26 Septembre - Security for devs


Details
RDV à partir de 19h dans les locaux de Botify, 22 Rue Royale, 75008 (Bâtiment A) pour le premier meetup de la rentrée.
Comme d'habitude des talks instructifs orientés Sécu, à destination des développeurs initiés et non-initiés.
19h30 - 20h00 - Jean-Baptiste Barth (Botify) - Centralizing security policies with an API gateway
When adding more services and tools to a platform, it becomes harder and harder to maintain common security features, which lead to security holes an attacker could exploit.
In this talk we will explore how to leverage the Kong API Gateway to move some security features (authentication, rate-limiting, audit logs, ...) to a central layer. We're currently experimenting with this at Botify, and we'll discuss our first POCs, our experience, early pros and cons of the approach.
20h00 - 20h30 - Vladimir de Turckheim (Sqreen) - Applicative DOS through NoSQL injection
Applicative Denial of Service is mostly known through Regex abuse. Most people do not know that other applicative DoS can be exploited through diverse means. In this talk we will see how a malicious user can obtain a MongoDB injection and use it to prevent an application from responding.
20h30 - Buffet offert par Botify

26 Septembre - Security for devs