SlideShare uma empresa Scribd logo

apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope

Transferir como PPTX, PDF
apidays
apidays

The document discusses securing the API development lifecycle process. It describes how new APIs are originated through new business needs, applications, or customer requirements. It then discusses how the Akana API management platform addresses this issue through automated validation and approval workflows integrated with CI/CD pipelines. This ensures security policies are followed before APIs move from development to testing and production environments. It provides an example demo of how Akana enforces approval from solution architects before an API can be promoted between stages.

Tecnologia
1 de 31
Akana by Perforce © 2019 Perforce Software, Inc. API Lifecycle Management AVOIDING BREACHES BY SECURING THE DEVELOPMENT PROCESS
akana.com2 | Akana by Perforce © 2020 Perforce Software, Inc. Overview Not only do you need to secure your APIs, you also need to secure the API lifecycle. Today’s discussion: • How new APIs originate • Securing the API development process • Structuring API delivery workflows • Integrating with CI/CD/DevOps for automation 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey
akana.com3 | Akana by Perforce © 2020 Perforce Software, Inc. Rod Cope CTO, Perforce Software • CTO for Rogue Wave Software (now Perforce) and the Founder and CTO of OpenLogic • 25+ year software career includes IBM, IBM Global Services, General Electric, and Anthem Blue Cross/Blue Shield. • Worldwide event speaker, including: APIdays, OSCON, Embedded World, ApacheCon, JavaOne, Strata/Big Data, LinuxCon, and API World.
How Do New APIs Originate?
akana.com5 | Akana by Perforce © 2020 Perforce Software, Inc. How Do New APIs Originate? • New business channels • New web/mobile applications • Customer needs
The Importance of a Security-First API Management Strategy (Or, Why “OK” Security Isn’t Good Enough)
akana.com7 | Akana by Perforce © 2020 Perforce Software, Inc. API Security Matters "Hackers Swipe Data On 2 Million T-Mobile Subscribers"… "Hackers managed to breach a database by exploiting a vulnerable API..." "Salesforce Security Alert: API Error Exposed Marketing Data" "2018 Sees API Breaches Surge With No Relief in Sight" "Fitness app Strava showed the world how even seemingly innocuous APIs can have damaging consequences when not securely designed." "Google announced that an additional bug in a Google+ API had exposed user data from 52.5 million accounts."
akana.com8 | Akana by Perforce © 2020 Perforce Software, Inc. Setting the Stage for Disruption
How do you prevent rogue services from getting deployed? How do you secure processes? How do you integrate with CI/CD?
akana.com10 | Akana by Perforce © 2020 Perforce Software, Inc. Akana API Lifecycle Management
akana.com11 | Akana by Perforce © 2020 Perforce Software, Inc. Lifecycle Management Components Lifecycle Manager • Automate machine and role-based validations and signoffs across the software development lifecycle. Lifecycle Coordinator • Automated API configuration and promotion through runtime staging environments. • Eliminate hands-on actions as much as possible. Lifecycle Repository • Add extensible metadata for APIs, apps, and users
akana.com12 | Akana by Perforce © 2020 Perforce Software, Inc. API Lifecycle Review/Approval Process REQUIREMENTS DESIGN DEVELOP API CREATION PROCESS – DEMO SCENARIO Developer Submitter Lifecycle Manager Automation Architect Approver Lifecycle Manager Automation API Submitted API Updated and Submitted API Updated and Submitted Process API Process API Architect Approved? API Published API Not Published API Published API Not Published API Published API Not Published Yes YesNoNo YesNo Architect Approved? Architect Approved?
akana.com13 | Akana by Perforce © 2020 Perforce Software, Inc. promote promote promote Akana and CI/CD Lifecycle Coordinator API Platform Dev API Platform Test API Platform Staging API Platform Production CI/CD Platform (e.g., Jenkins) DevOps Stakeholder Dev CI/CD
akana.com14 | Akana by Perforce © 2020 Perforce Software, Inc. Secure Cloud Architecture PRODUCTION STAGING DEVELOPMENT TEST
akana.com15 | Akana by Perforce © 2020 Perforce Software, Inc. How Akana Fits Into Your Existing Architecture DEVELOPER SERVICES MGMT. SERVICES SECURITY SERVICES ANALYTICS SERVICES
akana.com16 | Akana by Perforce © 2020 Perforce Software, Inc. Key API Security Policy Examples Protect against vulnerabilities presented in OWASP API Security Top 10, such as: • Broken Object Level Authorization • Broken Authentication • Lack of Resources and Rate Limiting • Broken Function Level Authorization • Improper Assets Management
akana.com17 | Akana by Perforce © 2020 Perforce Software, Inc. Security Policy Example - Malicious Pattern Detection • Inspects HTTP for dangerous content • If dangerous, rejects and returns a fault
What Does Security-First Lifecycle Management Look Like?
akana.com19 | Akana by Perforce © 2020 Perforce Software, Inc. Demo Scenario • Three stage environment – Dev, Test, and Acc (Staging) • Solution Architect approval required to exit Dev • Enterprise Architect and IT Security notified for optional comment • Solution Architect approval required to promote from Test to Acc • API Owner initiates minor version (non-breaking) update to promoted API from Dev portal
akana.com20 | Akana by Perforce © 2020 Perforce Software, Inc. 1 - API in Dev with Metadata (Tags)
akana.com21 | Akana by Perforce © 2020 Perforce Software, Inc. 2 - API Owner Requests Dev Approval
akana.com22 | Akana by Perforce © 2020 Perforce Software, Inc. 3 - Solution Architect Approves API
akana.com23 | Akana by Perforce © 2020 Perforce Software, Inc. 4 - Workflow Initiates Auto-Promotion
akana.com24 | Akana by Perforce © 2020 Perforce Software, Inc. 5 - API Promoted to Test
akana.com25 | Akana by Perforce © 2020 Perforce Software, Inc. 6 - API Promotion to Acc Pending
akana.com26 | Akana by Perforce © 2020 Perforce Software, Inc. 7 - Solution Architect Approves API
akana.com27 | Akana by Perforce © 2020 Perforce Software, Inc. 8 - API Promoted to Acc (Staging)
akana.com28 | Akana by Perforce © 2020 Perforce Software, Inc. 9 - API Status in Dev Tenant Auto-Updated
akana.com29 | Akana by Perforce © 2020 Perforce Software, Inc. 10 - API Owner Initiates Reversion for Minor Version Update
akana.com30 | Akana by Perforce © 2020 Perforce Software, Inc. Regardless of your size, you still have the same tech requirements. The new Akana SaaS Club gives you our full-featured enterprise API management solution – without the investment or implementation time. QuickStart packages are right-sized to your needs. As you grow, we’ll grow with you! Get started with Akana API Management faster and more affordably than ever before. Akana QuickStart S U G G E S T E D P A C K A G E : 250 Gb/month Total bandwidth in/out of the gateway Learn more at akana.com/akana-quickstart
Q&A

