SlideShare a Scribd company logo

Rethinking Application Security for cloud-native era

Priyanka Aash
Priyanka Aash

Cloud native applications are API driven and are based on distributed microservices. APIs are the gateway to your business and expose a lot of the business logic to the outside world. Legacy solutions to understand your applications security posture are not applicable to these modern continuously changing environments

Technology
1 of 12
Download to read offline
Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Application Security for the cloud-native era Sanjay Nagaraj Co-founder/CTO Traceable.ai @SanjayNSF
Best Of The World In Security Conference Co-founder/CTO at Traceable.ai Former VP Engineering, AppDynamics Building products for 20+ years Currently learning about GraphQL anomalies
Best Of The World In Security Conference Cloud native services
Best Of The World In Security Conference Cloud-Native Architectures - Complex & Ephemeral
Best Of The World In Security Conference Where are all my APIs and risky APIs ? 5 - API Sprawl - New APIs and Parameters show up - Shadow APIs - Poor understanding of risk
Best Of The World In Security Conference Where is all my sensitive data flowing in and out ? 6 - Data coming into APIs - Data in databases, cloud services, 3rd party - Compliance
Best Of The World In Security Conference What are Business logic attacks 7 Threat Actor GET /api/receipts/5 Mary - Rider Mary’s Receipt #5 Resource Receipt API New Class of Attacks OWASP Web OWASP API
Best Of The World In Security Conference How much can I catch early ? 8 - Are scanning tools enough ? - Not everything gets tested - How to scan for business logic vulnerabilities ? - SPA
Best Of The World In Security Conference Modern App Security Requires Full Application Context 9 User Actions Edge APIs Internal APIs External Service API ACTIVITY Edge API Calls Internal API Calls Sequence of API Calls USER BEHAVIOR Identity & Devices Roles & Permissions Activity DATA FLOW Across Sequence of Calls Between InternalServices To External Services CODE EXECUTION API Parameters Request/Response Data Errors & Latency
Best Of The World In Security Conference DevSecOps 10 - Shared responsibility - Education - Risk assessment & prioritization - Collaborative issue handling, transparency / information mgmt (unified pane of glass)
Best Of The World In Security Conference Questions @ : sanjay@traceable.ai : @sanjaynsf : linkedin.com/in/sanjaynagaraj/
Best Of The World In Security Conference Win a t-shirt! Question: What is the top risk in OWASP API Top 10? the answer to @traceableai #cisoplatformquiz

Recommended

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Cisco Connect 2018 Singapore - Cisco CMX
Cisco Connect 2018 Singapore - Cisco CMXCisco Connect 2018 Singapore - Cisco CMX
Cisco Connect 2018 Singapore - Cisco CMXNetworkCollaborators
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
Cisco Connect 2018 Singapore - The Network Intuitive
Cisco Connect 2018 Singapore - The Network IntuitiveCisco Connect 2018 Singapore - The Network Intuitive
Cisco Connect 2018 Singapore - The Network IntuitiveNetworkCollaborators
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
 

Recommended

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Cisco Connect 2018 Singapore - Cisco CMX
Cisco Connect 2018 Singapore - Cisco CMXCisco Connect 2018 Singapore - Cisco CMX
Cisco Connect 2018 Singapore - Cisco CMXNetworkCollaborators
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
Cisco Connect 2018 Singapore - The Network Intuitive
Cisco Connect 2018 Singapore - The Network IntuitiveCisco Connect 2018 Singapore - The Network Intuitive
Cisco Connect 2018 Singapore - The Network IntuitiveNetworkCollaborators
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...NetworkCollaborators
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldCisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldNetworkCollaborators
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationNetworkCollaborators
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy NetworkCollaborators
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalDejan Jeremic
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
Cisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingCisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingNetworkCollaborators
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANNetworkCollaborators
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)Priyanka Aash
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonDevSecCon
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerRahul Neel Mani
 
Cisco Connect 2018 Singapore - Do more than keep the lights on
Cisco Connect 2018 Singapore - Do more than keep the lights onCisco Connect 2018 Singapore - Do more than keep the lights on
Cisco Connect 2018 Singapore - Do more than keep the lights onNetworkCollaborators
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationNetworkCollaborators
 
Swagger & OpenAPI Spec #openapi
Swagger & OpenAPI Spec #openapiSwagger & OpenAPI Spec #openapi
Swagger & OpenAPI Spec #openapiMuhammad Siddiqi
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...APIsecure_ Official
 

More Related Content

What's hot

Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...NetworkCollaborators
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldCisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldNetworkCollaborators
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationNetworkCollaborators
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy NetworkCollaborators
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalDejan Jeremic
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
Cisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingCisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingNetworkCollaborators
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANNetworkCollaborators
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)Priyanka Aash
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonDevSecCon
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerRahul Neel Mani
 
Cisco Connect 2018 Singapore - Do more than keep the lights on
Cisco Connect 2018 Singapore - Do more than keep the lights onCisco Connect 2018 Singapore - Do more than keep the lights on
Cisco Connect 2018 Singapore - Do more than keep the lights onNetworkCollaborators
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationNetworkCollaborators
 

What's hot (20)

Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
 
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldCisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-final
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 
Cisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingCisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networking
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WAN
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unison
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
 
