SlideShare a Scribd company logo

APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher Marie (Strata Identity)

apidays
apidays

APIsecure 2023 - The world's first and only API security conference March 14 & 15, 2023 For flex(ibility) sake, modernize your legacy APIs! Topher Marie, CTO and Cofounder at Strata Identity ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Internet
1 of 27
Download to read offline
For flex(ibility)'s sake, modernize your legacy APIs! APISecure March 15, 2023
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Topher Marie 2 • CTO and Cofounder of Strata Identity • Lead Identity Architect at Oracle • Product Owner at Auth0 • CTO and Cofounder of JumpCloud • Engineer at Ping Identity and Symplified
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. What do we mean by "Legacy?" • Contrast new development and "Legacy" software • Legacy software is currently and actively used by its intended audience • Can be from many different sources • COTS • Enterprise platforms • Bespoke 3
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. "Legacy" software is important too! • We discuss new development a lot! • A lot of effort is actually on existing software • Maintenance and enhancements • The business use case continues to be important, but the underlying software may be beginning to age out. • Vulnerabilities accrue • Paradigms have changed 4
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. What do we mean by "Modernization" • No need/desire to update business functionality • At least, this isn't the focus • Security and Access Control fixes • Enhanced useability is often a side effect • Latest API frameworks/behaviors 5
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Typical trigger scenarios • Legacy system reaches EOL • Price increases for a legacy platform. • Centralizing responsibility for security/access management into a single team • Adding security to an existing app via second-factor auth. • Improving overall security posture, moving to zero-trust • Difficult to maintain because of talent availability 6
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Some goals of modernization ● Fix vulnerabilities, enhance security ● Take advantage of popular/modern frameworks ○ Don't undervalue the power of community ● Follow current best practices 7
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Tactics for Modernization Not every modernization journey is the same 8
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Default Tactic: Do a rewrite • This is what most engineers think about first • Lots of professional services companies and consultants like to do this too 9
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Some downsides to rewrites • Budget • Time • Complexity • Lack of expertise • Risk of breakage • Security • Business use cases • Can you stop developing in the existing codebase? Or is it a moving target. • Rewrite of Netscape killed the company 10
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. The rewrite treadmill • Constant evolution of security • OAuth best practices, but now SSE / CAEP • Basic API paradigms: REST -> RPC -> GraphQL 11
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Tactic: facade • Wrap the existing software with enhanced functionality • Facade acts as a proxy to the existing API • Similar to the Mediator pattern in some ways • API or application itself is not changed • Current best practices are applied at the facade • Security • Access Control • API Paradigm 12
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Tactic: facade 13
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Benefits of the facade • API doesn't know anything has changed • Old functionality is always still available • Less risk to business logic • Can be incrementally deployed / developed • Security, access control, even API paradigm can be decoupled from the business logic 14
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Why decouple? • If we don't decouple here, we're basically rewriting the app • Software and security are constantly evolving. • Without decoupling, we have a new legacy product on our hands immediately. • Maintains flexibility for similar changes in the future 15
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Creating your facade Get a bite at the traffic by routing through a proxy point 16
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Iron out the networking By not doing much other than proxying traffic, you can make sure you can route traffic appropriately 17
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Prepare traffic filtering 18
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Allows an incremental approach • We don't want a big bang cutover • We're able to make incremental changes via the facade / abstraction layer and show immediate value. 19
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Aside: the Big-Bang Antipattern • Significant project risk and investment. 20
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Modernize the protocol • If needed, this is also a good time to modernize the API protocols themselves • Could also just be adding additional options • From legacy to REST • Add json, jwts, etc. 21
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Decouple the identity • Target App/API receives identity from the proxy/abstraction layer in the expected format • Proxy receives the identity from the existing identity provider • Each application / identity provider can be migrated separately. 22
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Harden the identity • With this abstraction layer, we can now layer in additional factors • Add in step-up authentication for incoming identity • Add mutual TLS for outbound identity • Continuous Access Evaluation Protocol • Risk Incident Sharing and Coordination 23
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Externalize Authorization • For resources that aren't focused on authorization, the facade layer becomes a point where authorization can be implemented 24
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Improve practices • Continuous Integration • Regression testing • Documentation 25
© Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Companies that work in this space • Apigee, Amazon • Tyk, Mulesoft, Kong • Strata Identity 26
Thank You!

