Software Engineer since 2005, I am currently working for Decathlon group. As a developer, I am more interested in the back side, especially on APIs and authentication/security topics. Sharing knowledge is what I prefer in my daily job. Open source world is also a fascinating topic for me.
Backend developer, I am mostly used to develop in Java, using reactive stack. I also like to develop in golang which is a powerful and easy to learn language, despite not being a functional language.
Obviously I am familiar with GIT. My favourite IDE is IntelliJ/Goland and play sometimes with VS Code. I am also familiar with Docker, which, as for GIT, is a must know for any developer today.
In this talk, I speak about some basics actions to secure your API. Keeping in mind that an API remains a web application, without html/javascript, I will do a demo of SQL injection and then quickly review the OWASP top 10 application security risks. From there I zoom on authentication doing a focus on oauth2/OpenID Connect. Stepping to API Management, I deep dive on some features that can help us to secure our APIs.
Check it out SessionsGravitee.io is an open source API platform, providing a flexible, lightweight and blazing-fast open source API Management solution as well as an Authorization Server (called Access Management) that helps organization to finely control who, when and how users access to APIs. Here my main contributions are on the AM side, as it is related to oauth2/oidc.
Check it out