We need more knowledge sharing on security topics – that’s for sure. We, as developers, need to know what threats await for us in the open Internet where our system exposes Login APIs. I don’t mean here general threats from OWASP.
I mean specific attacks with detailed analysis and guides. You don’t often find this kind of data available on the internet. Maybe it is hidden on some Security conference that we, developers, do not visit.
Here it is – developers’ perspective on Login API security. I presented it on several conferences – enjoy the recordings!
Abstract
A real life story for backend developers about the game of cat and mouse with hackers. They know passwords of my users and they make use of that knowledge. But I know that they know. And where from they know it. Do I know who they are? Yes – I’ll show you how.
They also know passwords of your users. And they will come to you. For sure we care a lot about the complex business logic we build. Login endpoints, well, are just a tiny piece of it, however, critical. Do you monitor them? Let me show you how my login endpoints are attacked, so that you are prepared.
I’ll show you those attacks – the traffic patterns, data they had, how they did it, why they did it and what they achieved. Also what we did with this knowledge and how the culture is important in such moments. I will show you a lot – maybe even too much. In an open manner – exactly how security should be treated in serious systems. We speak too few about security.
Slides
Get slides from my GitHub
Recordings
Warsaw Java Users Group [PL]
Click! [PL]
Presentation starts at 5:00
J/vaCon [PL]
Intro starts at 37:51
Presentation starts at 44:00
Looks OK! 