devtools.fm: Developer Tools, Open Source, Software Development David Mytton - Console.dev, ArcJet - Enhancing Application Security
Sep 16, 2024
David Mytton, co-founder of console.dev and ArcJet, dives into enhancing the developer experience and application security. They discuss the importance of a security-first mindset and the challenges that arise post-deployment. Mytton shares insights on integrating security features into application code using Arcjet SDK, emphasizing seamless integration and the intricacies of maintaining security without impacting productivity. The conversation also touches on sustainable computing and the relationship between technology advancements and environmental sustainability.
AI Snips
Chapters
Transcript
Episode notes
Security Built Inside The App
- ArcJet is an SDK-first security layer that runs inside applications to provide rate limits, bot protection, email validation, and attack detection.
- Developers embed rules in code so decisions return to the app, enabling contextual responses like re-authentication or alerts rather than blind blocking.
Make Security A Developer Dependency
- Ship security as a developer dependency not an external agent to let devs test locally, run in CI, and avoid surprising production breakage.
- Avoid agents or separate infra so the same security code runs in dev, staging, CI, and production.
Wasm For Local Security Decisions
- ArcJet uses a Rust WebAssembly module inside the SDK to run heavy analysis locally and only calls the cloud API for stateful or slow operations.
- The API is globally deployed to minimize latency and decisions are cached to reduce remote calls.