apidays Paris 2024 - Why We Should All Be API H...

apidays

PRO

December 23, 2024

Programming

apidays Paris 2024 - Why We Should All Be API Hackers, Desz Lamptey, Capital One

Why We Should All Be API Hackers
Desz Lamptey, Lead Software Engineer at Capital One

apidays Paris 2024 - The Future API Stack for Mass Innovation
December 3 - 5, 2024

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays
PRO

December 23, 2024

More Decks by apidays

See All by apidays

apidays Paris 2024 - Make Your LLM Infrastructure Serverless, Guillaume Blaquiere, Carrefour

apidays

PRO

Green IO Conference at apidays Paris 2024 - Eco-Designing a B2B App : the Beta.gouv Use Case, Anne Faubry, Designers Ethiques

apidays

PRO

Green IO Conference at apidays Paris 2024 - The Internet is Getting Emptier; That's a Sustainability Problem, Romain Jacob , ETH Zürich

apidays

PRO

apidays Paris 2024 - Discoverability, Findability, and AI : lessons learnt from the DevPortal Awards, Laura Vass

apidays

PRO

apidays Paris 2024 - Scaling LLM APIs: Integrating Load Testing Into Your CI/CD Pipeline, Samir Akarioh, Gatling

apidays

PRO

apidays Paris 2024 - Success Stories of API Integration, Harry Bouras and Josef Glemba, DHL IT Services

apidays

PRO

apidays Paris 2024 - Military-Grade Security for APIs, Michał Trojanowski, Curity

apidays

PRO

apidays Paris 2024 - Integration Platform using Open-Source, Magnus Hedner, Benify

apidays

PRO

Green IO Conference at apidays Paris - Start at the end, Hannah Smith, Green Web Foundation

apidays

PRO

Other Decks in Programming

See All in Programming

Mermaid x AST x 生成AI = コードとドキュメントの完全同期への道

shibuyamizuho

160

フロントエンドのディレクトリ構成どうしてる？　Feature-Sliced Design 導入体験談

osakatechlab

4.1k

毎日13時間もかかるバッチ処理をたった3日で60%短縮するためにやったこと

sho_ssk_

180

create_tableをしただけなのに〜囚われのuuid編〜

daisukeshinoku

270

テストコード文化を0から作り、変化し続けた組織

kazatohiei

1.5k

PHPUnitしか使ってこなかった一般PHPerがPestに乗り換えた実録

mashirou1234

230

rails statsで大解剖 🔍 “B/43流” のRailsの育て方を歴史とともに振り返ります

shoheimitani

940

見えないメモリを観測する: PHP 8.4 `pg_result_memory_size()` とSQL結果のメモリ管理

kentaroutakeda

410

17年周年のWebアプリケーションにTanStack Queryを導入する / Implementing TanStack Query in a 17th Anniversary Web Application

saitolume

250

これでLambdaが不要に？！Step FunctionsのJSONata対応について

iwatatomoya

3.7k

Effective Signals in Angular 19+: Rules and Helpers

manfredsteyer

PRO

110

선언형 UI에서의 상태관리

l2hyunwoo

180

Featured

See All Featured

Done Done

chrislema

181

16k

GraphQLの誤解/rethinking-graphql

sonatard

10k

A better future with KSS

kneath

238

17k

KATA

mclloyd

14k

Learning to Love Humans: Emotional Interface Design

aarron

273

40k

Documentation Writing (for coders)

carmenintech

4.5k

[RailsConf 2023] Rails as a piece of cake

palkan

How to train your dragon (web standard)

notwaldorf

5.7k

Distributed Sagas: A Protocol for Coordinating Microservices

caitiem20

330

21k

A Tale of Four Properties

chriscoyier

157

23k

実際に使うSQLの書き方徹底解説 / pgcon21j-tutorial

soudai

169

50k

jQuery: Nuts, Bolts and Bling

dougneiner

7.5k

Transcript

Why We Should All Be Hackers * the mindset change
we all need * Desz Lamptey Lead Software Engineer, Certiﬁed Ethical Hacker, One-Day-at-a-Time Dad
What Happened?
None
Elements of a Hacker Persistent Patient Resourceful Curious Creative Ethical
Hacker Malicious Hacker
None
Security Misconﬁguration (API8:2023) - Chatbot using LLM APIs
Threat Mitigation Follow Best Practices and Standards Use Server-side Validation
Implement Proper Authorization & Authentication Create a Fast Reaction Strategy Use strong encryption Understand Attack Fundamentals Automate Security Checks Automate security patches & dependency updates Enhance Access Controls Monitor and Log Everything Train on Secure Coding
For illustrative purposes only
1. function calculateApplicableDiscount (basket: BasketModel, req: Request) { 2. if
(security.discountFromCoupon(basket.coupon)) { 3. const discount = security.discountFromCoupon(basket.coupon) 4. return discount 5. } else if (req.body.couponData) { . . . 6. if (campaign && campaign.validOn < new Date().getTime()){ 7. return campaign.discount 8. } 9. } 10. return 0 11. } 12. const campaign = {5_OFF:{validOn: new Date('Mar 8, 2024 00:00:00 GMT+0100').getTime(), discount: 5}} #validate-coupon
Let’s Dive in Together Lambda Application
Creativity Productivity Security
Are we ready for change?
Resources to hack responsibly