SlideShare a Scribd company logo

2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered Defense Approach

Download as PPTX, PDF
APIsecure_ Official
APIsecure_ Official

APIsecure - April 6 & 7, 2022 APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Realizing the Full Cloud-Native Potential With a Multi-Layered Defense Approach Ory Segal, Sr. Director & Product Management at Palo Alto Networks

Technology
1 of 12
1 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information. Realizing the Full Potential of Cloud-Native Application Security April 2022 1 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
● Sr. Director, Product Management, Palo Alto Networks ● Previously, CTO & Founder, PureSec (acquired by PANW) ● Sr. Director, Threat Research at Akamai ● App security veteran, with 20+ years of experience ● 26 patents - static, dynamic analysis, cloud security ● OWASP, WASC, CSA, NIST, SANS, MITRE contributor About me @orysegal linkedin.com/in/orysegal bit.ly/owasp-cn-top-10
API GATEWAY USERS ORDERS PRODUCTS CART API CALL API CALL API CALL API CALL API CALL API CALL API CALL APIs are at the heart of every modern application Typical modern application 3 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
CDN LOAD BALANCER VM VM FRONT-END SSO CLOUD STORAGE EMAIL SERVICE MQ But applications are much more than APIs API GATEWAY USERS ORDERS PRODUCTS CART API CALL API CALL API CALL API CALL API CALL API CALL API CALL REDIS R PUBLIC CLOUD 4 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
APPLICATION SECURITY
APPLICATION SECURITY Our goal is to secure the entire application
Let’s look at a simple scenario STORAGE BUCKET WORKLOAD API GATEWAY API CALL FILE UPLOAD FILE UPLOAD INSPECTION RUNTIME PROTECTION VULNERABILITY SCANNING API PROTECTION 1. FILE UPLOAD VIA WEB FORM A file processing microservice, deployed as a container 2. API CALL WITH FILE LOCATION 3. PROCESSING, EXPLOITS VULN, RCE 4. STEALS SECRET, TAKEOVER CLOUD ACCOUNT CLOUD SECURITY POSTURE SMART DEFENSE IN DEPTH API CALL
Reaping the benefits of a unified multi-layered security approach
9 API data App data flow tracing Workload behavioral protection User session behavior data Vulnerability scanning Correlate API data w/ app flow tracing; accurate cross-cloud data leak prevention Trace workload anomalies to source API; root cause analysis; auto virtual patches Merge API traffic w/ session data; efficient account fraud prevention, across devices Overlay API stats on 4C’s vulns. & misconfigs; smart risk priortization; reduce dev costs Data leak prevention Workload protection with root cause analysis Account fraud prevention Smart risk prioritization Web traffic Cloud events File uploads ...
False sense of security Fail to secure all application layers 10 Siloed & fragmented security protections APIs are a key element in every modern application. However, APIs are just one element among many others. If you only focus on securing APIs: To realize the full potential of cloud native app sec, API security must be a part of a holistic approach.
Host Security Cloud Workload Protection Secure hosts, containers, and serverless across the application cycle Container Security Serverless Security Web Application & API Security Cloud Infrastructure Entitlement Management Enforce permissions and secure identities across workloads and clouds IAM Security Securing modern cloud-native applications with Prisma Cloud Cloud Network Security Monitor and secure cloud networks, enforce micro-segmentation Identity-Based Microsegmentation Cloud-native Network Security Visibility, Compliance & Governance Cloud Security Posture Management Monitor posture, detect and respond to threats, maintain compliance Threat Detection Data Security DevSecOps Integrate and perform infrastructure and application security in the CI/CD pipeline Code Security Supply Chain Security Where does API security fit in?
12 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information. Thank you paloaltonetworks.com

Recommended

Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Amazon Web Services
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCloud Security Alliance, UK chapter
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays
 

Recommended

Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Amazon Web Services
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCloud Security Alliance, UK chapter
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
 
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS MeetupsJohn Varghese
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the CloudtCell
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityCA Technologies
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right WayAPIsecure_ Official
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...Tunde Ogunkoya
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...CA Technologies
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Amazon Web Services
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 

More Related Content

Similar to 2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered Defense Approach

DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
 
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS MeetupsJohn Varghese
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the CloudtCell
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityCA Technologies
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right WayAPIsecure_ Official
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...Tunde Ogunkoya
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...CA Technologies
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Amazon Web Services
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 

Similar to 2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered Defense Approach (20)

DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security Success
 
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App Security
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 

More from APIsecure_ Official

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the oddsAPIsecure_ Official
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and IdentityAPIsecure_ Official
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API EcosystemsAPIsecure_ Official
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API VulnerabilitiesAPIsecure_ Official
 
