Winter Internship Report

(10/12/2018 - 25/1/2018)

Boomerang Control Centre

Security Layer controlling security data pipeline
ingestion framework

Submitted by:-

Manupriyam Jindal
290/CO/15
Final Year Undergraduate Student

Department of Computer Engineering

Netaji Subhas Institute of Technology

 Table of Contents

S. No. Content Page No.

1. Acknowledgement 3
2. Certificate 4
3. About Expedia 5
4. Project Development 7
5. Bibliography 19
 Acknowledgement

The satiation and euphoria that accompany the successful completion of the
project would be incomplete without the mention of the people who made it
possible.

I would like to take the opportunity to thank and express my deep sense of
gratitude to my corporate mentor Mr. Chirag Malik and my faculty mentor Mr.
Yasar Siddiqui. I am greatly indebted to both of them for providing their valuable
guidance at all stages of the study, their advice, constructive suggestions,
positive and supportive attitude and continuous encouragement, without which
it would have not been possible to complete the project.

I would also like to thank Mr. Saurabh Vajpayee (Project Manager) who in spite
of busy schedule has co-operated with me continuously and indeed, his
valuable contribution and guidance have been certainly indispensable for my
project work.

I am thankful to Mr. Rachit Jain for giving me the opportunity to work with
Expedia Group India Ltd. and learn.

I owe my wholehearted thanks and appreciation to the entire staff of the

company for their cooperation and assistance during the course of the project.

I hope that I can build upon the experience and knowledge that I have gained
and make a valuable contribution towards this company in coming future.

Manupriyam Jindal
Employee ID -
87022
 Introduction
About Expedia Group
Expedia Group is a United States based multinational travelling company
headquartered in Bellevue, United States. It comprises of numerous affiliated
businesses, most of them united under the Expedia brand, and is the world’s
2nd largest travelling company.

Expedia began life as a humble website. It was created in late 1996 by

Microsoft, then as now functioning as an online travel booking portal. As the
dot-com era of the late 1990s gathered steam, Microsoft decided to float a small
piece of Expedia in a IPO in 1999. The issue was a smashing success; launched
on a buoyant market hungry for new online stocks, Expedia’s shares closed
more than three times higher than the IPO price on their first day of trading on
the Nasdaq. The new millennium saw Expedia fall into a habit it’s maintained
ever since. In January 2000, it made its first acquisitions, snapping up a pair of
travel websites. These were hotel consolidator Travelscape.com and alternative
lodging specialist VacationSpot.com. As the decade wore on, Expedia returned
to its old acquiring ways, opening its wallet for assets such as European hotel
reservation company Venere, and the self-explanatory CarRentals.com. In
2010s Expedia expanded and consolidated. At the end of 2011, it spun off
TripAdvisor into a separate, publicly traded company. It continued to pack new
strategic assets into its suitcase, buying familiar names Travelocity,
HomeAway, and Orbitz Worldwide in the busy year of 2015.

The travel industry is in a good place these days, with lower fuel prices(a major
cost item for airlines) and a still-buoyant domestic economy contributing to
robust overall growth. With its big, constantly growing portfolio of travel assets,
Expedia has benefited from its trend. For the most part, though, Expedia has
been a profitable company and has the resources to keep expanding its
portfolio.
Expedia pledges to bring the world within reach. Expedia targets on customer
centricity, local relevance on global basis. Expedia aims on attracting and
engaging the world of Travel Suppliers.

Expedia Group following certain guiding principles as follows

1. Put Yourself in the Shoes of our Customers and Partners.
2. One Team, Group First
3. Have a Bias to Action
4. Relentlessly Strive to Better
5. Think Big and Small
6. Be Data Driven and Business Judgment Led
7. Simplify
8. Be Open and Honest
9. Be Humble
10. Be Positive, Assume Positive Intent

Expedia Group India

Expedia in India is located in DLF Cyber City, Gurugram, Haryana also it has
an office which is recently opened in Bangalore as well. The biggest reason why
Expedia is not able to make it name in the market of India is that the company
came to India in 2012. The Gurugram office being the oldest of Indian office had
only 30 employees in the beginning. And today Expedia has almost 1400
employees in India and the employee count is increasing rapidly. Also the
company aims to double this figure by the end of 2020. Expedia sees India as
a potential market therefore they are also expending their reach in India by
opening various offices within the country itself. Also Expedia owns Trivago
which is a sub company of Expedia and a travel booking company as well.
Trivago is giving a cut throat competition to MakeMyTrip and Yatra.com.