Cisco Connect 2018 Singapore - Do more than keep the lights on
Cisco Connect 2018 Singapore - Do more than keep the lights onCisco Connect 2018 Singapore - Do more than keep the lights on
Cisco Connect 2018 Singapore - Do more than keep the lights on
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
 

Similar to Rethinking Application Security for cloud-native era

Swagger & OpenAPI Spec #openapi
Swagger & OpenAPI Spec #openapiSwagger & OpenAPI Spec #openapi
Swagger & OpenAPI Spec #openapiMuhammad Siddiqi
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...APIsecure_ Official
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityOry Segal
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays
 
Mohamed rashad resume september 2020
Mohamed rashad resume september 2020Mohamed rashad resume september 2020
Mohamed rashad resume september 2020Mohamed Rashad
 
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...Dana Gardner
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Chetan Khatri
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...
Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...
Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...Dana Gardner
 
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Erkang Zheng
 
When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...
When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...
When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...Dana Gardner
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020Ulf Mattsson
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Keith Kraus
 
Cisco and AppDynamics: Redefining Application Intelligence - AppD Summit Europe
Cisco and AppDynamics: Redefining Application Intelligence - AppD Summit EuropeCisco and AppDynamics: Redefining Application Intelligence - AppD Summit Europe
Cisco and AppDynamics: Redefining Application Intelligence - AppD Summit EuropeAppDynamics
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating DatadipityClickslide
 
apidays LIVE India 2022 - The Future of API’s Security.pptx
apidays LIVE India 2022 - The Future of API’s Security.pptxapidays LIVE India 2022 - The Future of API’s Security.pptx
apidays LIVE India 2022 - The Future of API’s Security.pptxapidays
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 

Similar to Rethinking Application Security for cloud-native era (20)

Swagger & OpenAPI Spec #openapi
Swagger & OpenAPI Spec #openapiSwagger & OpenAPI Spec #openapi
Swagger & OpenAPI Spec #openapi
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application Security
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
 
Mohamed rashad resume september 2020
Mohamed rashad resume september 2020Mohamed rashad resume september 2020
Mohamed rashad resume september 2020
 
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...
Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...
Traceable.ai Debuts Platform for Building API Knowledge that Detects And Thwa...
 
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...
When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...
When it Comes to API Security, Expect the Whole World to Be Testing Your Mett...
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Cisco and AppDynamics: Redefining Application Intelligence - AppD Summit Europe
Cisco and AppDynamics: Redefining Application Intelligence - AppD Summit EuropeCisco and AppDynamics: Redefining Application Intelligence - AppD Summit Europe
Cisco and AppDynamics: Redefining Application Intelligence - AppD Summit Europe
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating Datadipity
 
apidays LIVE India 2022 - The Future of API’s Security.pptx
apidays LIVE India 2022 - The Future of API’s Security.pptxapidays LIVE India 2022 - The Future of API’s Security.pptx
apidays LIVE India 2022 - The Future of API’s Security.pptx
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 

Recently uploaded (20)

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 

Rethinking Application Security for cloud-native era

  • 1. Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Application Security for the cloud-native era Sanjay Nagaraj Co-founder/CTO Traceable.ai @SanjayNSF
  • 2. Best Of The World In Security Conference Co-founder/CTO at Traceable.ai Former VP Engineering, AppDynamics Building products for 20+ years Currently learning about GraphQL anomalies
  • 3. Best Of The World In Security Conference Cloud native services
  • 4. Best Of The World In Security Conference Cloud-Native Architectures - Complex & Ephemeral
  • 5. Best Of The World In Security Conference Where are all my APIs and risky APIs ? 5 - API Sprawl - New APIs and Parameters show up - Shadow APIs - Poor understanding of risk
  • 6. Best Of The World In Security Conference Where is all my sensitive data flowing in and out ? 6 - Data coming into APIs - Data in databases, cloud services, 3rd party - Compliance
  • 7. Best Of The World In Security Conference What are Business logic attacks 7 Threat Actor GET /api/receipts/5 Mary - Rider Mary’s Receipt #5 Resource Receipt API New Class of Attacks OWASP Web OWASP API
  • 8. Best Of The World In Security Conference How much can I catch early ? 8 - Are scanning tools enough ? - Not everything gets tested - How to scan for business logic vulnerabilities ? - SPA
  • 9. Best Of The World In Security Conference Modern App Security Requires Full Application Context 9 User Actions Edge APIs Internal APIs External Service API ACTIVITY Edge API Calls Internal API Calls Sequence of API Calls USER BEHAVIOR Identity & Devices Roles & Permissions Activity DATA FLOW Across Sequence of Calls Between InternalServices To External Services CODE EXECUTION API Parameters Request/Response Data Errors & Latency
  • 10. Best Of The World In Security Conference DevSecOps 10 - Shared responsibility - Education - Risk assessment & prioritization - Collaborative issue handling, transparency / information mgmt (unified pane of glass)
  • 11. Best Of The World In Security Conference Questions @ : sanjay@traceable.ai : @sanjaynsf : linkedin.com/in/sanjaynagaraj/
  • 12. Best Of The World In Security Conference Win a t-shirt! Question: What is the top risk in OWASP API Top 10? the answer to @traceableai #cisoplatformquiz