Building Secure(r) applications using Language-theoretic security
Prashant Anantharaman - @prashantbarca
Language-theoretic security is the approach of recognizing and handling all input before processing it. Traditionally, almost every software development project mixes this recognition of input and processing of the input. If the recognition wasn’t done right, then poor input can be processed and lead to exploits. Language-theoretic security suggests, that the recognition be separated from the processing making it easier to audit the code, and fundamentally prevent parser bugs from recurring. In this talk, I would present an overview of Language-theoretic security and describe the parser combinator library hammer. I would then describe the approach to building language-theoretic security compliant implementations of some popular application layer IoT protocols like MQTT in ruby, and discuss the performance overhead in this approach.
My Adventure in RateLimit-ing infrastructure as a service
Getting a Rails app, a Java app, Ruby clients, Amazon ECS, Kinesis & Athena all to play nicely together. We'll take a look at how easy it is to get a "personal Heroku" running on AWS with Terraform. Where to draw the line between the Rails app and the Java API. Finally we'll look at design considerations for making a gem that is friendly and flexible enough to fit into many architectures.
We're looking for speakers for April. Please submit your talk proposals on Papercall (https://www.papercall.io/bostonrb)!
Thanks to ezCater (https://www.ezcater.com/) for hosting us this month and providing refreshments!