Dominic Finn
Nottinghamshire, England, United Kingdom
862 followers
500+ connections
About
I love technology. I've built my career across the spectrum, from dev roles to tech…
Articles by Dominic
Contributions
-
What are the best practices for securing an API against brute force attacks?
A dedicated SRE team is an important step to monitoring and planning any “serious” API. Failing that, adopting SRE behaviours and techniques is also important. Documentation, monitoring as a culture and easy export / analysis of logs are all ways to make identifying and remediating a brute force attack. Use alarms and alerting but don’t rely on them alone! Have a planned out of hours schedule to make sure it’s clear who does what if an attack should be attempted. Work with a reputable security company on war games and pen testing and make sure they’re regular.
-
What are the best practices for securing an API against brute force attacks?
Using HTTPS is a must. You need to ask some very serious questions if this isn’t done. Whilst HTTPS doesn’t stop brute force attacks, it can act as a very basic deterrent. It stops easy access to / sniffing of valid requests to your API.
-
What are the best practices for securing an API against brute force attacks?
Rate limits are an absolute must. The most important thing about this though is that if an attack is organised, it will be using any number IP addresses. Expect someone probing your API to use back off techniques until they find your sweet spot, they can then distribute to the sweet spot of different clients (distributed brute force attacks). The answer to this is vigilance and looking at patterns in requests, if rate limit alarms are setting off regularly, look for patterns in the request logs, maybe the IP address changes but the request body or headers stay the same for example. Maybe it’s clear that most of the request is the same when you use pattern matching. With this you can start to look at more sophisticated validation.
-
What are the best practices for securing an API against brute force attacks?
Whilst authentication is generally important, I’m not sure it stops or deters a brute force attack. The whole idea of a brute force attack is to find credentials that work. That being said, having rate limited authentication will help counteract a brute force attack. In my experience, being on the receiving end of organised crime distributed brute force and credential stuffing attacks, sophisticated attacks will come from multiple geos and a variable number of IP addresses on how your rate limiting works, that’s why it’s really really important to not just rely on auth or rate limiting. You need a team to watch over request graphs with alerting and graphs!
Activity
-
Popped along to the Notts Techfast meetup in Nottingham again this week ☕💻 Always a great way to start the day - good coffee, good chat, and this…
Popped along to the Notts Techfast meetup in Nottingham again this week ☕💻 Always a great way to start the day - good coffee, good chat, and this…
Liked by Dominic Finn
-
DevOps Notts is on TONIGHT! Please DO NOT GO TO SCALE SPACE - it's now at BJSS's office, just down the road! Graham Haythornthwaite will be…
DevOps Notts is on TONIGHT! Please DO NOT GO TO SCALE SPACE - it's now at BJSS's office, just down the road! Graham Haythornthwaite will be…
Liked by Dominic Finn
Experience
Education
Licenses & Certifications
-
RSci - Registered Scientist
Science Council
Publications
-
Developing with the Oculus Rift and Unity
My talk at Tech Nottingham (A Nottingham Software Developers Meetup) on my experiences in developing using the Unity IDE and the Oculus Rift SDK.
-
Brownfield Refactoring
My talk at DDD North 2014 (The North version UK's largest Developer Conference at the University of Leeds).
-
Skeleton Music
Microsoft Channel 9
Side project published on the Microsoft Channel 9 website.
Courses
-
Advanced XHTML and CSS
UCPD
-
E-Marketing and Writing Persuasive Content
UCPD
-
Implementing Microsoft Windows 2000 Professional and Server
2152
-
OCN Level 2 Programming Visual Basic
-
-
OCN Level 3 Programming Visual Basic
-
Languages
-
German
Elementary proficiency
-
Spanish
Elementary proficiency
Organizations
-
Institute of Science & Technology
Member
-
Recommendations received
3 people have recommended Dominic
Join now to viewMore activity by Dominic
-
If you move freight via rail, don’t miss this.
If you move freight via rail, don’t miss this.
Liked by Dominic Finn
-
🚩 WARNING: This might make you wish that you work in Pharma! If you are a #productmanager or #datascientist working in Pharma, your days are likely…
🚩 WARNING: This might make you wish that you work in Pharma! If you are a #productmanager or #datascientist working in Pharma, your days are likely…
Liked by Dominic Finn
-
Additional sneak peak at our latest product, the LocoCard. I already posted about this but sorry, not sorry 😭. This has been our main focus for the…
Additional sneak peak at our latest product, the LocoCard. I already posted about this but sorry, not sorry 😭. This has been our main focus for the…
Shared by Dominic Finn
-
With LogiPharma 2025 just around the corner, we're thrilled to share some incredible feedback from our long-term sponsors, who are joining us in Lyon…
With LogiPharma 2025 just around the corner, we're thrilled to share some incredible feedback from our long-term sponsors, who are joining us in Lyon…
Liked by Dominic Finn
-
Daniel Essafi and I collected this last night for System Loco. It represents amazing work from the whole team. We are in their hardware division…
Daniel Essafi and I collected this last night for System Loco. It represents amazing work from the whole team. We are in their hardware division…
Shared by Dominic Finn
-
Looking forward to seeing everyone at LogiPharma in Lyon! Ensure to come over to Booth 8 and meet us or send me a message if you'd like to meet up…
Looking forward to seeing everyone at LogiPharma in Lyon! Ensure to come over to Booth 8 and meet us or send me a message if you'd like to meet up…
Liked by Dominic Finn
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Dominic Finn in United Kingdom
-
Dominic Finn
-
Dominic Finn
Director of Teaching, MBA, University of Strathclyde
-
Dominic Finn
Costs Advocate and Director
-
Dominic Finn
Head of Year, Henlow CofE Academy, Bedfordshire
12 others named Dominic Finn in United Kingdom are on LinkedIn
See others named Dominic Finn