Dominic Finn
Nottinghamshire, England, United Kingdom
851 followers
500+ connections
About
I love technology. I've built my career across the spectrum, from dev roles to tech…
Articles by Dominic
Contributions
-
What are the best practices for securing an API against brute force attacks?
A dedicated SRE team is an important step to monitoring and planning any “serious” API. Failing that, adopting SRE behaviours and techniques is also important. Documentation, monitoring as a culture and easy export / analysis of logs are all ways to make identifying and remediating a brute force attack. Use alarms and alerting but don’t rely on them alone! Have a planned out of hours schedule to make sure it’s clear who does what if an attack should be attempted. Work with a reputable security company on war games and pen testing and make sure they’re regular.
-
What are the best practices for securing an API against brute force attacks?
Using HTTPS is a must. You need to ask some very serious questions if this isn’t done. Whilst HTTPS doesn’t stop brute force attacks, it can act as a very basic deterrent. It stops easy access to / sniffing of valid requests to your API.
-
What are the best practices for securing an API against brute force attacks?
Rate limits are an absolute must. The most important thing about this though is that if an attack is organised, it will be using any number IP addresses. Expect someone probing your API to use back off techniques until they find your sweet spot, they can then distribute to the sweet spot of different clients (distributed brute force attacks). The answer to this is vigilance and looking at patterns in requests, if rate limit alarms are setting off regularly, look for patterns in the request logs, maybe the IP address changes but the request body or headers stay the same for example. Maybe it’s clear that most of the request is the same when you use pattern matching. With this you can start to look at more sophisticated validation.
-
What are the best practices for securing an API against brute force attacks?
Whilst authentication is generally important, I’m not sure it stops or deters a brute force attack. The whole idea of a brute force attack is to find credentials that work. That being said, having rate limited authentication will help counteract a brute force attack. In my experience, being on the receiving end of organised crime distributed brute force and credential stuffing attacks, sophisticated attacks will come from multiple geos and a variable number of IP addresses on how your rate limiting works, that’s why it’s really really important to not just rely on auth or rate limiting. You need a team to watch over request graphs with alerting and graphs!
Activity
-
Looking forward to seeing everyone at LogiPharma in Lyon! Ensure to come over to Booth 8 and meet us or send me a message if you'd like to meet up…
Looking forward to seeing everyone at LogiPharma in Lyon! Ensure to come over to Booth 8 and meet us or send me a message if you'd like to meet up…
Liked by Dominic Finn
-
As IWD events draw to a close, it was wonderful to see my longstanding friend and colleague Viviane Paxinos, CEO of AllBright, the world’s largest…
As IWD events draw to a close, it was wonderful to see my longstanding friend and colleague Viviane Paxinos, CEO of AllBright, the world’s largest…
Liked by Dominic Finn
-
Today I attended to Electech Innovation Cluster annual conference in Lancaster. Some absolutely fascinating subjects discussed and so exciting to see…
Today I attended to Electech Innovation Cluster annual conference in Lancaster. Some absolutely fascinating subjects discussed and so exciting to see…
Liked by Dominic Finn
Experience
Education
Licenses & Certifications
-
RSci - Registered Scientist
Science Council
Publications
-
Developing with the Oculus Rift and Unity
My talk at Tech Nottingham (A Nottingham Software Developers Meetup) on my experiences in developing using the Unity IDE and the Oculus Rift SDK.
-
Brownfield Refactoring
My talk at DDD North 2014 (The North version UK's largest Developer Conference at the University of Leeds).
-
Skeleton Music
Microsoft Channel 9
Side project published on the Microsoft Channel 9 website.