Recommended

Migrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudMigrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi Cloud
Strata Identity
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
WSO2
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Challenges Scaling DevOps
Challenges Scaling DevOpsChallenges Scaling DevOps
Challenges Scaling DevOps
Rachel Maxwell
 
Why citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEXWhy citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEX
DavidPeake15
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfCNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
LibbySchulze
 

Recommended

Migrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudMigrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi Cloud
Strata Identity
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
WSO2
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Challenges Scaling DevOps
Challenges Scaling DevOpsChallenges Scaling DevOps
Challenges Scaling DevOps
Rachel Maxwell
 
Why citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEXWhy citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEX
DavidPeake15
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfCNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
LibbySchulze
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at Scale
DevOps.com
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit TandonANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
AgileNetwork
 
Which One Works You The Best: In-House or Cloud-Based Development Environment
Which One Works You The Best: In-House or Cloud-Based Development EnvironmentWhich One Works You The Best: In-House or Cloud-Based Development Environment
Which One Works You The Best: In-House or Cloud-Based Development Environment
Bitbar
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
EBERTE
 
Why Automate the Network?
Why Automate the Network?Why Automate the Network?
Why Automate the Network?
Hank Preston
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Canada
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Concept of Hybrid Applications
Concept of Hybrid ApplicationsConcept of Hybrid Applications
Concept of Hybrid Applications
Skytap Cloud
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
ThousandEyes
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
Check Point Software Technologies
 
Should healthcare abandon the cloud final
Should healthcare abandon the cloud finalShould healthcare abandon the cloud final
Should healthcare abandon the cloud final
sapenov
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
JessiRyan1
 
Tokyo Release.pdf
Tokyo Release.pdfTokyo Release.pdf
Tokyo Release.pdf
Rajiv283486
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
Rogue Wave Software
 
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
RootedCON
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
apidays
 
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
apidays
 

More Related Content

Similar to APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher Marie (Strata Identity)

Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at Scale
DevOps.com
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit TandonANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
AgileNetwork
 
Which One Works You The Best: In-House or Cloud-Based Development Environment
Which One Works You The Best: In-House or Cloud-Based Development EnvironmentWhich One Works You The Best: In-House or Cloud-Based Development Environment
Which One Works You The Best: In-House or Cloud-Based Development Environment
Bitbar
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
EBERTE
 
Why Automate the Network?
Why Automate the Network?Why Automate the Network?
Why Automate the Network?
Hank Preston
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Canada
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Concept of Hybrid Applications
Concept of Hybrid ApplicationsConcept of Hybrid Applications
Concept of Hybrid Applications
Skytap Cloud
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
ThousandEyes
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
Check Point Software Technologies
 
Should healthcare abandon the cloud final
Should healthcare abandon the cloud finalShould healthcare abandon the cloud final
Should healthcare abandon the cloud final
sapenov
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
JessiRyan1
 
Tokyo Release.pdf
Tokyo Release.pdfTokyo Release.pdf
Tokyo Release.pdf
Rajiv283486
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
Rogue Wave Software
 
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
RootedCON
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler
 

Similar to APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher Marie (Strata Identity) (20)

Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at Scale
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit TandonANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
 
Which One Works You The Best: In-House or Cloud-Based Development Environment
Which One Works You The Best: In-House or Cloud-Based Development EnvironmentWhich One Works You The Best: In-House or Cloud-Based Development Environment
Which One Works You The Best: In-House or Cloud-Based Development Environment
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
 
Why Automate the Network?
Why Automate the Network?Why Automate the Network?
Why Automate the Network?
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Concept of Hybrid Applications
Concept of Hybrid ApplicationsConcept of Hybrid Applications
Concept of Hybrid Applications
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
 
Should healthcare abandon the cloud final
Should healthcare abandon the cloud finalShould healthcare abandon the cloud final
Should healthcare abandon the cloud final
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
 
Tokyo Release.pdf
Tokyo Release.pdfTokyo Release.pdf
Tokyo Release.pdf
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 

