Hello, I am Alexandre, Senior Staff Engineer since 2022, I am currently working for Decathlon group. With other 20 years of experience in engineering, I had the privilege of achieving significant initiatives that have shaped the technological landscape of my company. One of my proudest achievements was establishing the API strategy that now underpins our company's digital infrastructure. After setting up API Gateway as a core component in our information System, I put in place the API training and get the chance to train many teammates all around the world, which will remain one of my most memorable human experiences. Since 2019 I led the design of an authentication system and API Platform focused on customer data, ensuring compliance and bolstering trust with our users. On the coding side, I spend most of my time in code review, definitively the best moment to grow and learn. Fortunately I still code (more interested in the backend side) obviously on APIs and authentication/security topics, but not only. Sharing knowledge is what I prefer in my daily job.
Backend developer, I am mostly used to develop in Java, using reactive stack. I also like to develop in golang which is a powerful and easy to learn language, despite not being a functional language.
Obviously I am familiar with GIT. My favourite IDE is IntelliJ/Goland and play sometimes with VS Code. I am also familiar with Docker, which, as for GIT, is a must know for any developer today.
In this talk, I speak about some basics actions to secure your API. Keeping in mind that an API remains a web application, without html/javascript, I will do a demo of SQL injection and then quickly review the OWASP top 10 application security risks. From there I zoom on authentication doing a focus on oauth2/OpenID Connect. Stepping to API Management, I deep dive on some features that can help us to secure our APIs.
Check it out SessionsGravitee.io is an open source API platform, providing a flexible, lightweight and blazing-fast open source API Management solution as well as an Authorization Server (called Access Management) that helps organization to finely control who, when and how users access to APIs. Here my main contributions are on the AM side, as it is related to oauth2/oidc.
Check it outEclipse Vert.x is a tool-kit for building reactive applications on the JVM. Reactive applications are both scalable as workloads grow, and resilient when failures arise. A reactive application is responsive as it keeps latency under control by making efficient usage of system resources, and by protecting itself from errors.
Check it out