September 28, 2022

DevOps Institute SkilUp Presentation: Embedding API Security by Design into DevOps Pipelines

Jeremy Snyder from FireTail discussing API security at DevOps Institute SkilUp Presentation: Embedding API Security by Design into DevOps Pipelines

DevOps Institute SkilUp Presentation: Embedding API Security by Design into DevOps Pipelines

Embedding API Security by Design into DevOps Pipelines

Recently, I did a presentation titled "Embedding API Security by Design into DevOps Pipelines" at DevOps institute. The video is available for review on the post-event page here (registration required).

Also, the good people at Mind's Eye Creative produced a really nice graphic that helps explain the message that I was trying to convey.

How to embed API security into your DevOps pipeline
Embedding API security into DevOps pipelines

Here's a tl;dr version of what I hoped to communicate in this presentation:

  • Organizations are moving towards more platform-as-a-service (PaaS) offerings
  • Part of the motivation for doing this is more API-oriented architecture
  • But cyber attacks against APIs are actually increasing pretty rapidly, with very real impact and lots of sensitive data leaked
  • The main attack vectors (authentication, probing, authorization, injection / bad requests) are things that can be easily detected and controlled at the application layer
  • As such, defining the security controls around those can and should be done in your API
  • Helper files and dedicated libraries can then check the validity of API requests in real-time

Implementing real-time API security is possible, and should be easy. That's where FireTail hopes to help.

Please contact us if you'd like to discuss how.