SlideShare une entreprise Scribd logo

apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope

Télécharger en tant que PPTX, PDF
apidays
apidays

apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs API Lifecycle Management - Avoiding Breaches By Securing the Development Process Rod Cope, Chief Technology Officer at Akana by Perforce

Technologie
1  sur  31
Akana by Perforce © 2019 Perforce Software, Inc. API Lifecycle Management AVOIDING BREACHES BY SECURING THE DEVELOPMENT PROCESS
akana.com2 | Akana by Perforce © 2020 Perforce Software, Inc. Overview Not only do you need to secure your APIs, you also need to secure the API lifecycle. Today’s discussion: • How new APIs originate • Securing the API development process • Structuring API delivery workflows • Integrating with CI/CD/DevOps for automation 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey
akana.com3 | Akana by Perforce © 2020 Perforce Software, Inc. Rod Cope CTO, Perforce Software • CTO at Rogue Wave Software • Founder and CTO of OpenLogic • 25+ year software career includes IBM, IBM Global Services, General Electric, and Anthem Blue Cross/Blue Shield. • Worldwide event speaker, including: APIdays, OSCON, Embedded World, ApacheCon, JavaOne, Strata/Big Data, LinuxCon, and API World.
How Do New APIs Originate?
akana.com5 | Akana by Perforce © 2020 Perforce Software, Inc. How Do New APIs Originate? • New business channels • New web/mobile applications • Customer needs
The Importance of a Security-First API Management Strategy (Or, Why “OK” Security Isn’t Good Enough)
akana.com7 | Akana by Perforce © 2020 Perforce Software, Inc. API Security Matters "Hackers Swipe Data On 2 Million T-Mobile Subscribers"… "Hackers managed to breach a database by exploiting a vulnerable API..." "Salesforce Security Alert: API Error Exposed Marketing Data" "API Breaches Surge With No Relief in Sight" "Fitness app Strava showed the world how even seemingly innocuous APIs can have damaging consequences when not securely designed." "Google announced that an additional bug in a Google+ API had exposed user data from 52.5 million accounts."
akana.com8 | Akana by Perforce © 2020 Perforce Software, Inc. Setting the Stage for Disruption
How do you prevent rogue services from getting deployed? How do you secure processes? How do you integrate with CI/CD?
akana.com10 | Akana by Perforce © 2020 Perforce Software, Inc. Akana API Lifecycle Management
akana.com11 | Akana by Perforce © 2020 Perforce Software, Inc. Lifecycle Management Components Lifecycle Manager • Automate machine and role-based validations and signoffs across the software development lifecycle. Lifecycle Coordinator • Automated API configuration and promotion through runtime staging environments. • Eliminate hands-on actions as much as possible. Lifecycle Repository • Add extensible metadata for APIs, apps, and users
akana.com12 | Akana by Perforce © 2020 Perforce Software, Inc. API Lifecycle Review/Approval Process REQUIREMENTS DESIGN DEVELOP API CREATION PROCESS – DEMO SCENARIO Developer Submitter Lifecycle Manager Automation Architect Approver Lifecycle Manager Automation API Submitted API Updated and Submitted API Updated and Submitted Process API Process API Architect Approved? API Published API Not Published API Published API Not Published API Published API Not Published Yes YesNoNo YesNo Architect Approved? Architect Approved?
akana.com13 | Akana by Perforce © 2020 Perforce Software, Inc. promote promote promote Akana and CI/CD Lifecycle Coordinator API Platform Dev API Platform Test API Platform Staging API Platform Production CI/CD Platform (e.g., Jenkins) DevOps Stakeholder Dev CI/CD
akana.com14 | Akana by Perforce © 2020 Perforce Software, Inc. Secure Cloud Architecture PRODUCTION STAGING DEVELOPMENT TEST
akana.com15 | Akana by Perforce © 2020 Perforce Software, Inc. How Akana Fits Into Your Existing Architecture DEVELOPER SERVICES MGMT. SERVICES SECURITY SERVICES ANALYTICS SERVICES
akana.com16 | Akana by Perforce © 2020 Perforce Software, Inc. Key API Security Policy Examples Protect against vulnerabilities presented in OWASP API Security Top 10, such as: • Broken Object Level Authorization • Broken Authentication • Lack of Resources and Rate Limiting • Broken Function Level Authorization • Improper Assets Management
akana.com17 | Akana by Perforce © 2020 Perforce Software, Inc. Security Policy Example - Malicious Pattern Detection • Inspects HTTP for dangerous content • If dangerous, rejects and returns a fault
What Does Security-First Lifecycle Management Look Like?
akana.com19 | Akana by Perforce © 2020 Perforce Software, Inc. Demo Scenario • Three stage environment – Dev, Test, and Acc (Staging) • Solution Architect approval required to exit Dev • Enterprise Architect and IT Security notified for optional comment • Solution Architect approval required to promote from Test to Acc • API Owner initiates minor version (non-breaking) update to promoted API from Dev portal
akana.com20 | Akana by Perforce © 2020 Perforce Software, Inc. 1 - API in Dev with Metadata (Tags)
akana.com21 | Akana by Perforce © 2020 Perforce Software, Inc. 2 - API Owner Requests Dev Approval
akana.com22 | Akana by Perforce © 2020 Perforce Software, Inc. 3 - Solution Architect Approves API
akana.com23 | Akana by Perforce © 2020 Perforce Software, Inc. 4 - Workflow Initiates Auto-Promotion
akana.com24 | Akana by Perforce © 2020 Perforce Software, Inc. 5 - API Promoted to Test
akana.com25 | Akana by Perforce © 2020 Perforce Software, Inc. 6 - API Promotion to Acc Pending
akana.com26 | Akana by Perforce © 2020 Perforce Software, Inc. 7 - Solution Architect Approves API
akana.com27 | Akana by Perforce © 2020 Perforce Software, Inc. 8 - API Promoted to Acc (Staging)
akana.com28 | Akana by Perforce © 2020 Perforce Software, Inc. 9 - API Status in Dev Tenant Auto-Updated
akana.com29 | Akana by Perforce © 2020 Perforce Software, Inc. 10 - API Owner Initiates Reversion for Minor Version Update
akana.com30 | Akana by Perforce © 2020 Perforce Software, Inc. Regardless of your size, you still have the same tech requirements. The new Akana SaaS Club gives you our full-featured enterprise API management solution – without the investment or implementation time. QuickStart packages are right-sized to your needs. As you grow, we’ll grow with you! Get started with Akana API Management faster and more affordably than ever before. Akana QuickStart S U G G E S T E D P A C K A G E : 250 Gb/month Total bandwidth in/out of the gateway Learn more at akana.com/akana-quickstart
Q&A

