Please enable JavaScript.
Coggle requires JavaScript to display documents.
Problems to solve (energy focus) - Coggle Diagram
Problems to solve (energy focus)
get an apartment
which area?
budget?
the advantages
my own place
free to form most suitable routines
no 'mandatory' stress
privacy & potentially better sleep quality
the cons
have to rent
binds time to working in order to sustain and manage the new status quo
find a job better tailored to my future career path
find something more challening
examine what places to apply to
what would I like to do more in my work environment?
better growth boost
more important role in the company
meaningful contribution to a system
Negotiation points
Salary: 2000+
Remote / WFH
Work hours flexibility
Meeting Attendance
Reporting system / hierarchy
Annual Leave days
Techstack
Educational budget
Travelling
Expand knowledge pool
Documentation
Docker
Welcome Guide
ERROR SSL
Disable HSTS
enter localhost in Delete section
Use IP instead of localhost
Run the URL
Run a container
Create / Inspect Dockerfile
Build image: docker build -t welcome-to-docker .
Check vulnerabilities: docker scout quickview
Run created image as container
Specify Port
:warning: Look into optional settings
Pull images from Docker Hub
Multi Container Solution
Compose File Docs
Run the services: docker compose up -d
Automatic Code changes: docker compose watch
Deleting DB container deletes data here
Data persistance
A volume is a location in your local filesystem, managed by Docker
Keeps data that container generates
Add volumes into compose file
Still, data is isolated from local FS
Bind Mount = lets you share a directory from your host's FS into the container
How are bind mounts different from Watch?
Dockerise existing app: docker init
platform, main project, .NET version, port
.dockerignore
Dockerfile
compose.yaml
README.docker.md
ERROR: dotnet publish -a
.NET container samples
.NET specific guides
Microsoft ecosystem
ASP.NET
:check:
React + Vite + ASP.NET setup
REST API
Minimal API
Controller Scaffolding
EntityFramework Core
Overview
Basic Setup
EF Core in Web Apps 1
:check:
About Microservices
.NET environments
C# Book
Unit Testing
Visual Studio 2022
Will's guides
Project Planning and Setup
Define Scope & Req.
functionalities per microservice
data each microservice will handle
relationships between microservices
Microservices Example
TechStack Selection
Main: .NET, Postgres versions
Additional: Docker, Kubernetes, Redis
.NET 9 Overview
Design MSA
Define MS boundaries
Communcation pattern
REST API
Message Queues
database schemas
MS patterns
Development Phase
Setup Dev Env
Install tools & frameworks
Setup version control
Create Project Structure
1 project per each MS in solution
shared libs for common functionalities
Library Guidance
Develop single MS
REST API for CRUD operations
Integrate w/ DB
Implement Business Logic
Cross-Cutting Concerns
Logging
Security
Configuration
Create Web API
Database Design & Management
design each db schema per MS
setup migration tools (EF Core migrations)
Migrations Overview
Communication and Integration
Service Communication
Decide on type
synchronous (REST)
Async (Msg queues)
Implement inter-service comms
HTTP Clients
Rabbit MQ
Rabbit MQ w/ Dotnet
API Gateway & Load Balancing
A. Gateway routes requests to appropriate MS
implement load balancing strategies
Gateway Design
AAA
Authentication
JWT
OAuth2
User Roles, Authorization
Accounting (Logging permissions)
Authentication Overview
Deployment and Scaling
Containerization and Orchestration
Place each MS into Docker cont.