So the question is what is so good about Expedia that makes it one of the tech
crunch company in the world? With such a vast coverage of Expedia Group
from Australia to Europe to Asia to America, the company owns a very large
amount of data. And it is
very difficult for a normal person to manage all this data. So, here software
developers comes into play. They manage these data in such a way that it is
safe with Expedia. And also this data helps in betterment of the user
friendliness of Expedia software as well. Also since Expedia is a web and
mobile device based company. It is also important to maintain these websites
and mobile softwares. And also since Expedia Group owns total of 20
companies in itself. It requires a lot of empolyees to manage all of this as well.

One of the biggest reasons why Expedia beats the other established companies
in India is that it lets Expedians to work on the actual projects and not on any
side projects. It focuses not only on their customers but also on their employees.

Life at Expedia
Life at Expedia is pretty amazing. While they focus on customer, they focus
more on keeping their employees happy. Expedia provides all they benefits
one can ask for. From cab facility to delicious food for three course meal to
work from home benefits to flexible work hours. Expedia is a company which
gives the best work life balance one needed. With also always the prime
benefit of working with various technologies. One can grow with the company
and employees do feel like home in the company. Also company provides with
various fun activities to keep boosting the morale of the employees. Regular
outings to different places and added medical and travelling benefits are some
of the few luxuries that company offers.

During my internship I never felt like an intern it was like I was an integral part
of the company which also motivated me to perform efficiently with the project.
With constant guidance and support by my teammates. The transition from
college to company although only for two months did not felt like a scary thing.
It was smooth and good transition.
 Expedia Philosophy

Expedia philosophy is “We will devote our human resources and technology to
create superior products and services, thereby contributing to a better global
society.

Expedia values their people with a strong belief in “A company is its people”
philosophy and providing opportunities to perform at their full potential”.

Expedia values excellence. The company gives its best efforts with endless
passion and a challenge spirit to become world best in every way.

Expedia values change. Expedia rapidly take initiative in executing change and
innovation with a risk awareness. They believe, that they cannot survive if they
do not constantly strive to innovate.

Expedia values integrity. At Expedia, everyone acts in a right and ethical way in
all manners, ensuring fairness with honor and grace.

Expedia values Co-prosperity. Expedia employees take full responsibilities as

a good corporate citizen in pursuit of mutual prosperity with the community,
nation and human society.
 Outline
My internship was under the Enterprise Risk and Security(ERS) organization of
the e-Commerce Platform(eCP) domain of Expedia Group.
ERS takes care of preventing online fraud, account takeover and supplier fraud
and ensuring cyber security for all of Expedia group. ERS collects about 5
terabyters of security logs from different Expedia assets, be it data servers or
various Expedia cloud nodes. These logs are antivirus logs, firewall logs, running
for Expedia employees. These logs are then analyzed to detect any security
holes.

The objective of the project was “to create and additional layer of security on the
existing security data pipeline ingestion framework and control the framework
using the same layer by creation of an Admin UI – the Boomerang Control
Centre”, for that we have to understand the Amazon Web Service’s various
products like AWS Lambda, AWS ApiGateway, AWS S3 Bucket, AWS
Cloudfront, AWS Cognito, AWS WAF and Shield, ADFS and also various
frameworks of java language like Spring Boot. The objective of the study was to
make us familiar with these products so that we could be able to integrate it within
our existing software.

The project was started on 4th of June after knowing all the relevant information
regarding the project, under the guidance of Mr. Yasar Siddiqui(Senior Software
Developer Engineer). The first part of my internship involves the study of the
architecture of Expedia software backend. Understand the OOPs concept used
by Expedians. This helps fellow employee to understand my code and suggest
changes to it. For this I used world wide web as a primary source of information
for study, also attended a week with Mr. Chirag Malik to understand the
architecture of the existing security data pipeline ingestion framework.

