Session 1: Securing the application in SDLC
In today’s digital world, security breaches and data thefts are becoming more and more common. As a result, secure coding practices have become a top priority for software developers. However, with the increased reliance on software, comes the increased risk of security breaches and data thefts. It’s crucial for developers to follow secure coding practices to mitigate these risks.
The Session will cover the following topics:
- Identifying common security vulnerabilities
- Debugging and testing secure code
- Incorporating security into the SDLC
Session 2: Securing Web and API endpoint for C-native deployments
Today’s web application security practice still heavily relies on securing web-apps as monolithic entities at the point of ingress, far from the app being protected. This approach fails to effectively secure cloud-native apps, especially ones that have embraced microservices. A new breed of web-app security practice is on the horizon called Cloud-native WAAP (Web Application and API Protection). Cloud-native WAAPs deeply integrate into C-native environments, are low-maintenance and self-sufficient, and are DevOps adept. Open-appsec is an open-source cloud-native WAAP that protects your web apps and APIs. It uses a machine learning (ML) engine to continuously analyze the HTTP/S requests made by users as they interact with your web application or API. The open-appsec engine learns how users normally interact with your web application and provides preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy (soon), and API Gateways.