Kubernetes to orchestrate deployment
404 - Dockerised MS
Continuous Integration/Continuous Deployment (CI/CD)
Set up CI/CD pipelines
GitHub Actions
GitLab Runners
Jenkins Jobs
Automate processess
Testing
Deployment
Azure Pipelines
Monitoring and Logging
Implement monitor tool
Prometheus
Grafana
Centralised logging (ELK Stack)
ElasticSearch
LogStash
Kibana
Monitoring
Testing
Unit and Integration Testing
Write unit tests for individual components
Implement integration tests to ensure services work together
Testing in .NET
Load Testing and Performance Optimization
Perform load testing to identify bottlenecks
Optimize performance based on test results
404 - Performance Testing
Maintenance and Iteration
Documentation
Document APIs (Swagger)
Create internal documentation for devs
Swagger Docs
Feedback and Iteration
Gather feedback from users
Iterate on the design and implementation based on feedback
Key Decisions
Service boundaries & granularity
Decompose app into MS
Each MS has single responsibility
Boundaries Link Broken
Data Management Strategy
using a shared database vs. database per service
data consistency and transactions across services
Database per Service
Technology and Tools
right tools for development, testing, and deployment
open-source vs. commercial tools
Browse and Compare
Scalability and Fault Tolerance
Design for horizontal scaling
Implement fault tolerance and resilience patterns
Cloud Design Patterns
Security
AAA mechanisms
secure communication between services
OWASP 10
Deployment Strategy
deployment environments (e.g., cloud, on-premises)
blue-green deployments, canary releases
Blue-Green Deployment
Tutorials
Learning Strategy
1h to check & get the idea
additional for deeper comprehension
Appy on my own project
Do the examples provided
Write down notes & terminology
Read Guides
Watch additional vides
establishing a high quality network
identify places to meet valuable people
what seminars should I attend
MC2 2024/2025 Competition
:red_cross: SPAN Arena (CyberSec event)
:check: Career Day
what are the benefits
depth of the network
how much time do I spent on new people?
depth of quality bond
comprehend what cog I play in the big machine of life
what books should I read?
which ideology should I pick to best suit my needs and situation
deal with the question of what I want most currently
examine the branches and what each one of them focuses on
what matters most to me right now and in the next 5 years?
Travel Warrants Project
1.5 version: STP subject
Security
who am I protecting against?
:check: People (Intentional)
:check: People (Unintentional)
:warning: Infrastructure Malfunction
:red_cross: Disasters (Out Of Scope here)
what am I protecting?
Data
Infrastructure
API & Services
Database
Business Logic
:star: CRUD travel form management
:star: CRUD related data
Reporting
Exports
Digital Signing
OCR + AI parsing from scanned receipts
TechStack
runtime: .NET 8>9 platform
backend: ASP.NET framework
frontend: React (TypeScript)
database: PostgreSQL
Repository: GitHub
Deployment: Azure?
Setup
:check: Sketch Database
:check: Prioritize nodes from version 1
:check: Check Will's bussiness plan
:check: Look into organisation and components (ChatGPT, docs)
:check:
Check .NET docs for ASP.NET
:check: Business Logic Diagram
:check: Setup and Mock Database
:check: Git init w/ GitHub
Useful VS Extensions?
:check: Remake DB as PascalCase
Development
:check: Create app from template
TS errors: restart VS and rebuild solution
Server > Properties > Debug > Open UI > Disable browser opening
Connect backend to DB
Add Dependencies to Server
Npgsql.EntityFrameworkCore.PostgreSQL
Microsoft.EntityFrameworkCore.Design
Add connection string to appsettings.json
Create Model classes for EF
Create AppDBContext
Register AppDBContext to use ConnectionString
Add Data Annotation to Models
Key
Table
Column
Required
ForeignKey
Controllers
:check: Create controller
:check: Make it dynamic for every table
Move fetching data from controller to service
:check: Add Decorators
Make my own base controller, others are derivates
Or do it via assembly?
DTOs
Employee
General employee DTO
CreateDTO
UpdateDTO
Added Generic and Employee Repositories
Add Employee Service
Subject excersizes
:check:1st excersize
Run OWASP ZAP against app
Find 3 high/mid prio alerts to fix
Example: cookies missing security headers
Watch recorded examples (Teams)
Screenshot/record before and after state
Fixes
Content Security Policy
Cross-Domain-Misconfiguration
Anti-clickjacking-header
Strict Transport Security Header
X-content type options header
Access-Control Allow-Origin
Issues
.NET enforces most of common issues
Vite only problematic, but it's development only
How to test published app
CSP breaks css and scripts from backend
Questions
Disable HMR in production?
