Webhooks are a pillar of modern application development. They notify us of that new commit, an incoming text message, our email was delivered, and a payment was processed. Our systems can’t function without webhooks sending data seamlessly and securely across the internet.

But what happens if they’re not secure? What happens if your webhooks are intercepted, manipulated, or even replayed against your systems? What are the best ways - as both a provider and consumer - to protect our systems?

In this session, we’ll delve into the 100+ implementations we explored to build webhooks.fyi to identify the best and worst patterns to protect our systems now and in the future.


Comments are closed.

Great interactive talk by Keith. Was fun to get the techy-savvy audience involved with live demos. Talk moved along at a good pace, made good points, and who doesn't love a free nerd shirt (yes, I wore my new shirt the next day traveling home!). Good work Keith!

Joe Theuerkauf at 16:26 on 8 Nov 2022

Great demonstration of weak API security from consumer and provider perspectives. Good for grasping the concepts of security and bringing attention to it. Would have liked to see more how-to: where vulnerabilities are, how to repair them.