Courses
-
Advanced XHTML and CSS
UCPD
-
E-Marketing and Writing Persuasive Content
UCPD
-
Implementing Microsoft Windows 2000 Professional and Server
2152
-
OCN Level 2 Programming Visual Basic
-
-
OCN Level 3 Programming Visual Basic
-
Languages
-
German
Elementary proficiency
-
Spanish
Elementary proficiency
Organizations
-
Institute of Science & Technology
Member
-
Recommendations received
3 people have recommended Dominic
Join now to viewMore activity by Dominic
-
After almost 12 years at UNiDAYS I have made the hard decision to leave. My time at UNiDAYS has been amazing. Being part of the company from start up…
After almost 12 years at UNiDAYS I have made the hard decision to leave. My time at UNiDAYS has been amazing. Being part of the company from start up…
Liked by Dominic Finn
-
Immensely proud of the team working together to pull this together, led by William Avery. I'm psyched to see thousands of students get to experience…
Immensely proud of the team working together to pull this together, led by William Avery. I'm psyched to see thousands of students get to experience…
Liked by Dominic Finn
-
The The Alan Turing Institute team have just written and I've just been told that my #AIUK workshop is fully booked! Looking forward to exploring AI…
The The Alan Turing Institute team have just written and I've just been told that my #AIUK workshop is fully booked! Looking forward to exploring AI…
Liked by Dominic Finn
-
System Loco is sponsoring LogiPharma 2025, The World’s Leading Life Sciences Supply Chain Event! See you there! To join us click here:…
System Loco is sponsoring LogiPharma 2025, The World’s Leading Life Sciences Supply Chain Event! See you there! To join us click here:…
Liked by Dominic Finn
-
Security Breaches Cost Millions, Blind Spots Are Not an Option. At #ISCWest2025, we're redefining real-time asset protection with our trusted…
Security Breaches Cost Millions, Blind Spots Are Not an Option. At #ISCWest2025, we're redefining real-time asset protection with our trusted…
Liked by Dominic Finn
-
#MinewDaily 𝐌𝐓𝐁𝟎𝟔 𝐁𝐋𝐄 𝐏𝐫𝐢𝐧𝐭𝐚𝐛𝐥𝐞 𝐒𝐦𝐚𝐫𝐭 𝐋𝐚𝐛𝐞𝐥 conquered extreme metal-dense environments in real-world testing. Precision…
#MinewDaily 𝐌𝐓𝐁𝟎𝟔 𝐁𝐋𝐄 𝐏𝐫𝐢𝐧𝐭𝐚𝐛𝐥𝐞 𝐒𝐦𝐚𝐫𝐭 𝐋𝐚𝐛𝐞𝐥 conquered extreme metal-dense environments in real-world testing. Precision…
Liked by Dominic Finn
-
This year is already shaping up to be an exciting one for industry events! I'm really looking forward to attending Awin ThinkTank in Portugal from…
This year is already shaping up to be an exciting one for industry events! I'm really looking forward to attending Awin ThinkTank in Portugal from…
Liked by Dominic Finn
-
After almost seven years, my time at UNiDAYS will end on April 30th. I am professionally proud of what the team I built has achieved and personally…
After almost seven years, my time at UNiDAYS will end on April 30th. I am professionally proud of what the team I built has achieved and personally…
Liked by Dominic Finn
-
A sneak preview of our new device, the LocoCard, it’s a temperature logging device that continues to log temperature once a tab is snapped off and…
A sneak preview of our new device, the LocoCard, it’s a temperature logging device that continues to log temperature once a tab is snapped off and…
Shared by Dominic Finn
-
Pharma Supply Chains Can’t Afford to React—It’s Time to Take Control! 🚀 System Loco is heading to #LogiPharma2025! Pharmaceutical supply chains…
Pharma Supply Chains Can’t Afford to React—It’s Time to Take Control! 🚀 System Loco is heading to #LogiPharma2025! Pharmaceutical supply chains…
Liked by Dominic Finn
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Dominic Finn in United Kingdom
-
Dominic Finn
-
Dominic Finn
Director of Teaching, MBA, University of Strathclyde
-
Dominic Finn
Costs Advocate and Director
-
Dominic Finn
Head of Year, Henlow CofE Academy, Bedfordshire
12 others named Dominic Finn in United Kingdom are on LinkedIn
See others named Dominic Finn