More from apidays

Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
apidays
 
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
apidays
 
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
apidays
 
Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...
apidays
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
apidays
 
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
apidays
 
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
apidays
 
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
apidays
 
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
apidays
 
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, OsaangoApidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
apidays
 
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
apidays
 
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, ZuploApidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
apidays
 
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
apidays
 
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss AdamsApidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
apidays
 
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
apidays
 
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
apidays
 
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
apidays
 
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, DanoneApidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
apidays
 
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
apidays
 
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
apidays
 

More from apidays (20)

Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
 
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
 
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
 
Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
 
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
 
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
 
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
 
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
 
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, OsaangoApidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
 
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
 
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, ZuploApidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
 
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
 
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss AdamsApidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
 
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
 
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
 
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
 
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, DanoneApidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
 
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
 
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
 

Recently uploaded

Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENTUnlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
rajesh344555
 
Lesson6 in spreadsheet 2024 for g12..ppt
Lesson6 in spreadsheet 2024 for g12..pptLesson6 in spreadsheet 2024 for g12..ppt
Lesson6 in spreadsheet 2024 for g12..ppt
ReyLouieSedigo1
 
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
Web Inspire
 
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
APNIC
 
Unlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENT
Unlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENTUnlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENT
Unlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENT
keshavtiwari584
 
169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...
169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...
169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...
tanichadda371 #v08
 
The Principal Up-and-Coming Risks to Cloud-Based Security!
The Principal Up-and-Coming Risks to Cloud-Based Security!The Principal Up-and-Coming Risks to Cloud-Based Security!
The Principal Up-and-Coming Risks to Cloud-Based Security!
Alec Kassir cozmozone
 
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
uqbyfm
 
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
Febless Hernane
 
HistorySrSec2024 daahi sadhin sgg-25.pdf
HistorySrSec2024 daahi sadhin sgg-25.pdfHistorySrSec2024 daahi sadhin sgg-25.pdf
HistorySrSec2024 daahi sadhin sgg-25.pdf
AdiySgh
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
Emre Gündoğdu
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
peru primero de la alianza con el pacifico
peru primero de la alianza con el pacificoperu primero de la alianza con el pacifico
peru primero de la alianza con el pacifico
FernandoGuevaraVentu2
 
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. ITNetwork Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Sarthak Sobti
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
DocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptxDocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptx
AmitTuteja9
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
Federico Ast
 
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
narwatsonia7
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 

Recently uploaded (20)

Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENTUnlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
 
Lesson6 in spreadsheet 2024 for g12..ppt
Lesson6 in spreadsheet 2024 for g12..pptLesson6 in spreadsheet 2024 for g12..ppt
Lesson6 in spreadsheet 2024 for g12..ppt
 
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
 
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
 
Unlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENT
Unlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENTUnlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENT
Unlimited Fun With Call Girls Hyderabad ✅ 7737669865 💘 FULL CASH PAYMENT
 
169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...
169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...
169+ Call Girls In Navi Mumbai | 9930245274 | Reliability Escort Service Near...
 
The Principal Up-and-Coming Risks to Cloud-Based Security!
The Principal Up-and-Coming Risks to Cloud-Based Security!The Principal Up-and-Coming Risks to Cloud-Based Security!
The Principal Up-and-Coming Risks to Cloud-Based Security!
 
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
 
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
 
HistorySrSec2024 daahi sadhin sgg-25.pdf
HistorySrSec2024 daahi sadhin sgg-25.pdfHistorySrSec2024 daahi sadhin sgg-25.pdf
HistorySrSec2024 daahi sadhin sgg-25.pdf
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
peru primero de la alianza con el pacifico
peru primero de la alianza con el pacificoperu primero de la alianza con el pacifico
peru primero de la alianza con el pacifico
 
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. ITNetwork Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
DocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptxDocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptx
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
 
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 

APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher Marie (Strata Identity)