2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIsAPIsecure_ Official
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?APIsecure_ Official
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterpriseAPIsecure_ Official
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?APIsecure_ Official
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API BreachesAPIsecure_ Official
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIsAPIsecure_ Official
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSecAPIsecure_ Official
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid CredentialsAPIsecure_ Official
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...APIsecure_ Official
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral AnalyticsAPIsecure_ Official
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of InnovationAPIsecure_ Official
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API SecurityAPIsecure_ Official
 
2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore TotoAPIsecure_ Official
 
2022 APIsecure_Anomaly detection is no longer a strategy
2022 APIsecure_Anomaly detection is no longer a strategy2022 APIsecure_Anomaly detection is no longer a strategy
2022 APIsecure_Anomaly detection is no longer a strategyAPIsecure_ Official
 

More from APIsecure_ Official (20)

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities
 
2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security
 
2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto
 
2022 APIsecure_Anomaly detection is no longer a strategy
2022 APIsecure_Anomaly detection is no longer a strategy2022 APIsecure_Anomaly detection is no longer a strategy
2022 APIsecure_Anomaly detection is no longer a strategy
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered Defense Approach

  • 1. 1 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information. Realizing the Full Potential of Cloud-Native Application Security April 2022 1 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
  • 2. ● Sr. Director, Product Management, Palo Alto Networks ● Previously, CTO & Founder, PureSec (acquired by PANW) ● Sr. Director, Threat Research at Akamai ● App security veteran, with 20+ years of experience ● 26 patents - static, dynamic analysis, cloud security ● OWASP, WASC, CSA, NIST, SANS, MITRE contributor About me @orysegal linkedin.com/in/orysegal bit.ly/owasp-cn-top-10
  • 3. API GATEWAY USERS ORDERS PRODUCTS CART API CALL API CALL API CALL API CALL API CALL API CALL API CALL APIs are at the heart of every modern application Typical modern application 3 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
  • 4. CDN LOAD BALANCER VM VM FRONT-END SSO CLOUD STORAGE EMAIL SERVICE MQ But applications are much more than APIs API GATEWAY USERS ORDERS PRODUCTS CART API CALL API CALL API CALL API CALL API CALL API CALL API CALL REDIS R PUBLIC CLOUD 4 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
  • 6. APPLICATION SECURITY Our goal is to secure the entire application
  • 7. Let’s look at a simple scenario STORAGE BUCKET WORKLOAD API GATEWAY API CALL FILE UPLOAD FILE UPLOAD INSPECTION RUNTIME PROTECTION VULNERABILITY SCANNING API PROTECTION 1. FILE UPLOAD VIA WEB FORM A file processing microservice, deployed as a container 2. API CALL WITH FILE LOCATION 3. PROCESSING, EXPLOITS VULN, RCE 4. STEALS SECRET, TAKEOVER CLOUD ACCOUNT CLOUD SECURITY POSTURE SMART DEFENSE IN DEPTH API CALL
  • 8. Reaping the benefits of a unified multi-layered security approach
  • 9. 9 API data App data flow tracing Workload behavioral protection User session behavior data Vulnerability scanning Correlate API data w/ app flow tracing; accurate cross-cloud data leak prevention Trace workload anomalies to source API; root cause analysis; auto virtual patches Merge API traffic w/ session data; efficient account fraud prevention, across devices Overlay API stats on 4C’s vulns. & misconfigs; smart risk priortization; reduce dev costs Data leak prevention Workload protection with root cause analysis Account fraud prevention Smart risk prioritization Web traffic Cloud events File uploads ...
  • 10. False sense of security Fail to secure all application layers 10 Siloed & fragmented security protections APIs are a key element in every modern application. However, APIs are just one element among many others. If you only focus on securing APIs: To realize the full potential of cloud native app sec, API security must be a part of a holistic approach.
  • 11. Host Security Cloud Workload Protection Secure hosts, containers, and serverless across the application cycle Container Security Serverless Security Web Application & API Security Cloud Infrastructure Entitlement Management Enforce permissions and secure identities across workloads and clouds IAM Security Securing modern cloud-native applications with Prisma Cloud Cloud Network Security Monitor and secure cloud networks, enforce micro-segmentation Identity-Based Microsegmentation Cloud-native Network Security Visibility, Compliance & Governance Cloud Security Posture Management Monitor posture, detect and respond to threats, maintain compliance Threat Detection Data Security DevSecOps Integrate and perform infrastructure and application security in the CI/CD pipeline Code Security Supply Chain Security Where does API security fit in?
  • 12. 12 | © 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information. Thank you paloaltonetworks.com