Stopping Malicious Actors

Jun 6, 2022

Scott and Wes dive into the world of web security, discussing the tactics used by malicious actors and how they exploit vulnerabilities. They highlight effective strategies like rate limiting and nonce tokens to protect applications. The conversation also covers the challenges of CAPTCHA systems, weighing user experience against security needs. They shed light on online privacy complexities and the use of VPNs, along with emphasizing the importance of DDoS protection to keep your web projects safe from harm.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Rate Limiting

Implement rate limiting to restrict excessive actions.
Limit actions by IP address, but consider legitimate use cases like schools with shared IPs.

ANECDOTE

Rate Limiting in Practice

Wes's rate limiting affected a school class trying to access his course.
He manually resolved it after a student contacted him, highlighting a potential downside of strict rate limiting.

ADVICE

Shadow Banning

Implement shadow banning to handle malicious logged-in users.
Restrict their features without their knowledge by returning a "not logged in" state, preventing further misuse.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this Hasty Treat, Scott and Wes talk about ways to prevent malicious people from using or abusing your app.

Linode - Sponsor

Whether you’re working on a personal project or managing enterprise infrastructure, you deserve simple, affordable, and accessible cloud computing solutions that allow you to take your project to the next level. Simplify your cloud infrastructure with Linode’s Linux virtual machines and develop, deploy, and scale your modern applications faster and easier. Get started on Linode today with a $100 in free credit for listeners of Syntax. You can find all the details at linode.com/syntax. Linode has 11 global data centers and provides 24/7/365 human support with no tiers or hand-offs regardless of your plan size. In addition to shared and dedicated compute instances, you can use your $100 in credit on S3-compatible object storage, Managed Kubernetes, and more. Visit linode.com/syntax and click on the “Create Free Account” button to get started.

Sentry - Sponsor

If you want to know what’s happening with your code, track errors and monitor performance with Sentry. Sentry’s Application Monitoring platform helps developers see performance issues, fix errors faster, and optimize their code health. Cut your time on error resolution from hours to minutes. It works with any language and integrates with dozens of other services. Syntax listeners new to Sentry can get two months for free by visiting Sentry.io and using the coupon code TASTYTREAT during sign up.

Show Notes

00:26 Welcome
01:04 Sponsor: Linode
02:06 Sponsor: Sentry
02:59 What kind of bad things can happen to your application?
06:24 How do you stop bad actors?
12:20 Nonce tokens
14:10 CSRF
CSRF Explained
14:50 Captcha
hCaptcha
17:06 DDOS
Cloudlfare DDOS
17:38 Ban known bad ASNS

Tweet us your tasty treats

Scott’s Instagram
LevelUpTutorials Instagram
Wes’ Instagram
Wes’ Twitter
Wes’ Facebook
Scott’s Twitter
Make sure to include @SyntaxFM in your tweets