DevSecCon 24


About

DevSecCon24 is bringing together the best, the brightest, and the most curious minds of DevSecOps to share their expertise, real-world learnings, and advice for building out a DevSecOps practice to integrate security, ops, and development.

It’s time for API security as code!

Presenter: Isabelle Mauny, Field CTO, 42Crunch

Infrastructure as code has given us a way to automate and reliably deploy our applications. But defining API security is still very much a manual process: security policies are manually defined in multiple places like WAFs, API Management or even the code. How we reliably secure and deploy our APIs, several times per day ? How can we track how our security posture is evolving and enforce corporate security policies?

In this session, I want to propose an approach to describing security requirements and policies so that APIs can be reliably protected and tested each time they are deployed.

By relying on standard API descriptions like OpenAPI or AsyncAPI, we can today leverage many different tools, many of them OpenSource, to profile the API contract, automatically test for vulnerabilities, and even automatically inject security policies.

This session will introduce the API security as code concept and describe what can be achieved with current tooling as well as introduce current/future OpenAPI extensions that can be used for security.

 


Location


Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy


Upcoming Events

Construct Event Event Date Event End Date Event Location Event Category Event Image
Dzone Webinar: The Latest API Security Vulnerabilities June 15, 2021 12:00 pm June 15, 2021 12:30 pm Conference
Live Webinar: Integrating 42Crunch API Contract Security Testing within Postman June 16, 2021 11:00 am June 16, 2021 12:00 pm Conference
DevSecCon 24 June 24, 2021 10:35 am June 24, 2021 11:15 am Conference