DevOps Institute SkilUp Presentation: Embedding API Security by Design into DevOps Pipelines

Embedding API Security by Design into DevOps Pipelines

Recently, I did a presentation titled "Embedding API Security by Design into DevOps Pipelines" at DevOps institute. The video is available for review on the post-event page here (registration required).

‍

Also, the good people at Mind's Eye Creative produced a really nice graphic that helps explain the message that I was trying to convey.

Here's a tl;dr version of what I hoped to communicate in this presentation:

• Organizations are moving towards more platform-as-a-service (PaaS) offerings
• Part of the motivation for doing this is more API-oriented architecture
• But cyber attacks against APIs are actually increasing pretty rapidly, with very real impact and lots of sensitive data leaked
• The main attack vectors (authentication, probing, authorization, injection / bad requests) are things that can be easily detected and controlled at the application layer
• As such, defining the security controls around those can and should be done in your API
• Helper files and dedicated libraries can then check the validity of API requests in real-time

Implementing real-time API security is possible, and should be easy. That's where FireTail hopes to help.

Please contact us if you'd like to discuss how.