API Abuse, Credit Card Fraud and Credential Stuffing

We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more!

Show Notes online - http://podcast.thinkingelixir.com/93

Elixir Community News

• https://erlef.org/blog/eef/election-2022-results – Erlang Ecosystem Foundation board election voting results
• https://erlef.org/blog/eef/election-2022 – Previous election notice and explanations
• https://hexdocs.pm/ex_doc/changelog.html – ExDoc v0.28.3 was released
• https://twitter.com/josevalim/status/1508528099973120004 – Call to help move ExDoc away from webpack to esbuild
• https://twitter.com/dominicletz/status/1506675402059792388 – iOS app store now has an Elixir application deployed in it!
• https://podcast.thinkingelixir.com/69 – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile.
• https://www.erlang.org/news/155 – Erlang 25.0 rc-2 was released and requesting feedback
• https://twitter.com/josevalim/status/1507443537851392007 – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max
• Conference reminders
• https://www.empex.co/mtn – Empex MTN in Salt Lake City on May 6
• https://codesync.global/conferences/code-beam-sto-2022/ – CodeBEAM in Stockholm on May 19-20
• https://www.elixirconf.eu/ – ElixirConf EU in London on June 9-10
• https://elixirconf.com/events – ElixirConf US in Colorado on August 30-Sep2
• https://github.com/lucasvegi/Elixir-Code-Smells – Elixir Code Smells - public project
• https://fly.io/phoenix-files/safe-ecto-migrations/ – Safe Ecto Migrations
• https://twitter.com/TylerAYoung/status/1508413319178297352 – Today I Learned about doctests and importing

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Discussion Resources

• https://www.paraxial.io/blog/throttle-requests
• https://github.com/michalmuskala/plug_attack
• https://owasp.org/Top10/
• https://github.com/magento/magento2/issues/28614 – What is a carding attack?
• https://owasp.org/www-project-automated-threats-to-web-applications/
• http://paraxial.io/
• https://frame.io/
• https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx
• https://www.metasploit.com/
• https://www.crunchbase.com/
• https://owasp.org/www-community/attacks/Credential_stuffing
• https://en.wikipedia.org/wiki/Web_application_firewall

Guest Information

• https://twitter.com/paraxialio – on Twitter
• https://github.com/paraxialio/ – on Github
• https://paraxial.io/ – Website
• sales@paraxial.io

Find us online

• Message the show - @ThinkingElixir
• Email the show - show@thinkingelixir.com
• Mark Ericksen - @brainlid
• David Bernheisel - @bernheisel
• Cade Ward - @cadebward

Sponsored By:

• Fly.io: Fly.io is a great place to deploy your next Phoenix application! Check them out!