Rootconf Mini 2024 (on 22nd & 23rd Nov)

Geeking out on systems and security since 2012

This video is for members only

Abhisek Datta

Abhisek Datta

@abhisek

Paving the Path for Secure Software Engineering for Startups

Submitted Oct 15, 2024

Startups must move fast. Does this mean compromising on security? Everyone will choose security but no startup will have the resources to establish a matured security program from inception. How do you move fast while staying secure even when you have code contributions from interns, software engineers of different experience levels and multi tasking founders?

This talk will share the real world experiences gathered while tackling security in an early stage startup. We will focus on application security only and rely on fundamental security controls such as Authentication, Authorization, Input Validation, Data Validation, Multi-Tenancy, Resource Limits, Auditing and Observability. All of these built as part of the application development framework and used declaratively by engineers while developing a feature. Examples will be in Go but the patterns discussed can be applied in any language or framework.

Key take-aways from this talk:

  • Using Protocol Buffers & gRPC for API spec based development
  • Declarative input validation using protocol buffers
  • Declarative authentication & authorization
  • Hooking into API adapters (ConnectRPC) to enforce security controls
  • Hooking into the ORM for multi-tenancy & resource limits
  • Security observability using metrics

This talk is intended for

  • Startup CTO / Head of Engineering
  • Platform / Security / Software Engineers

While the title indicates startup, this talk should be useful for any security & engineering team who believes in proactive security controls built within the internal developer platform.

Presentation:

https://docs.google.com/presentation/d/1U3RiBwJv7PFBHkjYQkdlQ_zZHjQu5rvTl-9j48PVMHk/edit#slide=id.p

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

We care about site reliability, cloud costs, security and data privacy

Supported by

Platinum Sponsor

Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.

Platinum Sponsor

PhonePe was founded in December 2015 and has emerged as India’s largest payments app, enabling digital inclusion for consumers and merchants alike.

Silver Sponsor

The next-gen analytics engine for heavy workloads.

Sponsor

Community sponsor

Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.

Venue host - Rootconf workshops

Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.

Community Partner

FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India. more

Community Partner

A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin more