DSC India

Securing Web and API endpoint for C-native deployments

with Sai Karthik, Animesh Pathak
play_circle

Description:

Session 1: Securing the application in SDLC

In today’s digital world, security breaches and data thefts are becoming more and more common. As a result, secure coding practices have become a top priority for software developers. However, with the increased reliance on software, comes the increased risk of security breaches and data thefts. It’s crucial for developers to follow secure coding practices to mitigate these risks.

The Session will cover the following topics:

  1. Identifying common security vulnerabilities
  2. Debugging and testing secure code
  3. Incorporating security into the SDLC

 

Session 2: Securing Web and API endpoint for C-native deployments

Today’s web application security practice still heavily relies on securing web-apps as monolithic entities at the point of ingress, far from the app being protected. This approach fails to effectively secure cloud-native apps, especially ones that have embraced microservices. A new breed of web-app security practice is on the horizon called Cloud-native WAAP (Web Application and API Protection). Cloud-native WAAPs deeply integrate into C-native environments, are low-maintenance and self-sufficient, and are DevOps adept. Open-appsec is an open-source cloud-native WAAP that protects your web apps and APIs. It uses a machine learning (ML) engine to continuously analyze the HTTP/S requests made by users as they interact with your web application or API. The open-appsec engine learns how users normally interact with your web application and provides preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy (soon), and API Gateways.

Tags:

Sai Karthik

Lead technologist - Cloud Security & DevSecOps at Check Point Software Technologies

About Sai Karthik

Sai Karthik is an accomplished Cloud Security Architect at Check Point with a strong background in public cloud security and network security. He has been working as a Cloud Security SME for over 4 years and has an overall security engineering experience of 7 years. He has specialized expertise in cloud native security and DevSecOps and is responsible for managing and technically driving engagements across APAC. Sai’s technical skill set is predominantly revolves around public cloud security, with a focus on AWS, Kubernetes, containers and various CICD tools. From a security tooling point-of-view Sai specializes in CSPM, CWPP, Application Security testing tools, and CNAPP. Sai’s career began as a Linux systems engineer, and he has worked as a freelance Linux systems admin in the past. In addition to his professional accomplishments, Sai has a passion for OSINT and is an amateur mixologist and whiskey nerd in his free time.

Animesh Pathak

Developer Advocate at SAWOLabs

About Animesh Pathak

I have a passion for learning and sharing my knowledge with others a public as possible. I love open source. I am not a heavy maintainer of any large libraries, but I really like the boyscout rule. I contribute to things as I come across issues that I think other people might struggle with. I created a community at my locality to enhance other students’ skills. I’ve conducted workshops and talks.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close