Recommandé

apidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays
 
apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...
apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...
apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...apidays
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API SecurityApigee | Google Cloud
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays
 
API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsApigee | Google Cloud
 

Recommandé

apidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays
 
apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...
apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...
apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Secur...apidays
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API SecurityApigee | Google Cloud
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays
 
API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsApigee | Google Cloud
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityApigee | Google Cloud
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIsApigee | Google Cloud
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Alexandre Roman
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee | Google Cloud
 
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...apidays
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introductionapimetrics
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoApigee | Google Cloud
 
API Services: Harness the Power of Enterprise Infrastructure
API Services: Harness the Power of Enterprise InfrastructureAPI Services: Harness the Power of Enterprise Infrastructure
API Services: Harness the Power of Enterprise InfrastructureApigee | Google Cloud
 
What are your APIs Worth?
What are your APIs Worth?What are your APIs Worth?
What are your APIs Worth?Apigee | Google Cloud
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approovapidays
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformApigee | Google Cloud
 
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Alexandre Roman
 
A Checklist for Every API Call
A Checklist for Every API CallA Checklist for Every API Call
A Checklist for Every API CallApigee | Google Cloud
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApigee | Google Cloud
 
Mulesoft Connections to different companies, and different services
Mulesoft Connections to different companies, and different servicesMulesoft Connections to different companies, and different services
Mulesoft Connections to different companies, and different servicesByreddy Sravan Kumar Reddy
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...apidays
 
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays
 
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays
 

Contenu connexe

Tendances

REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Alexandre Roman
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...apidays
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introductionapimetrics
 
API Services: Harness the Power of Enterprise Infrastructure
API Services: Harness the Power of Enterprise InfrastructureAPI Services: Harness the Power of Enterprise Infrastructure
API Services: Harness the Power of Enterprise InfrastructureApigee | Google Cloud
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approovapidays
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformApigee | Google Cloud
 
