38 min listen
93: Preventing Service Abuse with Michael Lubas
93: Preventing Service Abuse with Michael Lubas
ratings:
Length:
53 minutes
Released:
Apr 5, 2022
Format:
Podcast episode
Description
We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more!
Show Notes online - http://podcast.thinkingelixir.com/93 (http://podcast.thinkingelixir.com/93)
Elixir Community News
- https://erlef.org/blog/eef/election-2022-results (https://erlef.org/blog/eef/election-2022-results) – Erlang Ecosystem Foundation board election voting results
- https://erlef.org/blog/eef/election-2022 (https://erlef.org/blog/eef/election-2022) – Previous election notice and explanations
- https://hexdocs.pm/ex_doc/changelog.html (https://hexdocs.pm/ex_doc/changelog.html) – ExDoc v0.28.3 was released
- https://twitter.com/josevalim/status/1508528099973120004 (https://twitter.com/josevalim/status/1508528099973120004) – Call to help move ExDoc away from webpack to esbuild
- https://twitter.com/dominicletz/status/1506675402059792388 (https://twitter.com/dominicletz/status/1506675402059792388) – iOS app store now has an Elixir application deployed in it!
- https://podcast.thinkingelixir.com/69 (https://podcast.thinkingelixir.com/69) – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile.
- https://www.erlang.org/news/155 (https://www.erlang.org/news/155) – Erlang 25.0 rc-2 was released and requesting feedback
- https://twitter.com/josevalim/status/1507443537851392007 (https://twitter.com/josevalim/status/1507443537851392007) – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max
- Conference reminders
- https://www.empex.co/mtn (https://www.empex.co/mtn) – Empex MTN in Salt Lake City on May 6
- https://codesync.global/conferences/code-beam-sto-2022/ (https://codesync.global/conferences/code-beam-sto-2022/) – CodeBEAM in Stockholm on May 19-20
- https://www.elixirconf.eu/ (https://www.elixirconf.eu/) – ElixirConf EU in London on June 9-10
- https://elixirconf.com/events (https://elixirconf.com/events) – ElixirConf US in Colorado on August 30-Sep2
- https://github.com/lucasvegi/Elixir-Code-Smells (https://github.com/lucasvegi/Elixir-Code-Smells) – Elixir Code Smells - public project
- https://fly.io/phoenix-files/safe-ecto-migrations/ (https://fly.io/phoenix-files/safe-ecto-migrations/) – Safe Ecto Migrations
- https://twitter.com/TylerAYoung/status/1508413319178297352 (https://twitter.com/TylerAYoung/status/1508413319178297352) – Today I Learned about doctests and importing
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com)
Discussion Resources
- https://www.paraxial.io/blog/throttle-requests (https://www.paraxial.io/blog/throttle-requests)
- https://github.com/michalmuskala/plug_attack (https://github.com/michalmuskala/plug_attack)
- https://owasp.org/Top10/ (https://owasp.org/Top10/)
- https://github.com/magento/magento2/issues/28614 (https://github.com/magento/magento2/issues/28614) – What is a carding attack?
