Пакет Знаний | Кибербезопасность

Screenshot 2025-01-04 at 13.46.05.png

2.3 MB

Впитываем базу по протоколам и архитектуре API

Нашел тут красивую инфографику на тему API. Есть нюансы по REST и EDA, но в целом годно и объёмно, так что пробежаться и зафиксировать у себя в голове лишним не будет.

Да, тут не столько про безопасность, сколько про IT, но вы же помните, что мы не можем защищать и атаковать то, чего не понимаем. Ниже нотация на случай, если не можете разглядеть на картинке.

1. REST (Representational State Transfer)
- An architectural style for designing networked applications.
- It emphasizes stateless communication, the use of standard HTTP methods (GET, POST, PUT, DELETE), and resources identified by URLs.

2. GraphQL
- A query language for APIs that allows clients to request exactly the data they need, nothing more and nothing less.
- This efficiency is a major advantage over REST, where endpoints often return fixed data structures.

3. SOAP (Simple Object Access Protocol)
- A protocol for exchanging structured information in the form of XML messages over a network.

4. gRPC (Google Remote Procedure Call)
- A high-performance, open-source framework for remote procedure calls (RPCs).
- It uses Protocol Buffers (a compact binary format) for data serialization.

5. Webhooks
- A mechanism for real-time communication between applications.
- A webhook is essentially an HTTP callback triggered by a specific event in one system, which sends a notification to another system.

6. WebSockets
- A protocol providing full-duplex communication channels over a single TCP connection.
- WebSockets enable real-time data exchange between a client and a server.

7. MQTT (Message Queuing Telemetry Transport)
- A lightweight publish-subscribe messaging protocol designed for low-bandwidth, high-latency, or unreliable networks.
- It is commonly used in IoT (Internet of Things) applications.

8. AMQP (Advanced Message Queuing Protocol)
- An open standard protocol for message-oriented middleware.
- AMQP provides features like reliable message delivery, routing, and queuing, making it suitable for enterprise integration scenarios.

9. EDA (Event-Driven Architecture)
- A software architecture pattern where applications react to events (e.g., user actions, sensor readings).
- EDA promotes loose coupling and scalability.

10. EDI (Electronic Data Interchange)
- A set of standards for exchanging business documents (e.g., purchase orders, invoices) electronically between organizations.
- EDI is widely used in supply chain management and logistics.

11. SSE (Server-Sent Events)
- A server-push technology that allows a server to send updates to a client over an HTTP connection in a unidirectional manner.

#BaseSecurity #API

🧠 Твой Пакет Знаний | 🛍 Другие каналы

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥8❤4💘4

www.group-telegram.com/ar/study_security.com/76

1.85K viewsFeb 6 at 11:06

Впитываем базу по протоколам и архитектуре API

Нашел тут красивую инфографику на тему API. Есть нюансы по REST и EDA, но в целом годно и объёмно, так что пробежаться и зафиксировать у себя в голове лишним не будет.

Да, тут не столько про безопасность, сколько про IT, но вы же помните, что мы не можем защищать и атаковать то, чего не понимаем. Ниже нотация на случай, если не можете разглядеть на картинке.

1. REST (Representational State Transfer)
- An architectural style for designing networked applications.
- It emphasizes stateless communication, the use of standard HTTP methods (GET, POST, PUT, DELETE), and resources identified by URLs.

2. GraphQL
- A query language for APIs that allows clients to request exactly the data they need, nothing more and nothing less.
- This efficiency is a major advantage over REST, where endpoints often return fixed data structures.

3. SOAP (Simple Object Access Protocol)
- A protocol for exchanging structured information in the form of XML messages over a network.

4. gRPC (Google Remote Procedure Call)
- A high-performance, open-source framework for remote procedure calls (RPCs).
- It uses Protocol Buffers (a compact binary format) for data serialization.

5. Webhooks
- A mechanism for real-time communication between applications.
- A webhook is essentially an HTTP callback triggered by a specific event in one system, which sends a notification to another system.

6. WebSockets
- A protocol providing full-duplex communication channels over a single TCP connection.
- WebSockets enable real-time data exchange between a client and a server.

7. MQTT (Message Queuing Telemetry Transport)
- A lightweight publish-subscribe messaging protocol designed for low-bandwidth, high-latency, or unreliable networks.
- It is commonly used in IoT (Internet of Things) applications.

8. AMQP (Advanced Message Queuing Protocol)
- An open standard protocol for message-oriented middleware.
- AMQP provides features like reliable message delivery, routing, and queuing, making it suitable for enterprise integration scenarios.

9. EDA (Event-Driven Architecture)
- A software architecture pattern where applications react to events (e.g., user actions, sensor readings).
- EDA promotes loose coupling and scalability.

10. EDI (Electronic Data Interchange)
- A set of standards for exchanging business documents (e.g., purchase orders, invoices) electronically between organizations.
- EDI is widely used in supply chain management and logistics.

11. SSE (Server-Sent Events)
- A server-push technology that allows a server to send updates to a client over an HTTP connection in a unidirectional manner.