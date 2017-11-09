In DevSecOps “shift left” applies to application security too: developers should commit to provide API security at the earliest stages of development.



In this session, Isabelle will propose an innovative strategy to address API security, in which developers collaborate with security teams and bring their business knowledge of the APIs to:



1/ Assess the API risk in terms of data and operation sensitivity

2/ Specify the input/output data formats

3/ Describe the application flow logic From the data gathered previously, tools can then generate automatically the appropriate security policies, respecting the rules set by the security teams.



Isabelle will also explain how the CI/CD pipeline can leverage a containerized PEP (Policy Enforcement Point) in the different testing / QA / Pre-Production / Production environments.