Recomendados

apidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays
 
apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
apidays LIVE New York - API Code First vs Design First by Phil Sturgeon
apidays LIVE New York - API Code First vs Design First by Phil Sturgeonapidays LIVE New York - API Code First vs Design First by Phil Sturgeon
apidays LIVE New York - API Code First vs Design First by Phil Sturgeonapidays
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...
apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...
apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...apidays
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays
 

Recomendados

apidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays LIVE New York - Building Great Web APIs by Mike Amundsen
apidays LIVE New York - Building Great Web APIs by Mike Amundsenapidays
 
apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
apidays LIVE New York - API Code First vs Design First by Phil Sturgeon
apidays LIVE New York - API Code First vs Design First by Phil Sturgeonapidays LIVE New York - API Code First vs Design First by Phil Sturgeon
apidays LIVE New York - API Code First vs Design First by Phil Sturgeonapidays
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...
apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...
apidays LIVE LONDON - API Lifecycle Management - Avoiding Breaches By Securin...apidays
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...apidays
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SitePronovix
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approovapidays
 
End to End Testing: Bug Squashing for API Developers
End to End Testing: Bug Squashing for API Developers End to End Testing: Bug Squashing for API Developers
End to End Testing: Bug Squashing for API Developers Apigee | Google Cloud
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop Apigee | Google Cloud
 
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...apidays
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...apidays
 
A Checklist for Every API Call
A Checklist for Every API CallA Checklist for Every API Call
A Checklist for Every API CallApigee | Google Cloud
 
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee | Google Cloud
 
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays
 
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee | Google Cloud
 
API Strategy in Cloud
API Strategy in CloudAPI Strategy in Cloud
API Strategy in CloudPavanPardeshi1
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...apidays
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceCapgemini
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays
 
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMaticapidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMaticapidays
 
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays
 
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays
 

Mais conteúdo relacionado

Mais procurados

APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...apidays
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SitePronovix
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approovapidays
 
End to End Testing: Bug Squashing for API Developers
End to End Testing: Bug Squashing for API Developers End to End Testing: Bug Squashing for API Developers
End to End Testing: Bug Squashing for API Developers Apigee | Google Cloud
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop Apigee | Google Cloud
 
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...apidays
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...apidays
 
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays
 
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays
 
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...apidays
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceCapgemini
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays
 
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMaticapidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMaticapidays
 

Mais procurados (20)

APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
 
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Li...
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc Site
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov
 
End to End Testing: Bug Squashing for API Developers
End to End Testing: Bug Squashing for API Developers End to End Testing: Bug Squashing for API Developers
End to End Testing: Bug Squashing for API Developers
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
apidays LIVE Paris 2021 - Beyond API Governance: Run your API org like a lean...
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
 
A Checklist for Every API Call
A Checklist for Every API CallA Checklist for Every API Call
A Checklist for Every API Call
 
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
 
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
 
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
API Strategy in Cloud
API Strategy in CloudAPI Strategy in Cloud
API Strategy in Cloud
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation Experience
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
 
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMaticapidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
apidays Paris 2019 - API Adoption via A Code Playground by S Adeel Ali, APIMatic
 

Semelhante a apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope

apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays
 
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays
 
Accelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationAccelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationPerfecto by Perforce
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
B7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformationB7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformationDr. Wilfred Lin (Ph.D.)
 
