9 Threats Poor implementation API side 1. Broken Object level authorization 2. Broken User authentication 3. Excessive data exposure 4. Lack of resources and rate limiting 5. … OWASP Security top 10
16 Real-time alerting 1. What is business-as-usual # Status code # Signature # Rate limit # Volumes # API envelope # Response format # Latency # Headers # IP
18 On-duty recipe Real-time alerting About 50% culture / 50% technical Visibility: store everything, have context Trust: filter the noise Layers: have sound channels and fair escalation Iterate: blameless post-mortems
25 Smart Alerting Development Analysis Smart detection Anomalies detection algorithm Pattern detection, like bots or failures Database of known threats Critical data failure Smart notification First doubt: log Consistent issue: notify Known breach: wake up # Be transparent and cautious