SecAppDev 2023 - API security

In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.

Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications

This session highlights challenges in securing distributed applications and suggests field-tested solutions to tackle this emerging issue.

Key takeaway: Understand and address the challenges of securing a distributed application composed of hundreds of micro-services.

In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.

Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures

Understand how API contracts can be written in with the OpenAPI standard and leveraged across the API lifecycle, including for security.

Key takeaway: Learning about the power and extensibility of OpenAPI and its application across the API lifecycle.

Discover Policy-as-Code (PaC) for decoupled security across the stack, covering OPA for API gateways, Kyverno for Kubernetes, Tetragon & Tracee for eBPF, and Casbin & Oso for authorization. Learn how to enhance security and compliance with PaC tools.

Key takeaway: Using Open Policy Agent (OPA) for policy management, eBPF for security detection on containerized workloads, and authorization-as-code frameworks for RBAC