Notes on Dos and Don'ts of Machine Learning in Computer Security

Following the subject from my last post, Reflections about Supervised Learning on Security, I put down some more thoughts about the implementation of learning-based systems in the Security domain. This is my extension to the problems and recommendations presented on the paper Dos and Don’ts of Machine Learning in Computer Security (Quiring, et al, 2022). I encourage you to also read the paper, as it’s excellent and provide a lot of insights about how to better build machine learning models....

June 22, 2023 · 6 min · Caio Ferreira

Reflections about Supervised Learning on Security

April 23, 2023 · 6 min · Caio Ferreira

Implementing a safe and sound API Key authorization middleware in Go

A common requirement that I face on multiple projects is to safeguard some API endpoints to administrative access, or to provide a secure way for other applications to consume our service in a controlled and traceable manner. The usual solution for it is API Keys, a simple and effective authorization control mechanism that we can implement with a few lines of code. However, when doing, so we also need to be aware of threats and possible attacks that we may suffer, specially due to the usual privileges that these keys provides....

February 5, 2022 · 10 min · Caio Ferreira

The Kubernetes dynamic client

Introduction Kubernetes won the battle for the cloud-native platform and the characteristic that makes me enjoy the most working with it is its extensibility. By providing an open model through the kube-apiserver, without splitting an internal and external interface, we can interact with the cluster and any other system to integrate both from the same application (Controller) and even use custom resources to describe our unique operations, know as the Operator Pattern....

May 28, 2021 · 9 min · Caio Ferreira

Introducing Cache in your System

Photo by Joshua Coleman on Unsplash Caching is one of the most popular tools used to scale systems and anyone looking to maintain high throughput, resilient and cost-effective products should understand how to use it because it is financially impractical to apply only compute resources in order to meet the access demands. Knowing the basics about it and what parameters you should be looking when choosing your solution is rarely addressed and hence is the purpose of this article....

May 4, 2020 · 10 min · Caio Ferreira