93: Preventing Service Abuse with Michael Lubas

We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more! Show Notes online - http://podcast.thinkingelixir.com/93 Elixir Community News https://erlef.org/blog/eef/election-2022-results – Erlang Ecosystem Foundation board election voting results https://erlef.org/blog/eef/election-2022 – Previous election notice and explanations https://hexdocs.pm/ex_doc/changelog.html – ExDoc v0.28.3 was released https://twitter.com/josevalim/status/1508528099973120004 – Call to help move ExDoc away from webpack to esbuild https://twitter.com/dominicletz/status/1506675402059792388 – iOS app store now has an Elixir application deployed in it! https://podcast.thinkingelixir.com/69 – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile. https://www.erlang.org/news/155 – Erlang 25.0 rc-2 was released and requesting feedback https://twitter.com/josevalim/status/1507443537851392007 – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max Conference reminders https://www.empex.co/mtn – Empex MTN in Salt Lake City on May 6 https://codesync.global/conferences/code-beam-sto-2022/ – CodeBEAM in Stockholm on May 19-20 https://www.elixirconf.eu/ – ElixirConf EU in London on June 9-10 https://elixirconf.com/events – ElixirConf US in Colorado on August 30-Sep2 https://github.com/lucasvegi/Elixir-Code-Smells – Elixir Code Smells - public project https://fly.io/phoenix-files/safe-ecto-migrations/ – Safe Ecto Migrations https://twitter.com/TylerAYoung/status/1508413319178297352 – Today I Learned about doctests and importing Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com Discussion Resources https://www.paraxial.io/blog/throttle-requests https://github.com/michalmuskala/plug_attack https://owasp.org/Top10/ https://github.com/magento/magento2/issues/28614 – What is a carding attack? https://owasp.org/www-project-automated-threats-to-web-applications/ http://paraxial.io/ https://frame.io/ https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx https://www.metasploit.com/ https://www.crunchbase.com/ https://owasp.org/www-community/attacks/Credential_stuffing https://en.wikipedia.org/wiki/Web_application_firewall Guest Information https://twitter.com/paraxialio – on Twitter https://github.com/paraxialio/ – on Github https://paraxial.io/ – Website sales@paraxial.io Find us online Message the show - @ThinkingElixir Email the show - show@thinkingelixir.com Mark Ericksen - @brainlid David Bernheisel - @bernheisel Cade Ward - @cadebward Sponsored By:Fly.io: Fly.io is a great place to deploy your next Phoenix application! Check them out!

Om Podcasten

The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community. Whether you are already experienced with Elixir or just exploring the language, this show is created with you in mind. We discuss community news, Functional Programming, transitioning from OOP, coding conventions, and more. Guests visit the show to help challenge our assumptions, learn about new developments and grow in the process. Subscribe to join us on this journey!