

Always restrict to access something, which is not needed in your web application.
We can tell the browser to disable some of the browser's functionalities/features by adding Feature-Policy header.

"Feature-Policy": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none';  picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none';"

Integrating third-party scripts

You may notice while using the bootstrap CDN with an integrity attribute.

What the heck is that?
Subresource Integrity(SRI) which is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation.

<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">

Imagine you are including a third-party script in your application.
What if they serve different content that attacks your application instead of actual content?
The eventuality that is possible.

The good news is we can prevent using Subresource Integrity.

What if your third-party provider doesn't provide the SRI?
Still, you can generate Integrity by using srihash.org

Dependencies

If you look into the node_modules, you see a lot of folders. And you might think is this needed?
Yes, those are needed that's why they are in your project folder.

But the question is, how many dependencies have security vulnerabilities?
We can easily find add run command npm audit

Every day a lot of vulnerability is exposed that might affect one your dependencies, We can monitor our dependence's vulnerabilities tool using various tools.

The tools like Dependabot and Snyk constantly monitor the vulnerabilities of Dependencies and create a pull request when the vulnerability fixed.

Iframe

An iframe is used full thing to display your application content to another application or vice versa.
But the iframe from the cross-domain can

Autoplay videos
Display Forms
Triggers Alert
Run plugins – including malicious ones

We can prevent by adding X-Frame-Options header

Autofill

Autofill is the super useful feature for the user, but it might lead to Sensitive data exposure.
Always be careful before adding the autofill="true" attribute.

Thanks for reading.

👇 Leave a comment 👇
If you have any question or suggestion.

Leave a ♥️ & 🦄. For more interesting content also check out my Twitter.

Forem: Naveen