The Security and Resiliency Challenges of Cloud Native Authorization with Alex Olivier

Authentication (validating who you claim to be) and Authorization (enforcing what you are allowed to do) are critical in modern software development. While authentication seems to be a solved problem, modern software development faces many challenges with secure, fast, and resilient authorization mechanisms. 
To learn more about those challenges, we invited Alex Olivier, Co-Founder and CPO at Cerbos, an Open Source Scalable Authorization Solution. Alex shared insights on attribute-based vs. role-based access Control, the difference between stateful and stateless authorization implementations, why Broken Access Control is in the OWASP Top 10 Security Vulnerabilities, and how to observe the authorization solution for performance, security, and auditing purposes.

Links we discussed during the episode:
Alex's LinkedIn: https://www.linkedin.com/in/alexolivier/
Cerbos on GitHub: https://github.com/cerbos/cerbos
OWASP Broken Access Control: https://owasp.org/www-community/Broken_Access_Control

Om Podcasten

The brutal truth about digital performance engineering and operations.

Andreas (aka Andi) Grabner and Brian Wilson are veterans of the digital performance world. Combined they have seen too many applications not scaling and performing up to expectations. With more rapid deployment models made possible through continuous delivery and a mentality shift sparked by DevOps they feel it’s time to share their stories. In each episode, they and their guests discuss different topics concerning performance, ranging from common performance problems for specific technology platforms to best practices in development, testing, deploying and monitoring software performance and user experience. Be prepared to learn a lot about metrics.

Andi & Brian both work at Dynatrace, where they get to witness more real world customer performance issues than they can TPS report at.