Since the next part of my project was to get my hands-on on code. Hence, the
detailed study provided me a rough idea in writing code and my corporate mentor
guided me in debugging the code.
Project Development

Objective
To create and additional layer of security on the existing security data pipeline
ingestion framework and control the framework using the same layer by creation of
an Admin UI – the Boomerang Control Centre

Overview
The application will allow control of security data pipeline ingestion.
Using the tool, the users can:
✓ View, activate/deactivate and update all Splunk agents and CloudWatch
partners.
✓ View, Create and Edit existing partner accounts.
✓ View all log ingestion queries, schedule new log ingestion queries, and edit
existing ones.
✓ Request replays to fill data holes and view replays and it’s tasks for a
particular agent.
The application will be authenticated via ADFS and will authorize users by allowing
access to only those in appropriate security groups.
Setup of Continuous Integration Continuous Development (CICD) for further
development and improvements in the application (Jenkins Pipeline)
Authorization and Authentication

Strategy 1- Basic personal login

➢ Features
• Users Register and get mail verified

• Sign In with the credentials

• Forgot password options

➢ Strategy used
• Locally saving users and then authentication

• Amazon Cognito User Pool and Cognito

Architecture:
Shortcomings:
• New registering user require approval from admin of the user pool account
• The users have to remember the passwords for this particular app, making this
highly inconvenient to use.

• Users have to enter personal data on their own, making the process
cumbersome.

Strategy 2- Authentication via SEA credentials

Deciding the strategy for securing the app

➢ Lightweight Directory Access Protocol (LDAP)

✓ Active Directory Federation Services (ADFS)

Reason:
1. Single Sign on supported by ADFS.
2. LDAP involves creating a client side login page.
3. LDAP service user credentials needs to be stored and managed at service
end, making the service insecure.

Active Directory Federation Services

Active Directory Federation Services (AD FS), is a software component
developed by Microsoft which provides users with single sign-on access to systems
and applications located across organizational boundaries.

It uses a claims-based access-control authorization model to maintain application

security and to implement federated identity.

Claims-based authentication involves authenticating a user based on a set of claims

about that user's identity contained in a trusted token(SAML based token).

It is part of the Active Directory Services.

Implementing ADFS

Strategy 1
Directly returning SAML from ADFS and then using it to authenticate and authorize
on client side.

Shortcomings:

• If the callback URL changes, then service now ticket should be raised to change
relying party which takes time.

• Highly insecure as the authentication and the authorization is done at client side.

• S3 can only receive GET requests, making the SAML response to be sent back
as query string, making a bound on the SAML length due to URL length
limitations.
Strategy 2 – Using AWS Cognito

Using AWS Cognito to create temporary access and identity token authenticated and
authorized by mapping of SAML Response returned from the ADFS server. The
validity of these tokens is an hour and it these are JWTs, which are secured by a
passkey, making decoding of these tokens and manipulating them to infiltrate the
application impossible.

Content Delivery Network

A content delivery network or content distribution network (CDN) is a geographically
distributed network of proxy servers and their data centers. The goal is to distribute
service spatially relative to end-users to provide high availability and high
performance. CDNs serve a large portion of the Internet content today, including web
objects (text, graphics and scripts), downloadable objects (media files, software,
documents), applications (e-commerce, portals), live streaming media, on-demand
streaming media, and social media sites.
The content delivery network is done with help of AWS Cloudfront.

Application Firewall

An application firewall is a form of firewall that controls input, output, and/or

access from, to, or by an application or service. It operates by monitoring and
potentially blocking the input, output, or system service calls that do not meet the
configured policy of the firewall.

To secure the access of the application only from Expedia trusted IPs and VPNs,
AWS WAF and Shield is used.

The architecture of the final application is on the next page.

ARCHITECTURE
Application Screenshots

Login through ADFS

View, activate/deactivate and update Partners

View, create and edit and partners accounts

Request replays and get task summary

Technologies Used

Java

Java is a general-purpose computer programming language that is concurrent,

class-based, object-oriented, and specifically designed to have as few
implementation dependencies as possible. It is intended to let application
developers “write once, run anywhere”(WORA), meaning that compiled Java
code run on all platforms that support Java without the need for recompilation.
Java applications are typically complied to byte code that can run on any Java
virtual machine (JVM) regardless of computer architecture. As of 2015, Java is
one of the most popular programming languages in use, particularly for client-
server web applications, with a reported 9 million developers.

Angular 4

Angular 4 is a JavaScript Framework for building web applications and apps in

JavaScript, HTML, and TypeScript, which is a superset of JavaScript. Angular
provides built in features for animations, http services, and materials which in
turn has features such as auto-complete, navigation, toolbar, menus, etc. The
code written in TypeScript, which compiles to JavaScript and displays the same
to the browser. For working with Angular 4 it is important that the user should
have the basic knowledge about JavaScript, HTML, CSS, TypeScript and
Document Object Model.

