gRPC security with less effort

Back to the list of Speakers and Sessions
Watch the stream

gRPC/gRPC-web even as a newer protocol can offer a greater attack surface than regular HTTP1.1 REST through applicative services misconfigurations. During this talk, we will enumerate the new attack vectors through misconfigurations such as HTTP2 downgrade allowing request smuggling, disabling reflection. We want to present an entire code configuration for a secure generic gRPC service leveraging an automatically generated Kubernetes authentication service with an interceptor to an authorization engine to simplify complex delegation of access with open source Ory engines. Finally in-depth applicative problems with currency, math and conversions to watch out for.