93: Preventing Service Abuse with Michael Lubas

We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more! Show Notes online - http://podcast.thinkingelixir.com/93 Elixir Community News https://erlef.org/blog/eef/election-2022-results – Erlang Ecosystem Foundation board election voting results https://erlef.org/blog/eef/election-2022 – Previous election notice and explanations https://hexdocs.pm/ex_doc/changelog.html – ExDoc v0.28.3 was released https://twitter.com/josevalim/status/1508528099973120004 – Call to help move ExDoc away from webpack to esbuild https://twitter.com/dominicletz/status/1506675402059792388 – iOS app store now has an Elixir application deployed in it! https://podcast.thinkingelixir.com/69 – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile. https://www.erlang.org/news/155 – Erlang 25.0 rc-2 was released and requesting feedback https://twitter.com/josevalim/status/1507443537851392007 – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max Conference reminders https://www.empex.co/mtn – Empex MTN in Salt Lake City on May 6 https://codesync.global/conferences/code-beam-sto-2022/ – CodeBEAM in Stockholm on May 19-20 https://www.elixirconf.eu/ – ElixirConf EU in London on June 9-10 https://elixirconf.com/events – ElixirConf US in Colorado on August 30-Sep2 https://github.com/lucasvegi/Elixir-Code-Smells – Elixir Code Smells - public project https://fly.io/phoenix-files/safe-ecto-migrations/ – Safe Ecto Migrations https://twitter.com/TylerAYoung/status/1508413319178297352 – Today I Learned about doctests and importing Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected] Discussion Resources https://www.paraxial.io/blog/throttle-requests https://github.com/michalmuskala/plug_attack https://owasp.org/Top10/ https://github.com/magento/magento2/issues/28614 – What is a carding attack? https://owasp.org/www-project-automated-threats-to-web-applications/ http://paraxial.io/ https://frame.io/ https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx https://www.metasploit.com/ https://www.crunchbase.com/ https://owasp.org/www-community/attacks/Credential_stuffing https://en.wikipedia.org/wiki/Web_application_firewall Guest Information https://twitter.com/paraxialio – on Twitter https://github.com/paraxialio/ – on Github https://paraxial.io/ – Website [email protected] Find us online Message the show - @ThinkingElixir Email the show - [email protected] Mark Ericksen - @brainlid David Bernheisel - @bernheisel Cade Ward - @cadebward Sponsored By:Fly.io: Fly.io is a great place to deploy your next Phoenix application! Check them out!