🚀Faster mobile app releases with automated QA (Sponsored)

Manual testing on mobile devices is too slow and too limited. It forces teams to cut releases a week early just to test before submitting them to app stores. And without broad device coverage, issues slip through.

QA Wolf gets engineering teams to 80% automated test coverage in weeks with tests running on real iOS devices and Android emulators—all in 100% parallel with zero flakes.

• QA cycles reduced to just 15 minutes

• Multi-device + gesture interactions are fully supported

• Reliable test execution with zero flakes

• Human-verified bug reports

Engineering teams move faster, releases stay on track, and testing happens automatically—so developers can focus on building, not debugging.

Rated 4.8/5 ⭐ on G2

Schedule a demo to learn more

This week’s system design refresher:

• API Vs SDK!

• SQL Injection (SQLi)

• Types of AI Agents

• 24 Good Resources to Learn Software Architecture in 2025

• Cross-Site Scripting (XSS) Attacks

• SPONSOR US

API Vs SDK!

API (Application Programming Interface) and SDK (Software Development Kit) are essential tools in the software development world, but they serve distinct purposes:

API:
An API is a set of rules and protocols that allows different software applications and services to communicate with each other.

1. It defines how software components should interact.

2. Facilitates data exchange and functionality access between software components.

3. Typically consists of endpoints, requests, and responses.

SDK:
An SDK is a comprehensive package of tools, libraries, sample code, and documentation that assists developers in building applications for a particular platform, framework, or hardware.

1. Offers higher-level abstractions, simplifying development for a specific platform.

2. Tailored to specific platforms or frameworks, ensuring compatibility and optimal performance on that platform.

3. Offer access to advanced features and capabilities specific to the platform, which might be otherwise challenging to implement from scratch.

The choice between APIs and SDKs depends on the development goals and requirements of the project.

Over to you:
Which do you find yourself gravitating towards – APIs or SDKs – Every implementation has a unique story to tell. What’s yours?

a16z backed Dex is the #1 AI recruiter for software engineers (Sponsored)

Get perfectly matched for $200k-1m tech jobs in just 15 minutes.

After a quick chat, Dex scans thousands of roles, identifies the most interesting and compatible opportunities, then connects you directly with hiring managers.

He’ll even help you negotiate the compensation you deserve.

No more job boards, no wasting time speaking to endless recruiters.

Get interviewed today for:

• Top quant hedge funds ($300k - $1.5M)

• Leading AI Labs ($200k - $600k)

• Early to Mid career roles at high-growth tech companies ($100k - $300k)

ByteByteGo readers receive a $1000 bonus when they land a job through Dex.

Don’t wait—chat with Dex now, for free.

SQL Injection (SQLi)

SQL Injection is one of the oldest and most dangerous web vulnerabilities. With just a few crafted inputs, attackers can manipulate database queries and gain access to sensitive data.

Basic SQLi (Tautology-based): Attackers inject conditions like 1=1 to bypass authentication and retrieve all records.

In-band SQLi (Union/Error-based): Attackers use UNION SELECT or leverage error messages to extract usernames, passwords, or other sensitive data directly.

Blind SQLi (Boolean-based): No direct output is shown, but attackers infer database information based on whether a page returns results or not.

Blind SQLi (Time-based): Attackers use commands like SLEEP(5) to measure server response delays and extract data incrementally.

Over to you: How do you usually prevent SQLi: prepared statements, ORMs, or something else?

Types of AI Agents

AI agents don’t all think and act in the same way. They range from simple rule-followers to systems that learn and adapt. Each type marks a step forward in how machines perceive, decide, and act.

1. Simple Reflex Agents: These follow condition–action rules. For example, if the temperature is high, turn on the fan. No memory, no thinking, just instant reaction. They are fast and simple.

2. Model-based Reflex Agents: These maintain an internal understanding of their environment. They are not just reacting to immediate inputs, they have a model that helps them make sense of what is happening beyond what they can see right now.

3. Goal-based Agents: Here, the focus shifts to goals. Decisions are made based on whether an action brings the agent closer to its objective.

4. Utility-based Agents: These go a step further by weighing different outcomes. They choose the action that offers the best overall result, balancing trade-offs along the way.

5. Learning Agents: These are the most advanced. They improve continuously, using feedback to adapt and perform better over time.

Over to you: Which type of agent do you think is driving most of today’s AI systems?

24 Good Resources to Learn Software Architecture in 2025

The resources can be divided into different types such as:

1. Software Design Books
   Some books that can help are DDIA, System Design Volume 1 & 2, Clean Architecture, Domain-Driven Design, and Software Architecture: the Hard Parts

2. Tech Blogs and Newsletters
   Read technical blogs by companies like Netflix, Uber, Meta, and Airbnb. Also, the ByteByteGo newsletter provides insights into software design every week.

3. YouTube Channels and Architectural Resources
   YouTube channels like MIT Distributed Systems, Goto Conferences, and ByteByteGo can help with software architecture and system design. Azure Architecture Center and AWS Architecture Blog are other important resources.

4. WhitePapers
   For deeper insights, read whitepapers like Facebook Memcache Scaling, Cassandra, Amazon DynamoDB, Kafka, and Google File System.

5. Software Career Books
   A Software Architect also needs to develop holistic skills. Books about software career aspects such as Pragmatic Programmer, The Software Architect Elevator, The Software Engineer’s Guidebook, and Philosophy of Software Design can help.

Over to you: Which other resources will you add to the list?

Cross-Site Scripting (XSS) Attacks

A small script can cause big damage. XSS lets attackers inject malicious code into web pages and hijack user sessions, steal cookies, or manipulate the browser.

Reflected XSS: This type of attack happens when someone clicks a malicious link. The payload sits in the URL, gets reflected back in the response, and executes. It’s often used in phishing campaigns because you need to trick someone into clicking.

Stored XSS: The malicious code gets saved in your database, maybe in a comment field or user profile. Then it runs automatically every time someone loads that page.

DOM-based XSS: The payload manipulates the DOM directly in the browser without ever hitting your server. Makes it harder to catch with traditional server-side validation.

Over to you: What is one XSS prevention technique you wish more developers knew about?

Help us Make ByteByteGo Newsletter Better

TL:DR: Take this 2-minute survey so I can learn more about who you are, what you do, and how I can improve ByteByteGo

Take the ByteByteGo Survey

SPONSOR US

Get your product in front of more than 1,000,000 tech professionals.

Our newsletter puts your products and services directly in front of an audience that matters - hundreds of thousands of engineering leaders and senior engineers - who have influence over significant tech decisions and big purchases.

Space Fills Up Fast - Reserve Today

Ad spots typically sell out about 4 weeks in advance. To ensure your ad reaches this influential audience, reserve your space now by emailing sponsorship@bytebytego.com.