DeveloperWeek New York is the East Coast’s largest developer & software engineering event with 3,000+ developers, engineers, architects, dev managers, IT professionals and tech execs. All will converge in New York City for a series of events covering the cutting-edge innovation in the developer technology industry: 6+ Conferences, Summits & Workshop Tracks, the 2-Day Expo, the DeveloperWeek New York Hackathon, Hiring Expo, and Partner Events.
Join 42Crunch’s Chief Product Officer for his session:
API Security in a Kubernetes World
Securing APIs deployed in Kubernetes implies securing the infrastructure but also the APIs themselves. Having a perfectly setup cluster, with all possible protections in place unfortunately is only one aspect of the recent OWASP Top10 for API Security. Other issues such as data leakage, mass assignment or broken authentication must be handled at the application level.
Learning from other’s mistakes:
The publication of the OWASP API Security Top 10 marks a corner stone in the API Security history. Finally, there is a global recognition that applications based on APIs require different protection. In the past year or so, more than 200 breaches have been published on apisecurity.io. Some very well known names are on that list: T-Mobile, Facebook, and Uber to name a few. What did they do wrong? How can we learn from their mistakes and take an approach that prevents most common API security issues.
The Kubernetes specifics:
API security is not specific to Kubernetes. But Kubernetes deployments, usually created to run microservices-based, decoupled applications, make some API security worse. To start with, the sheer number of APIs to manage and protect. In Kubernetes deployments, everything is an API. Enterprises end up having to protect 1000’s of endpoints, and to make it worse, those endpoints get re-deployed very frequently. DevSecOps anyone?
Pragmatism is key:
Our goal in this talk is to share pragmatic, direct actionable best practices. We present a methodology to “pick your battles” and focus on the most critical issues first. You will leave this with either the great satisfaction that you’ve already done a good job to protect your APIs or an actionable TO-DO list to address immediate issues.
Get API Security news directly in your Inbox.
By clicking Subscribe you agree to our Data Policy