Dominic Finn
Nottinghamshire, England, United Kingdom
817 followers
500+ connections
About
I love technology. I've worked in many technology leadership roles, leading from the…
Articles by Dominic
Contributions
-
What are the best practices for securing an API against brute force attacks?
A dedicated SRE team is an important step to monitoring and planning any “serious” API. Failing that, adopting SRE behaviours and techniques is also important. Documentation, monitoring as a culture and easy export / analysis of logs are all ways to make identifying and remediating a brute force attack. Use alarms and alerting but don’t rely on them alone! Have a planned out of hours schedule to make sure it’s clear who does what if an attack should be attempted. Work with a reputable security company on war games and pen testing and make sure they’re regular.
-
What are the best practices for securing an API against brute force attacks?
Using HTTPS is a must. You need to ask some very serious questions if this isn’t done. Whilst HTTPS doesn’t stop brute force attacks, it can act as a very basic deterrent. It stops easy access to / sniffing of valid requests to your API.
-
What are the best practices for securing an API against brute force attacks?
Rate limits are an absolute must. The most important thing about this though is that if an attack is organised, it will be using any number IP addresses. Expect someone probing your API to use back off techniques until they find your sweet spot, they can then distribute to the sweet spot of different clients (distributed brute force attacks). The answer to this is vigilance and looking at patterns in requests, if rate limit alarms are setting off regularly, look for patterns in the request logs, maybe the IP address changes but the request body or headers stay the same for example. Maybe it’s clear that most of the request is the same when you use pattern matching. With this you can start to look at more sophisticated validation.
-
What are the best practices for securing an API against brute force attacks?
Whilst authentication is generally important, I’m not sure it stops or deters a brute force attack. The whole idea of a brute force attack is to find credentials that work. That being said, having rate limited authentication will help counteract a brute force attack. In my experience, being on the receiving end of organised crime distributed brute force and credential stuffing attacks, sophisticated attacks will come from multiple geos and a variable number of IP addresses on how your rate limiting works, that’s why it’s really really important to not just rely on auth or rate limiting. You need a team to watch over request graphs with alerting and graphs!
Activity
-
Bionical Solutions UK celebrating #christmasjumperday in the office - starting off the Christmas Celebrations!
Bionical Solutions UK celebrating #christmasjumperday in the office - starting off the Christmas Celebrations!
Liked by Dominic Finn
-
After 7.5 incredible years, I have made the decision to leave my role at UNiDAYS. I want to extend a heartfelt thank you to UNiDAYS for the…
After 7.5 incredible years, I have made the decision to leave my role at UNiDAYS. I want to extend a heartfelt thank you to UNiDAYS for the…
Liked by Dominic Finn
-
Exciting news! InPlay Inc proudly participated in the ElectronicsForYou trade show in Chennai, India, alongside our esteemed local distributor…
Exciting news! InPlay Inc proudly participated in the ElectronicsForYou trade show in Chennai, India, alongside our esteemed local distributor…
Liked by Dominic Finn
Experience
Education
Licenses & Certifications
-
RSci - Registered Scientist
Science Council
Publications
-
Developing with the Oculus Rift and Unity
My talk at Tech Nottingham (A Nottingham Software Developers Meetup) on my experiences in developing using the Unity IDE and the Oculus Rift SDK.
-
Brownfield Refactoring
My talk at DDD North 2014 (The North version UK's largest Developer Conference at the University of Leeds).
-
Skeleton Music
Microsoft Channel 9
Side project published on the Microsoft Channel 9 website.
Courses
-
Advanced XHTML and CSS
UCPD
-
E-Marketing and Writing Persuasive Content
UCPD
-
Implementing Microsoft Windows 2000 Professional and Server
2152
-
OCN Level 2 Programming Visual Basic
-
-
OCN Level 3 Programming Visual Basic
-
Languages
-
German
Elementary proficiency
-
Spanish
Elementary proficiency
Organizations
-
Institute of Science & Technology
Member
-
Recommendations received
3 people have recommended Dominic
Join now to viewMore activity by Dominic
-
🌟 A huge thank you to everyone who made the TAPA T2 Conference a memorable and impactful event! 🌟 It was incredible to reconnect with old friends…
🌟 A huge thank you to everyone who made the TAPA T2 Conference a memorable and impactful event! 🌟 It was incredible to reconnect with old friends…
Liked by Dominic Finn
-
We’ve built some amazing tools with visibility providers and resellers in mind. Keep yours eyes peeled for what’s next. We’ve got some bonkers…
We’ve built some amazing tools with visibility providers and resellers in mind. Keep yours eyes peeled for what’s next. We’ve got some bonkers…
Shared by Dominic Finn
-
Introducing Alpha Insights … and a fantastic Fractional CTO Opportunity for January 2025! I’m delighted to announce that I’m stepping into an…
Introducing Alpha Insights … and a fantastic Fractional CTO Opportunity for January 2025! I’m delighted to announce that I’m stepping into an…
Liked by Dominic Finn
-
I got to present at an IEEE conference this week... a certain grim satisfaction in watching others realise that there's an entire ecosystem of…
I got to present at an IEEE conference this week... a certain grim satisfaction in watching others realise that there's an entire ecosystem of…
Liked by Dominic Finn
-
Really happy this is released. It's been the focus of a lot of hard hours. It's been really gratifying when people remark how "shit hot" the PDF…
Really happy this is released. It's been the focus of a lot of hard hours. It's been really gratifying when people remark how "shit hot" the PDF…
Liked by Dominic Finn
-
We’ve secured a new funding round of $35 million which will empower us to provide even greater value to our partners by accelerating supply chain…
We’ve secured a new funding round of $35 million which will empower us to provide even greater value to our partners by accelerating supply chain…
Liked by Dominic Finn
-
We've released our Cold Chain Certificate Service! To the casual viewer, this looks like we generate a simple PDF certificate. Underneath the covers…
We've released our Cold Chain Certificate Service! To the casual viewer, this looks like we generate a simple PDF certificate. Underneath the covers…
Shared by Dominic Finn
-
🌟 Exciting Career News 🌟 I am thrilled to share that I have accepted the position of Vice President of Sales and Business Development at System…
🌟 Exciting Career News 🌟 I am thrilled to share that I have accepted the position of Vice President of Sales and Business Development at System…
Liked by Dominic Finn
-
The form factor of our live tracker is so cool. 🤓
The form factor of our live tracker is so cool. 🤓
Liked by Dominic Finn
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Dominic Finn in United Kingdom
-
Dominic Finn
-
Dominic Finn
Director of Teaching, MBA, University of Strathclyde
-
Dominic Finn
Costs Advocate and Director
-
Dominic Finn
Building Envelope Specialist at Hilti (Gt. Britain) Ltd
12 others named Dominic Finn in United Kingdom are on LinkedIn
See others named Dominic Finn