Simple ways to make webhook security better

A presentation at DevSecCon 2022 by Frederico Hakamine

Webhooks are a simple and powerful way for services to notify each other that something interesting has happened. So much so that it became the most popular mechanism for communicating events.

While webhooks give us power and flexibility, they rely heavily on the listener to enforce security.

In this session, we will learn the most common, interesting, and challenging patterns across 100+ webhook implementations, and learn some simple ways to make webhook security better (for providers and consumers).