Vite proxy seup?
SPA?
:check: 2nd excersize
Get familiar w/ Docker
Fetch sonarqube docker image
Link as local app on Administration
run provided dotnet commands
fix issues from Dashboard
run App as async
FirstOrDefault >> Find
DbSet nullreferences
Unused logging variables
PascalCase naming
Declare as required or nullable
Replace system exceptions with user ones
Readability
Commented code
Questions
Automatize
Jenkins container
.ps1 pipe (scheduled)
pre-push git hook
View historical issues
Lint vs Qube mismatch
Change the embedded DB
Custom Exceptions
Change Project permissions to private
Connect SonarLint to SonarQube
3rd exercise
Conceptual issues
Use DB migrations or not?
Circular Dependencies
navigation properties aren't cyclic computations—they just point to related data
Lazy Loading (load related data when it's first accessed)
Eager Loading (load all necessary data upfront)
At the code level: When two classes require each other to function
In dependency injection: Circular references can create runtime exceptions
In module systems: Circular imports can lead to import errors
Cyclic computations - usually recursion
Possible issue: infinite recursive references (such as self-referencing entities with no stopping condition)
How to handle composite keys in EF?
Controllers, endpoints, Service design best practices
Dependency Injection
Scoped adding?
Controller vs ControllerBase?
Base: handles Web API only
Controller: supports views (pages) too
Publish vs. Release processes
Reflection
Repository pattern
SOC: data access separate from bussiness logic
mockable in unit testing
makes ORM swappable
Unit of works = similar to transaction
Generic Repository
Abstracts CRUD on entities
SPA in React and Angular
Middleware
DTO
The service doesn’t work with entities directly because DTOs represent the data that needs to be transferred to and from the API or other services, which decouples the internal entity structure from what is exposed externally.
DTO Mapping: It's good that you're converting your Employee entity to EmployeeDTO. For more complex applications, consider using a library like AutoMapper. It can simplify mapping between models and DTOs, especially if there are many properties to handle.
Use AutoMapper Library?
Unit Testing
Start unit testing the service layer by mocking repositories.
NUnit
Mock
Should Models inherit DbSet?
OperationResult vs Custom Exceptions
Architecture
Services
Logging Wrapper
Contains the business logic and works with DTOs, orchestrating data flow through repositories
The service layer holds business rules and validation logic. For example, you might only allow the creation of employees if certain criteria are met, and that logic would live in the service.
Data Fetching
:check: EmployeeService
Controllers
:construction: Data from tables
User preferences
Login
Handles HTTP requests and works with services to process data while adhering to RESTful principles.
Repositories
Encapsulates all database access logic, working directly with EF Core and entities.
Each repository typically handles a specific entity (like EmployeeRepository, DepartmentRepository), allowing centralized management of all data access logic.
