Embedding API Security by Design into DevOps Pipelines
Recently, I did a presentation titled "Embedding API Security by Design into DevOps Pipelines" at DevOps institute.
The video is available for review on the post-event page here (registration required).
Also, the good people at
Mind's Eye Creative produced a really nice graphic that helps explain the message that I was trying to convey. Embedding API security into DevOps pipelines
Here's a tl;dr version of what I hoped to communicate in this presentation:
Organizations are moving towards more platform-as-a-service (PaaS) offerings Part of the motivation for doing this is more API-oriented architecture But cyber attacks against APIs are actually increasing pretty rapidly, with very real impact and lots of sensitive data leaked The main attack vectors (authentication, probing, authorization, injection / bad requests) are things that can be easily detected and controlled at the application layer As such, defining the security controls around those can and should be done in your API Helper files and dedicated libraries can then check the validity of API requests in real-time Implementing real-time API security is possible, and should be easy. That's where FireTail hopes to help.
contact us if you'd like to discuss how.