  • 1. For flex(ibility)'s sake, modernize your legacy APIs! APISecure March 15, 2023
  • 2. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Topher Marie 2 • CTO and Cofounder of Strata Identity • Lead Identity Architect at Oracle • Product Owner at Auth0 • CTO and Cofounder of JumpCloud • Engineer at Ping Identity and Symplified
  • 3. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. What do we mean by "Legacy?" • Contrast new development and "Legacy" software • Legacy software is currently and actively used by its intended audience • Can be from many different sources • COTS • Enterprise platforms • Bespoke 3
  • 4. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. "Legacy" software is important too! • We discuss new development a lot! • A lot of effort is actually on existing software • Maintenance and enhancements • The business use case continues to be important, but the underlying software may be beginning to age out. • Vulnerabilities accrue • Paradigms have changed 4
  • 5. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. What do we mean by "Modernization" • No need/desire to update business functionality • At least, this isn't the focus • Security and Access Control fixes • Enhanced useability is often a side effect • Latest API frameworks/behaviors 5
  • 6. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Typical trigger scenarios • Legacy system reaches EOL • Price increases for a legacy platform. • Centralizing responsibility for security/access management into a single team • Adding security to an existing app via second-factor auth. • Improving overall security posture, moving to zero-trust • Difficult to maintain because of talent availability 6
  • 7. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Some goals of modernization ● Fix vulnerabilities, enhance security ● Take advantage of popular/modern frameworks ○ Don't undervalue the power of community ● Follow current best practices 7
  • 8. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Tactics for Modernization Not every modernization journey is the same 8
  • 9. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Default Tactic: Do a rewrite • This is what most engineers think about first • Lots of professional services companies and consultants like to do this too 9
  • 10. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Some downsides to rewrites • Budget • Time • Complexity • Lack of expertise • Risk of breakage • Security • Business use cases • Can you stop developing in the existing codebase? Or is it a moving target. • Rewrite of Netscape killed the company 10
  • 11. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. The rewrite treadmill • Constant evolution of security • OAuth best practices, but now SSE / CAEP • Basic API paradigms: REST -> RPC -> GraphQL 11
  • 12. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Tactic: facade • Wrap the existing software with enhanced functionality • Facade acts as a proxy to the existing API • Similar to the Mediator pattern in some ways • API or application itself is not changed • Current best practices are applied at the facade • Security • Access Control • API Paradigm 12
  • 13. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Tactic: facade 13
  • 14. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Benefits of the facade • API doesn't know anything has changed • Old functionality is always still available • Less risk to business logic • Can be incrementally deployed / developed • Security, access control, even API paradigm can be decoupled from the business logic 14
  • 15. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Why decouple? • If we don't decouple here, we're basically rewriting the app • Software and security are constantly evolving. • Without decoupling, we have a new legacy product on our hands immediately. • Maintains flexibility for similar changes in the future 15
  • 16. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Creating your facade Get a bite at the traffic by routing through a proxy point 16
  • 17. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Iron out the networking By not doing much other than proxying traffic, you can make sure you can route traffic appropriately 17
  • 18. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Prepare traffic filtering 18
  • 19. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Allows an incremental approach • We don't want a big bang cutover • We're able to make incremental changes via the facade / abstraction layer and show immediate value. 19
  • 20. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Aside: the Big-Bang Antipattern • Significant project risk and investment. 20
  • 21. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Modernize the protocol • If needed, this is also a good time to modernize the API protocols themselves • Could also just be adding additional options • From legacy to REST • Add json, jwts, etc. 21
  • 22. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Decouple the identity • Target App/API receives identity from the proxy/abstraction layer in the expected format • Proxy receives the identity from the existing identity provider • Each application / identity provider can be migrated separately. 22
  • 23. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Harden the identity • With this abstraction layer, we can now layer in additional factors • Add in step-up authentication for incoming identity • Add mutual TLS for outbound identity • Continuous Access Evaluation Protocol • Risk Incident Sharing and Coordination 23
  • 24. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Externalize Authorization • For resources that aren't focused on authorization, the facade layer becomes a point where authorization can be implemented 24
  • 25. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Improve practices • Continuous Integration • Regression testing • Documentation 25
  • 26. © Strata Identity Inc. 2022. All Rights Reserved. Patents Pending. Companies that work in this space • Apigee, Amazon • Tyk, Mulesoft, Kong • Strata Identity 26