Watch the stream
gRPC/gRPC-web even as a newer protocol can offer a greater attack surface than regular HTTP1.1 REST through applicative services misconfigurations. During this talk, we will enumerate the new attack vectors through misconfigurations such as HTTP2 downgrade allowing request smuggling, disabling reflection. We want to present an entire code configuration for a secure generic gRPC service leveraging an automatically generated Kubernetes authentication service with an interceptor to an authorization engine to simplify complex delegation of access with open source Ory engines. Finally in-depth applicative problems with currency, math and conversions to watch out for.
Ashley Manraj Chief Technology Officer, Pvotal Technologies Inc.
I’ve built my career at the intersection of security and speed. Today, as AI agents write our code, that intersection has become the most critical frontier in technology. The challenge is no longer creation, but control: how do we secure and maintain the autonomous systems built for us?
Through our work in secure digital transformation at Pvotal, we realized the answer wasn't just better tools, but a new foundation. We needed a control plane designed for this new era. This was the genesis of Infrastream.
Think of it as the factory floor for modern development. Developers and AI agents declare their "intent," and Infrastream's executors work to build and maintain that intent as a secure, compliant, and observable reality. Our mission is to make security an invisible, scalable, and simple-by-design layer, so teams can finally move at the speed of innovation without one off compromise.