- https://owasp.org/www-project-automated-threats-to-web-applications/ (https://owasp.org/www-project-automated-threats-to-web-applications/)
- http://paraxial.io/ (http://paraxial.io/)
- https://frame.io/ (https://frame.io/)
- https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx (https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx)
- https://www.metasploit.com/ (https://www.metasploit.com/)
- https://www.crunchbase.com/ (https://www.crunchbase.com/)
- https://owasp.org/www-community/attacks/Credential_stuffing (https://owasp.org/www-community/attacks/Credential_stuffing)
- https://en.wikipedia.org/wiki/Webapplicationfirewall (https://en.wikipedia.org/wiki/Web_application_firewall)
Guest Information
- https://twitter.com/paraxialio
Show Notes online - http://podcast.thinkingelixir.com/93 (http://podcast.thinkingelixir.com/93)
Elixir Community News
- https://erlef.org/blog/eef/election-2022-results (https://erlef.org/blog/eef/election-2022-results) – Erlang Ecosystem Foundation board election voting results
- https://erlef.org/blog/eef/election-2022 (https://erlef.org/blog/eef/election-2022) – Previous election notice and explanations
- https://hexdocs.pm/ex_doc/changelog.html (https://hexdocs.pm/ex_doc/changelog.html) – ExDoc v0.28.3 was released
- https://twitter.com/josevalim/status/1508528099973120004 (https://twitter.com/josevalim/status/1508528099973120004) – Call to help move ExDoc away from webpack to esbuild
- https://twitter.com/dominicletz/status/1506675402059792388 (https://twitter.com/dominicletz/status/1506675402059792388) – iOS app store now has an Elixir application deployed in it!
- https://podcast.thinkingelixir.com/69 (https://podcast.thinkingelixir.com/69) – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile.
- https://www.erlang.org/news/155 (https://www.erlang.org/news/155) – Erlang 25.0 rc-2 was released and requesting feedback
- https://twitter.com/josevalim/status/1507443537851392007 (https://twitter.com/josevalim/status/1507443537851392007) – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max
- Conference reminders
- https://www.empex.co/mtn (https://www.empex.co/mtn) – Empex MTN in Salt Lake City on May 6
- https://codesync.global/conferences/code-beam-sto-2022/ (https://codesync.global/conferences/code-beam-sto-2022/) – CodeBEAM in Stockholm on May 19-20
- https://www.elixirconf.eu/ (https://www.elixirconf.eu/) – ElixirConf EU in London on June 9-10
- https://elixirconf.com/events (https://elixirconf.com/events) – ElixirConf US in Colorado on August 30-Sep2
- https://github.com/lucasvegi/Elixir-Code-Smells (https://github.com/lucasvegi/Elixir-Code-Smells) – Elixir Code Smells - public project
- https://fly.io/phoenix-files/safe-ecto-migrations/ (https://fly.io/phoenix-files/safe-ecto-migrations/) – Safe Ecto Migrations
- https://twitter.com/TylerAYoung/status/1508413319178297352 (https://twitter.com/TylerAYoung/status/1508413319178297352) – Today I Learned about doctests and importing
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com)
Discussion Resources
- https://www.paraxial.io/blog/throttle-requests (https://www.paraxial.io/blog/throttle-requests)
- https://github.com/michalmuskala/plug_attack (https://github.com/michalmuskala/plug_attack)
- https://owasp.org/Top10/ (https://owasp.org/Top10/)
- https://github.com/magento/magento2/issues/28614 (https://github.com/magento/magento2/issues/28614) – What is a carding attack?
- https://owasp.org/www-project-automated-threats-to-web-applications/ (https://owasp.org/www-project-automated-threats-to-web-applications/)
- http://paraxial.io/ (http://paraxial.io/)
- https://frame.io/ (https://frame.io/)
- https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx (https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx)
- https://www.metasploit.com/ (https://www.metasploit.com/)
- https://www.crunchbase.com/ (https://www.crunchbase.com/)
- https://owasp.org/www-community/attacks/Credential_stuffing (https://owasp.org/www-community/attacks/Credential_stuffing)
- https://en.wikipedia.org/wiki/Webapplicationfirewall (https://en.wikipedia.org/wiki/Web_application_firewall)
Guest Information
- https://twitter.com/paraxialio
Released:
Apr 5, 2022
Format:
Podcast episode
Titles in the series (100)
13: Video chat using LiveView with Jesse Herrick: We talk with Jesse Herrick about creating a video chat app using WebRTC and Phoenix LiveView. We cover the WebRTC protocol, how Phoenix helps, JS hooks, pushing events from the server and much more! Show Notes online - https://thinkingelixir. by Thinking Elixir Podcast