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Alexandre Roman
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApigee | Google Cloud
 
Mulesoft Connections to different companies, and different services
Mulesoft Connections to different companies, and different servicesMulesoft Connections to different companies, and different services
Mulesoft Connections to different companies, and different servicesByreddy Sravan Kumar Reddy
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...apidays
 

Tendances (20)

REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIs
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience
 
Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
 
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introduction
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
 
API Services: Harness the Power of Enterprise Infrastructure
API Services: Harness the Power of Enterprise InfrastructureAPI Services: Harness the Power of Enterprise Infrastructure
API Services: Harness the Power of Enterprise Infrastructure
 
What are your APIs Worth?
What are your APIs Worth?What are your APIs Worth?
What are your APIs Worth?
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
 
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)
 
A Checklist for Every API Call
A Checklist for Every API CallA Checklist for Every API Call
A Checklist for Every API Call
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your Apps
 
Mulesoft Connections to different companies, and different services
Mulesoft Connections to different companies, and different servicesMulesoft Connections to different companies, and different services
Mulesoft Connections to different companies, and different services
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
 

Similaire à apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope

apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays
 
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays
 
Accelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationAccelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationPerfecto by Perforce
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
B7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformationB7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformationDr. Wilfred Lin (Ph.D.)
 
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...Amazon Web Services
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsXebiaLabs
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?Rogue Wave Software
 
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...apidays
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
 
API Economy - Cuomo
API Economy - Cuomo API Economy - Cuomo
API Economy - Cuomo Prolifics
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfAmazon Web Services
 
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAPI Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAkana
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsCobus Bernard
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 

Similaire à apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope (20)

apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
 
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
 
Accelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationAccelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test Automation
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
WaveMaker API Success
WaveMaker API SuccessWaveMaker API Success
WaveMaker API Success
 
B7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformationB7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformation
 
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps Enabler
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale Organizations
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?
 
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
API Economy - Cuomo
API Economy - Cuomo API Economy - Cuomo
API Economy - Cuomo
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
 
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAPI Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform Overview
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applications
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 

Plus de apidays

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...apidays
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...apidays
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...apidays
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...apidays
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...apidays
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...apidays
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...apidays
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...apidays
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...apidays
 