:check: Generic Repository
:construction: EmployeeRepository
Transactions
Handled in the service layer when you need multiple operations to happen in a single transaction
1st version: Bachelor
TechStack
C++
RAD Studio 11.2 Alexandria
SQL Server Express 2019
IIS
ADO components
Reports extension
Architecture
:recycle: Data Storage
:train: XML - cars - CRUD
License Plate
Internal Company Name
Assigned to (Responsibilty based)
Currently driven by
Main location
:train: JSON - clients - CRUD
Company Name
Address
Email
ID
Contact Person mail
:train: Custom Binary File
Internal Code
Description
Confidentiality level
:star: Database
Entities / Tables
Departments - CRUD - Navigator
Employees - CRUD - Manual
Travel Expenses - CR - Manual
Blob fiels - scanned receipts attachment
Travel Warrants - CRUD - Manual
:recycle: Additional Features
Sorting (user radio button choice)
Filtering (user input field)
Lookup Fields (Department name instead of ID)
Calculated Fields (car meter in km)
:red_cross: .INI files
Color Scheme
Font settings
:train: Windows Registry
Yes/No save quick login
Username
Password
:recycle: :star: Server Application
:red_cross: Communication (w/ Client)
TCP
Simple data transfer
Client based request
Receive car info to be added to xml
Send sucess/unsucces control info
Streams transfer
Client based request
Receive request for file
Send companycards.xml as stream
Send success/unsucess control info
UDP
Simple data tranfer
client based
receive car code to be deleted
Streams transfer
client based
receive encrypted clients.json file
:red_cross: Tasks
RSA keys exchange
Encrypt / Decrypt data
Send/Receive data
Modify xml and json files
Listen for TCP / UDP requests
:recycle: :star: Client Application
:recycle: Screens / Forms / Dialogues
Create + Update Car info
CRUD on Clients info
Read + Delete Car info
Read + Create Travel Purposes info
CRUD on Company Departments entry
Read + Delete Employee entry
Create + Update Employee entry
Create Expenses entry
Create + Update Travel Warrant entry
Login
Read + Delete Travel Warrant entry + Report Generation
Miscellaneous Features
:question: Mutual Lockout
Critical Section, NOT Mutex
Editing server-side companycars.xml
Reasoning: avoid multiple concurrent access that would corrupt file integrity
:red_cross: Subjugate process call
CLI-based app
Cleanup
Session RSA keys reset
Remove encrypted XML and JSON
Remove local companycars.xml
Result: 0 for success, 1 for failed (generate msg)
:red_cross: Custom in-app download (HTTP client)
show download progress
enable limiters
5 kb/s
10 kb/s
20 kb/s
30 kb/s
:recycle: Reporting
Single Travel Warrant
PDF + RTF
Source: Join Query
Employees
Departments
TravelWarrants
Employee Travel Recap
PDF
Source: Master-Detail tables
Master: employee
Detail: TravelWarrants
:question: Multi-Threading
PreparationThread
Generate RSA keys (crypto)
Exchange RSA keys w/ Server
Send encrypted Clients.json to server for backup
:red_cross: LoadIconsThread
SOAP call for country flags (translation)
Update UI w/ Icons safely (Synchronise, not Queue)
could use custom thread pool
:red_cross: SOAP web service
Service: DataFlex
Method: CountryFlag
Purpose: Get flag icons for supported languages
:red_cross: REST web service
Service: mirror ai
resource /sticker
Purpose: create personalised avatar
:red_cross: Security
:question: Cryptography
Symmetric
client encrypts clients.json
server decrypts clients.json
AES algorithm
Asymmetric
RSA-4096 block vector algorithm
server encrypts key for symmetric encryption
client decrypts key for symmetric encryption
:check: Hashing
SHA-256 algorithm
Fixed salt
Dynamic salt
pepper
content: password
:question:
Digital Signature
:red_cross: SOAP client
purpose: validate license plates info
:!?: ValidateLicenseplate
Input string license plate
Validate format via regex
2 big letters
2x Limiter: -
3 - 4 numbers
2 big letters (city code)
:!?: isValidCityCode
input string license plate
check if exists in list of supported cities
:red_cross: Deployment mode: IIS
:star: REST client
/employees
GET: fetches newest announcement to client app (public)
POST: sends newset announcement (auth required)
/employeeexport
provide employeeID
Queries db
Returns xml response with employee info
/warrantsexport
provide warrantID
query db
returns warrants and related info in XML
:red_cross: Static Library
:train: Client (model class)
:train: JSON Helper
Current client
allClients (vector)
Load, Add, Delete, Edit Clients
RewriteFile
:red_cross: Dynamic Library
WinRegHelper
isRememberMe
username
hashedPassword
Delete, Load, Save settings
"Static" Linking, not dynamic
:red_cross: DLL dialogues
Avatar Generation form
Download Resources form
Issues
Most of the code in clientapp, rather than in serverapp
hardcoded queries that take parameters
data storage dispersed - should all be in DB
Lack of role-based-access through out the app
Lack of unit testing
Data transfer only partially encrypted
Lack of exception handling
Lack of logging
2nd version: Master
Additional solutions to consider
Use Containers now or later?
