Securing Microservices From The Inside Out
Microservices and API-first architecture have had significant impact on the application development landscape. They have enabled organizations to speed up application development, easily use complex functionality, and enhance collaboration with service providers and customers. In fact, many enterprises derive an increasing amount of their revenue from APIs used by customers. However, microservices are notoriously difficult to protect, especially given that detecting attacks against them are difficult. Thus, enterprises face a looming threat from under protected APIs (underscored by the OWASP Top 10 2017 update).
This talk will focus on enumerating this risk, discuss the challenges, and explore DevSecOps focused solutions. First, we will evaluate applications in the IoT, online retail and financial mobile spaces to highlight the complexity of managing the technical and business risk. Second, we examine the difficulty in securing these applications and examine why web scanners don’t work. Third, we present a DevSecOps aligned testing framework, Peach API Security, to automate testing. Fourth, we discuss SDLC integration for the framework. Finally, we will discuss real world results.
This talk will allow attendees to walk away with
+ Deeper understanding of business and technical risks around Microservices
+ Enumerate real world challenges while highlighting weaknesses in current security tooling
+ Present scalable solutions for security APIs and microservices
Application Development teams in enterprises are actively searching for solutions to deal with API Security and will finally be able to address the problem.