Plus de apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Dernier

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope

  • 1. Akana by Perforce © 2019 Perforce Software, Inc. API Lifecycle Management AVOIDING BREACHES BY SECURING THE DEVELOPMENT PROCESS
  • 2. akana.com2 | Akana by Perforce © 2020 Perforce Software, Inc. Overview Not only do you need to secure your APIs, you also need to secure the API lifecycle. Today’s discussion: • How new APIs originate • Securing the API development process • Structuring API delivery workflows • Integrating with CI/CD/DevOps for automation 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey
  • 3. akana.com3 | Akana by Perforce © 2020 Perforce Software, Inc. Rod Cope CTO, Perforce Software • CTO at Rogue Wave Software • Founder and CTO of OpenLogic • 25+ year software career includes IBM, IBM Global Services, General Electric, and Anthem Blue Cross/Blue Shield. • Worldwide event speaker, including: APIdays, OSCON, Embedded World, ApacheCon, JavaOne, Strata/Big Data, LinuxCon, and API World.
  • 4. How Do New APIs Originate?
  • 5. akana.com5 | Akana by Perforce © 2020 Perforce Software, Inc. How Do New APIs Originate? • New business channels • New web/mobile applications • Customer needs
  • 6. The Importance of a Security-First API Management Strategy (Or, Why “OK” Security Isn’t Good Enough)
  • 7. akana.com7 | Akana by Perforce © 2020 Perforce Software, Inc. API Security Matters "Hackers Swipe Data On 2 Million T-Mobile Subscribers"… "Hackers managed to breach a database by exploiting a vulnerable API..." "Salesforce Security Alert: API Error Exposed Marketing Data" "API Breaches Surge With No Relief in Sight" "Fitness app Strava showed the world how even seemingly innocuous APIs can have damaging consequences when not securely designed." "Google announced that an additional bug in a Google+ API had exposed user data from 52.5 million accounts."
  • 8. akana.com8 | Akana by Perforce © 2020 Perforce Software, Inc. Setting the Stage for Disruption
  • 9. How do you prevent rogue services from getting deployed? How do you secure processes? How do you integrate with CI/CD?
  • 10. akana.com10 | Akana by Perforce © 2020 Perforce Software, Inc. Akana API Lifecycle Management
  • 11. akana.com11 | Akana by Perforce © 2020 Perforce Software, Inc. Lifecycle Management Components Lifecycle Manager • Automate machine and role-based validations and signoffs across the software development lifecycle. Lifecycle Coordinator • Automated API configuration and promotion through runtime staging environments. • Eliminate hands-on actions as much as possible. Lifecycle Repository • Add extensible metadata for APIs, apps, and users
  • 12. akana.com12 | Akana by Perforce © 2020 Perforce Software, Inc. API Lifecycle Review/Approval Process REQUIREMENTS DESIGN DEVELOP API CREATION PROCESS – DEMO SCENARIO Developer Submitter Lifecycle Manager Automation Architect Approver Lifecycle Manager Automation API Submitted API Updated and Submitted API Updated and Submitted Process API Process API Architect Approved? API Published API Not Published API Published API Not Published API Published API Not Published Yes YesNoNo YesNo Architect Approved? Architect Approved?
  • 13. akana.com13 | Akana by Perforce © 2020 Perforce Software, Inc. promote promote promote Akana and CI/CD Lifecycle Coordinator API Platform Dev API Platform Test API Platform Staging API Platform Production CI/CD Platform (e.g., Jenkins) DevOps Stakeholder Dev CI/CD
  • 14. akana.com14 | Akana by Perforce © 2020 Perforce Software, Inc. Secure Cloud Architecture PRODUCTION STAGING DEVELOPMENT TEST
  • 15. akana.com15 | Akana by Perforce © 2020 Perforce Software, Inc. How Akana Fits Into Your Existing Architecture DEVELOPER SERVICES MGMT. SERVICES SECURITY SERVICES ANALYTICS SERVICES
  • 16. akana.com16 | Akana by Perforce © 2020 Perforce Software, Inc. Key API Security Policy Examples Protect against vulnerabilities presented in OWASP API Security Top 10, such as: • Broken Object Level Authorization • Broken Authentication • Lack of Resources and Rate Limiting • Broken Function Level Authorization • Improper Assets Management
  • 17. akana.com17 | Akana by Perforce © 2020 Perforce Software, Inc. Security Policy Example - Malicious Pattern Detection • Inspects HTTP for dangerous content • If dangerous, rejects and returns a fault
  • 18. What Does Security-First Lifecycle Management Look Like?
  • 19. akana.com19 | Akana by Perforce © 2020 Perforce Software, Inc. Demo Scenario • Three stage environment – Dev, Test, and Acc (Staging) • Solution Architect approval required to exit Dev • Enterprise Architect and IT Security notified for optional comment • Solution Architect approval required to promote from Test to Acc • API Owner initiates minor version (non-breaking) update to promoted API from Dev portal
  • 20. akana.com20 | Akana by Perforce © 2020 Perforce Software, Inc. 1 - API in Dev with Metadata (Tags)
  • 21. akana.com21 | Akana by Perforce © 2020 Perforce Software, Inc. 2 - API Owner Requests Dev Approval
  • 22. akana.com22 | Akana by Perforce © 2020 Perforce Software, Inc. 3 - Solution Architect Approves API
  • 23. akana.com23 | Akana by Perforce © 2020 Perforce Software, Inc. 4 - Workflow Initiates Auto-Promotion
  • 24. akana.com24 | Akana by Perforce © 2020 Perforce Software, Inc. 5 - API Promoted to Test
  • 25. akana.com25 | Akana by Perforce © 2020 Perforce Software, Inc. 6 - API Promotion to Acc Pending
  • 26. akana.com26 | Akana by Perforce © 2020 Perforce Software, Inc. 7 - Solution Architect Approves API
  • 27. akana.com27 | Akana by Perforce © 2020 Perforce Software, Inc. 8 - API Promoted to Acc (Staging)
  • 28. akana.com28 | Akana by Perforce © 2020 Perforce Software, Inc. 9 - API Status in Dev Tenant Auto-Updated
  • 29. akana.com29 | Akana by Perforce © 2020 Perforce Software, Inc. 10 - API Owner Initiates Reversion for Minor Version Update
  • 30. akana.com30 | Akana by Perforce © 2020 Perforce Software, Inc. Regardless of your size, you still have the same tech requirements. The new Akana SaaS Club gives you our full-featured enterprise API management solution – without the investment or implementation time. QuickStart packages are right-sized to your needs. As you grow, we’ll grow with you! Get started with Akana API Management faster and more affordably than ever before. Akana QuickStart S U G G E S T E D P A C K A G E : 250 Gb/month Total bandwidth in/out of the gateway Learn more at akana.com/akana-quickstart
  • 31. Q&A

