Many applications are modernized by leveraging APIs and decomposed into smaller units typically living inside containers. These changes involve many new tools and technologies that are not always well understood, leading to a poor application security posture. Many application architects and developers who take advantage of these architectures lack the knowledge to apply the required security controls. The ideas, principles and concepts such as API gateways, end-to-end trust, authentication and authorization discussed in this presentation have existed for some time; however, this presentation brings them all together to provide a blueprint for modern API and microservices-based application security.
The material on this topic is available as a presentation, as well as a two part series published on IBM’s Developer that provides detailed information on the subject. See below for links and other information.
Date & Locations presented:
Thursday Nov. 22, 2018 @ UBC Computer Science Alumni/Industry lecture series (Vancouver, BC)
Thursday May 23, 2019 @ OWASP Vancouver
Friday Oct. 25, 2019 @ LASCON 2019 (Austin, TX)
Tuesday Oct. 30, 2019 @ (ISC)2 Congress 2019 (Orlando, FL)
Link to article published on IBM’s Developer: