April 05, 2022

93: Preventing Service Abuse with Michael Lubas

Listen Later

52 minutes

We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more!

Show Notes online - http://podcast.thinkingelixir.com/93

Elixir Community News

https://erlef.org/blog/eef/election-2022-results – Erlang Ecosystem Foundation board election voting results

https://erlef.org/blog/eef/election-2022 – Previous election notice and explanations

https://hexdocs.pm/ex_doc/changelog.html – ExDoc v0.28.3 was released

https://twitter.com/josevalim/status/1508528099973120004 – Call to help move ExDoc away from webpack to esbuild

https://twitter.com/dominicletz/status/1506675402059792388 – iOS app store now has an Elixir application deployed in it!

https://podcast.thinkingelixir.com/69 – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile.

https://www.erlang.org/news/155 – Erlang 25.0 rc-2 was released and requesting feedback

https://twitter.com/josevalim/status/1507443537851392007 – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max

Conference reminders

https://www.empex.co/mtn – Empex MTN in Salt Lake City on May 6

https://codesync.global/conferences/code-beam-sto-2022/ – CodeBEAM in Stockholm on May 19-20

https://www.elixirconf.eu/ – ElixirConf EU in London on June 9-10

https://elixirconf.com/events – ElixirConf US in Colorado on August 30-Sep2

https://github.com/lucasvegi/Elixir-Code-Smells – Elixir Code Smells - public project

https://fly.io/phoenix-files/safe-ecto-migrations/ – Safe Ecto Migrations

https://twitter.com/TylerAYoung/status/1508413319178297352 – Today I Learned about doctests and importing

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]

Discussion Resources

https://www.paraxial.io/blog/throttle-requests

https://github.com/michalmuskala/plug_attack

https://owasp.org/Top10/

https://github.com/magento/magento2/issues/28614 – What is a carding attack?

https://owasp.org/www-project-automated-threats-to-web-applications/

http://paraxial.io/

https://frame.io/

https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx

https://www.metasploit.com/

https://www.crunchbase.com/

https://owasp.org/www-community/attacks/Credential_stuffing

https://en.wikipedia.org/wiki/Web_application_firewall

Guest Information

https://twitter.com/paraxialio – on Twitter

https://github.com/paraxialio/ – on Github

https://paraxial.io/ – Website

[email protected]

Find us online

Message the show - @ThinkingElixir

Email the show - [email protected]

Mark Ericksen - @brainlid

David Bernheisel - @bernheisel

Cade Ward - @cadebward

Sponsored By:

Fly.io: Fly.io is a great place to deploy your next Phoenix application! Check them out!

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Thinking Elixir Podcast

By ThinkingElixir.com

4.9

3232 ratings

April 05, 2022

93: Preventing Service Abuse with Michael Lubas

Listen Later

52 minutes

We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more!

Show Notes online - http://podcast.thinkingelixir.com/93

Elixir Community News

https://erlef.org/blog/eef/election-2022-results – Erlang Ecosystem Foundation board election voting results

https://erlef.org/blog/eef/election-2022 – Previous election notice and explanations

https://hexdocs.pm/ex_doc/changelog.html – ExDoc v0.28.3 was released

https://twitter.com/josevalim/status/1508528099973120004 – Call to help move ExDoc away from webpack to esbuild

https://twitter.com/dominicletz/status/1506675402059792388 – iOS app store now has an Elixir application deployed in it!

https://podcast.thinkingelixir.com/69 – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile.

https://www.erlang.org/news/155 – Erlang 25.0 rc-2 was released and requesting feedback

https://twitter.com/josevalim/status/1507443537851392007 – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max

Conference reminders

https://www.empex.co/mtn – Empex MTN in Salt Lake City on May 6

https://codesync.global/conferences/code-beam-sto-2022/ – CodeBEAM in Stockholm on May 19-20

https://www.elixirconf.eu/ – ElixirConf EU in London on June 9-10

https://elixirconf.com/events – ElixirConf US in Colorado on August 30-Sep2

https://github.com/lucasvegi/Elixir-Code-Smells – Elixir Code Smells - public project

https://fly.io/phoenix-files/safe-ecto-migrations/ – Safe Ecto Migrations

https://twitter.com/TylerAYoung/status/1508413319178297352 – Today I Learned about doctests and importing

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]

Discussion Resources

https://www.paraxial.io/blog/throttle-requests

https://github.com/michalmuskala/plug_attack

https://owasp.org/Top10/

https://github.com/magento/magento2/issues/28614 – What is a carding attack?

https://owasp.org/www-project-automated-threats-to-web-applications/

http://paraxial.io/

https://frame.io/

https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx

https://www.metasploit.com/

https://www.crunchbase.com/

https://owasp.org/www-community/attacks/Credential_stuffing

https://en.wikipedia.org/wiki/Web_application_firewall

Guest Information

https://twitter.com/paraxialio – on Twitter

https://github.com/paraxialio/ – on Github

https://paraxial.io/ – Website

[email protected]

Find us online

Message the show - @ThinkingElixir

Email the show - [email protected]

Mark Ericksen - @brainlid

David Bernheisel - @bernheisel

Cade Ward - @cadebward

Sponsored By:

Fly.io: Fly.io is a great place to deploy your next Phoenix application! Check them out!

...more

More shows like Thinking Elixir Podcast

Hanselminutes with Scott Hanselman by Scott Hanselman

Hanselminutes with Scott Hanselman

377 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

283 Listeners

Talk Python To Me by Michael Kennedy

Talk Python To Me

592 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

624 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

982 Listeners

REWORK by 37signals

REWORK

211 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

189 Listeners

Elixir Mix by Charles M Wood

Elixir Mix

13 Listeners

Elixir Wizards by SmartLogic LLC

Elixir Wizards

22 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

64 Listeners

Beam Radio by Lars Wikman

Beam Radio

11 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners

Elixir Mentor by Jacob Luetzow

Elixir Mentor

2 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

52 Listeners