Notes de l'éditeur

  1. Abstract:   In the race to unlock new business channels and create more value, there is always a push to develop new APIs. But how do they get from idea to value? And how do you ensure that they are developed not only swiftly, but securely? Strict top-down control destroys speed, but no governance puts you at major risk of regulatory and compliance violations.   Any phase of your API lifecycle - from strategy and design to deployment and optimization – can be the source of vulnerabilities that enable malicious attacks and allow unauthorized access, unapproved APIs, and exposed data.   In this webinar, we explore the API development process: where it originates, how to secure it, and how to maximize automation while preserving developer creativity and speed.   Join Rod Cope, CTO of Perforce Software, and guest speaker Randy Heffner, VP and Principal Analyst from Forrester Research, Inc., as they discuss:   How new APIs originate from new business channels and new web and mobile applications Infusing security throughout the API development process Structuring API delivery workflows to both meet compliance demands and speed development Integrating with CI/CD/DevOps to automate and harden the API lifecycle  
  2. Development Governance - ensure you aren't building same functionality multiple times - ties into Portal capabilities, approval processes - Akana can do it and very few others can - authentication, proxying, having a gateway, rate limiting - automating - not leaving a chance that a policy is not applied, not attaching the right policy, ability to attach policies to meta data Can your API platform really do all of this?
  3. Lifecycle Coordinator highlights: Objective: automated API configuration and promotion through runtime staging environments – eliminate hands-on actions as much as possible and by doing so gain efficiency and reduce potential for error Automated API configuration - API architects can easily define configuration patterns to be automatically applied via extended metadata values Auditable promotion records – Lifecycle Coordinator records all API promotion activities across multiple iterations with full visibility to configuration changes between staging environments Configurable role-based gating – enterprises can easily specify RACI (Responsible/Approver/Commenter/Informed) roles into promotion workflows; these become part of the audit record Integration with CI/CD platforms (e.g., Jenkins) – Lifecycle Coordinator can act as either a master or a slave within an enterprise’s CI/CD architecture When you promote from Dev to Production, can change OAuth domain The keys are: Configurable role-based gating (make gating more generic) RACI - broken down into roles that people have in any governance process -- who is responsible for promoting something into next environment, who approved that, who comments on it / reviews it, who needs to be informed of it -- all of this concept is built into the Akana platform
  4. This is just a sample – not fixed -- there can be as many tasks/approvals as you want.
  5. Promotions are being initiated and governed by the Lifecycle Manager, which drives approvals. In each Promotion (gray arrows), you can change appropriate policies for each instance, and change Oauth domains in each stage.
  6. We typically position this architecture to those who want to be PCI compliant or have a little more security than they are currently doing – i.e. “you need to be doing AT LEAST this much” Advantage of Akana – Lifecycle Manager (pink box) -- managing review/approval side of things before production, so the managers get a notice of a request to do this promotion, and it must be approved before a change is made. Not just about encryption, also about process and architecture.
  7. Customer wrapped in Akana’s architecture We add gateways on top of interaction layer, add a developer portal, add these security/management services along with our Oauth server, etc.
  8. The HTTP Malicious Pattern Detection Policy is used to inspect HTTP messages for content that could be considered dangerous to an API or web service. This policy can be attached based on the metadata (previous slide) If the message content matches any of the expressions identified in the policy as potentially dangerous, the policy rejects the message and returns a fault. This policy uses regular expressions to define the content that could be considered dangerous, that would warrant a message being rejected. Typical uses of this policy are for SQL injection detection or JavaScript detection. You don’t need to order your policies, like with other platforms.
  9. Note: change “Asset Submission” to “API submission” if possible
  10. Same slide title at step #3. Are they both correct?