gRPC Security with Less Effort - NSEC2023
Offered By: NorthSec via YouTube
Course Description
Overview
Explore gRPC security challenges and solutions in this 31-minute conference talk from NorthSec. Delve into the expanded attack surface of gRPC/gRPC-web compared to traditional HTTP1.1 REST, focusing on applicative service misconfigurations. Examine new attack vectors arising from issues like HTTP2 downgrade and disabled reflection. Discover a comprehensive code configuration for securing generic gRPC services, featuring an automatically generated Kubernetes authentication service with an interceptor to an authorization engine. Learn how to simplify complex access delegation using open-source Ory engines. Gain insights into critical applicative issues related to currency, math, and conversions that demand attention in gRPC implementations.
Syllabus
NSEC2023 - gRPC security with less effort
Taught by
NorthSec
Related Courses
Разработка веб-сервисов на Golang, часть 2Moscow Institute of Physics and Technology via Coursera TensorFlow Serving with Docker for Model Deployment
Coursera Project Network via Coursera gRPC [Java] Master Class: Build Modern API & Micro services
Udemy The complete gRPC course 2020 [Golang + Java + Protobuf]
Udemy Provisioning and Managing Networks Using Common Automation Tools
Pluralsight