JSON

JSON (JavaScript Object Notation) is a lightweight data - interchange format. It

is easy for humans to read and write. It is easy for machines to parse and
generate. It is based on a subset of the JavaScript Programming Language,
Standard ECMA - 262 3rd Edition - Decemeber 1999. JSON is a text format that
is completely language independent but uses conventions that are familiar to
programmers of the C-family of languages, including C, C++, C#, Java,
JavaScript, Perl, Python and many others. These properties make JSON an ideal
data - interchange language.
JSON is built on two structures:
1. A collection of name/value pairs. In various languages, this is realized
as an object, record, struct, dictionary, has table.
2. An ordered list of values. In most languages , this is realized as an
array, vector, list or sequence.

These are universal data structres. Virtually all modern programming languages
support them in one form or another. It makes sense that a data format that is
interchangable with the programming languages also be based on these
structures.

GIT

Git is a version control system for tracking changes in computer files and
coordinating work on those files among multiple people. It is primarily used for
source code management in software development, but it can be used to keep
track of changes in any set of files. As a distributed revision control system, it is
aimed at speed, data integrity, and support for distributed, non-linear workflows.

AWS Lambda

AWS Lambda is a serverless compute service that runs your code in response
to events and automatically manages the underlying compute resources for
user. User can use AWS Lambda to extend other AWS services with custom
logic, or create your own back-end services that operate at AWS scale,
performance, and security. AWS Lambda can automatically run code in
response to multiple events, such as HTTP requests via Amazon API Gateway,
modifications to objects in Amazon S3 buckets, table updates in Amazon
DynamoDB, and state transitions in AWS Step Functions.

Lambda runs your code on high-availability compute infrastructure and

performs all the administration of the compute resources, including server and
operating system maintenance, capacity provisioning and automatic scaling,
code and security patch deployment, and code monitoring and logging. All one
need to do is supply the code.
AWS ApiGateway

Amazon API Gateway is an AWS service that enables developers to create,

publish, maintain, monitor, and secure APIs at any scale. You can create APIs
that access AWS or other web services, as well as data stored in the AWS
Cloud.

API Gateway can be considered a backplane in the cloud to connect AWS

services and other public or private websites. It provides consistent RESTful
application programming interfaces (APIs) for mobile and web applications to
access AWS services.

The following diagram shows API Gateway architecture.

AWS Simple Storage Service

Amazon Simple Storage Service is storage for the Internet. It is designed to

make web-scale computing easier for developers.
Amazon S3 has a simple web services interface that you can use to store and
retrieve any amount of data, at any time, from anywhere on the web. It gives
any developer access to the same highly scalable, reliable, fast, inexpensive
data storage infrastructure that Amazon uses to run its own global network of
web sites. The service aims to maximize benefits of scale and to pass those
benefits on to developers
AWS WAF, AWS Shield

AWS WAF is a web application firewall that lets you monitor the HTTP and
HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon
CloudFront or an Application Load Balancer. AWS WAF also lets you control
access to your content. Based on conditions that you specify, such as the IP
addresses that requests originate from or the values of query strings, API
Gateway, CloudFront or an Application Load Balancer responds to requests
either with the requested content or with an HTTP 403 status code (Forbidden).

Amazon Cloudfront

Amazon CloudFront is a fast content delivery network (CDN) service that

securely delivers data, videos, applications, and APIs to customers globally with
low latency, high transfer speeds, all within a developer-friendly environment.
CloudFront is integrated with AWS – both physical locations that are directly
connected to the AWS global infrastructure, as well as other AWS services.
CloudFront works seamlessly with services including AWS Shield for DDoS
mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for
your applications, and Lambda@Edge to run custom code closer to customers’
users and to customize the user experience.

Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your
web and mobile apps quickly and easily. Amazon Cognito scales to millions of
users and supports sign-in with social identity providers, such as Facebook,
Google, and Amazon, and enterprise identity providers via SAML 2.0.
Sign up now
 References

https://www.expediagroup.com/

https://www.expediagroup.com/about/
https://www.expediagroup.com/expedia-brands/
https://www.draw.io/
https://aws.amazon.com/lambda/
https://aws.amazon.com/apigateway/
https://aws.amazon.com/s3bucket/
https://aws.amazon.com/waf/
https://aws.amazon.com/cloudfront/
https://aws.amazon.com/cognito/
https://angular.io/
https://www.oracle.com/java/
.