One of the benchmarks that people are usually interested in their system in terms of performance is the end-to-end latency. In our project, the system is mainly composed of Eventhubs and Event-triggered Azure Functions. To keep it simple, let's assume our system only have 2 event-triggered azure functions.

In a later phase of our project, we were also interested in how long it would take for an event to flow from the start of the system to the end. …


End-to-end Transaction Details

In this blog post, I will explain the correlation logic with a simple system that consists of 2 azure functions and 2 event hubs.


In our project, we were investigating our load test results on our eventhub triggered azure functions. We had some performance issues, and this led us to think about whether azure function actually has some retry or replay logic under the hood that made the function to process more load than expected. Although it turns out that neither the retry nor replay logic was causing the issue, I would still like to share our learnings on how eventhub triggered azure function behaves in terms of replays and retries.

Content:

  1. Conclusions first :)
  2. Where does azure function store the checkpoints of events?


Terraform manages logic app in separate actions, triggers, etc. Since we usually create logic app from GUI, we find this a bit nonintuitive and complicated to break down the full json into separate parts. We would like to create logic app resources with the full json that is generated automatically after creating logic from GUI. We found some github issues that were same as what we wanted to achieve, but from the replies, looks like terraform will not support this feature for now:
ex: https://github.com/terraform-providers/terraform-provider-azurerm/issues/5197

https://www.terraform.io/docs/providers/azurerm/r/logic_app_action_custom.html

In this post, I will share our workaround to deploy logic app ARM template within…


Contents:

  1. Sample SQL Injection Vulnerability Function App
  2. Penetration Test with ZAP Api Scan (Docker)
    a. Generate Open Api Definition for your Api
    b. ZAP + containerized azure function
    c. ZAP + not containerized azure function
  3. Zap reports
  4. (Penetration Test with OWASP ZAP Desktop)

In this post I will demonstrate how you can run a penetration test against your Azure Functions with Zap api scan (Docker). Using the ZAP docker image allows you to add this penetration testing step into your automated pipelines.

Documentation for ZAP api scan : https://www.zaproxy.org/blog/2017-06-19-scanning-apis-with-zap/

1. Sample SQL Injection Vulnerability Function App

Let me show you a bit about my function app with…

Shervyna Ruan

Software Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store