What is Fastity?

Overview of Fast and low overhead web framework for Node.js
17 October 2017   2197

An efficient server implies a lower cost of the infrastructure, a better responsiveness under load and happy users. How can you efficiently handle the resources of your server, knowing that you are serving the highest number of requests as possible, without sacrificing security validations and handy development?

Fastify is a web framework highly focused on speed and low overhead. It is inspired from Hapi and Express and as far as we know, it is one of the fastest web frameworks in town. Use Fastify can increase your throughput up to 100%.

Features

  • 100% asynchronous: all the core is implemented with asynchronous code, in this way not even a millisecond is wasted.
  • Highly performant: as far as we know, Fastify is one of the fastest web frameworks in town, depending on the code complexity we can serve up to 20000 request per second.
  • Extendible: Fastify is fully extensible via its hooks, plugins and decorators.
  • Schema based: even if it is not mandatory we recommend to use JSON Schema to validate your routes and serialize your outputs, internally Fastify compiles the schema in a highly performant function.
  • Logging: logs are extremely important but are costly; we chose the best logger to almost remove this cost, Pino!
  • Developer friendly: the framework is built to be very expressive and help the developer in his daily use, without sacrificing performance and security.

Benchmarks

Developers provided benchmarks table for different frameworks, including Fastity.

Frameworks Benchmark
Frameworks Benchmark

Benchmark was held on: Intel Xeon E5-2686 v4 @ 2.30GHz (4 cores, 8 threads), 16GiB RAM (Amazon EC2 m4.xlarge)

Benchmark method: autocannon -c 100 -d 10 -p 10 localhost:3000 * 2, taking the second average.

Learn more at official website and GitHub.

Third Party Apps Could Read Twitter Messaging

According to the company, no one used this vulnerability and the issues is now solved
18 December 2018   575

Until the beginning of December, third-party applications could access Twitter private messages. According to the company, no one took advantage of this vulnerability. Terence Eden, who found it, was paid almost $ 3,000 under the Bug Bounty program.

In 2013, there was a leak of keys to the Twitter API - so applications could access the interface bypassing the social network. To protect users, Twitter implemented an application authorization mechanism through predefined addresses (Callback URL), but it didn’t suit everyone.

Applications that do not support Callback URLs could authenticate using PIN codes. With this authorization, a window pops up that lists which data the user opens to access. The window did not request access to private messages, but in fact the application received it.

On December 6, Twitter reported that it had solved the problem. Judging by the statement of the company on the HackerOne website, no one had time to take advantage of this vulnerability.

This is not the first social network security error related to the API. In September, Twitter discovered a bug in AAAPI (Account Activity API): the system sent a copy of the user's personal message to a random recipient.