Microservices: wrap all features, or just few?
Candidates
Reporting
Car License Validation
Login
Use specific DTOs as communication objects between MS
Sensitive data is removed from the DTO to avoid exposing it to other services.
DTOs allow you to filter and shape the data to include only the fields needed by the receiving microservice, reducing overhead and making the communication more efficient
DTOs allow you to enforce these validation rules (e.g., required fields, max length) at the service boundary, ensuring that data received from other services is valid before it's processed.
How to handle logging properly? ELK?
Unit Testing via NUnit? Moq?
Automatized Deployment: PowerShell pipelines?
Include LLM/AI for predictive analysis (improvement mentioned in paper)
API Gateway?
ORM: EntityFramework Core or Dapper?
switch to GitLab (self hosted?)
Miscellaneous
draw the updated db design
refresh the original design/business logic
examine the VS template
SonarQube setup
:red_cross: GitHub Integration
Can't be done locally
SonarQube Instance needs to have public URL
use GitLab instead
locally - via Docker container
.Net and Sonar
Using Sonar in .NET
:warning: Git pre-push hook
Server + DB installation
read up on materials
Useful tools
Coggle
dbdiagram.io
Whimsicle
miro.com
draw.io
figma
obsidian.md
CodePen.io
use virtual, abstract or interface
Docker setup
PosgreSQL cluster migration
run admin CMD
set PGPASSWORD=your_password
"C:\Program Files\PostgreSQL\16\bin\pg_dumpall.exe" -U postgres -f "C:\temp\pg_backup.sql"
set PGPASSWORD=
cd C:\Users\YourUsername
"C:\Program Files\PostgreSQL\17\bin\pg_upgrade.exe" ^ --old-datadir="C:\Program Files\PostgreSQL\16\data" ^ --new-datadir="C:\Program Files\PostgreSQL\17\data" ^ --old-bindir="C:\Program Files\PostgreSQL\16\bin" ^ --new-bindir="C:\Program Files\PostgreSQL\17\bin" ^ -U postgres ^ --check
SELECT * FROM pg_extension;
DROP EXTENSION adminpack;
run pg_uppgrade.exe without --check
switch ports in C:\Program Files\PostgreSQL\VERSION\data\postgresql.conf
switch ports in pgAdmin server properties
Skillset
Technical
Misc
MS Office
Sharepoint integration
VBA (in Excel)
Power BI
Software Engineering
Programming
.NET ecosystem
.NET Framework 5
.NET 8+
EntityFramework (Core)
LINQ
NUnit w/ Moq
WPF
Winforms C#
Dependency Injection
ProtoBuf
C#
RAD Studio
ADO Components
Winforms (Design)
INDY TCP, UDP, HTTP, SOAP, REST
C++
Python
Pandas
NumPy
Django
Jenkins Jobs
React w/ TypeScript
MatLab
OOP
SQL
DDL
DML
T-SQL
Procedures, Functions
Triggers
CTE, Subqueries, Views
ACID rules
Permissions
Git & GitLab
PowerShell
Cyber Security
Information Security
ISO Standards
Disk Encryption
PKI
Automated Backups
Forensics
Computer
Disk Aquisition
Autopsy Analysis
Writing Reports
RAM
Volatility3
Malware
Safe SW Dev
Cryptography
OS
Windows
Linux setups
CyberSec Workstation
Security Onion
Kali Linux
Ubuntu Desktop
Sans SIFT Workstation
Networking
Network Security
CCNA 1- 3
Packet Tracer
WireShark
Soft
Interpersonal