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...Amazon Web Services
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...apidays
 
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAPI Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAkana
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?Rogue Wave Software
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsCobus Bernard
 
The API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideThe API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideCA Technologies
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfAmazon Web Services
 
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...apidays
 

Semelhante a apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope (20)

apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
 
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
apidays LIVE Australia 2020 - Multigrain services: micro vs. mini vs. mac by ...
 
Accelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationAccelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test Automation
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
B7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformationB7 api management_enabling_digital_transformation
B7 api management_enabling_digital_transformation
 
WaveMaker API Success
WaveMaker API SuccessWaveMaker API Success
WaveMaker API Success
 
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
CI/CD for Serverless and Containerized Applications (DEV309-R1) - AWS re:Inve...
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
APIdays London 2019 - Microservices vs Miniservices vs Monolithics: Winner Ta...
 
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAPI Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform Overview
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps Enabler
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applications
 
The API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideThe API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital Divide
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
 
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
 

Mais de apidays

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...apidays
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...apidays
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...apidays
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...apidays
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...apidays
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...apidays
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...apidays
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...apidays
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...apidays
 

Mais de apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Último

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Último (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

apidays LIVE New York - API Lifecycle Management - Avoiding Breaches By Securing the Development Process by Rod Cope

  • 1. Akana by Perforce © 2019 Perforce Software, Inc. API Lifecycle Management AVOIDING BREACHES BY SECURING THE DEVELOPMENT PROCESS
  • 2. akana.com2 | Akana by Perforce © 2020 Perforce Software, Inc. Overview Not only do you need to secure your APIs, you also need to secure the API lifecycle. Today’s discussion: • How new APIs originate • Securing the API development process • Structuring API delivery workflows • Integrating with CI/CD/DevOps for automation 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey
  • 3. akana.com3 | Akana by Perforce © 2020 Perforce Software, Inc. Rod Cope CTO, Perforce Software • CTO for Rogue Wave Software (now Perforce) and the Founder and CTO of OpenLogic • 25+ year software career includes IBM, IBM Global Services, General Electric, and Anthem Blue Cross/Blue Shield. • Worldwide event speaker, including: APIdays, OSCON, Embedded World, ApacheCon, JavaOne, Strata/Big Data, LinuxCon, and API World.
  • 4. How Do New APIs Originate?
  • 5. akana.com5 | Akana by Perforce © 2020 Perforce Software, Inc. How Do New APIs Originate? • New business channels • New web/mobile applications • Customer needs
  • 6. The Importance of a Security-First API Management Strategy (Or, Why “OK” Security Isn’t Good Enough)
  • 7. akana.com7 | Akana by Perforce © 2020 Perforce Software, Inc. API Security Matters "Hackers Swipe Data On 2 Million T-Mobile Subscribers"… "Hackers managed to breach a database by exploiting a vulnerable API..." "Salesforce Security Alert: API Error Exposed Marketing Data" "2018 Sees API Breaches Surge With No Relief in Sight" "Fitness app Strava showed the world how even seemingly innocuous APIs can have damaging consequences when not securely designed." "Google announced that an additional bug in a Google+ API had exposed user data from 52.5 million accounts."
  • 8. akana.com8 | Akana by Perforce © 2020 Perforce Software, Inc. Setting the Stage for Disruption
  • 9. How do you prevent rogue services from getting deployed? How do you secure processes? How do you integrate with CI/CD?
  • 10. akana.com10 | Akana by Perforce © 2020 Perforce Software, Inc. Akana API Lifecycle Management
  • 11. akana.com11 | Akana by Perforce © 2020 Perforce Software, Inc. Lifecycle Management Components Lifecycle Manager • Automate machine and role-based validations and signoffs across the software development lifecycle. Lifecycle Coordinator • Automated API configuration and promotion through runtime staging environments. • Eliminate hands-on actions as much as possible. Lifecycle Repository • Add extensible metadata for APIs, apps, and users
  • 12. akana.com12 | Akana by Perforce © 2020 Perforce Software, Inc. API Lifecycle Review/Approval Process REQUIREMENTS DESIGN DEVELOP API CREATION PROCESS – DEMO SCENARIO Developer Submitter Lifecycle Manager Automation Architect Approver Lifecycle Manager Automation API Submitted API Updated and Submitted API Updated and Submitted Process API Process API Architect Approved? API Published API Not Published API Published API Not Published API Published API Not Published Yes YesNoNo YesNo Architect Approved? Architect Approved?
  • 13. akana.com13 | Akana by Perforce © 2020 Perforce Software, Inc. promote promote promote Akana and CI/CD Lifecycle Coordinator API Platform Dev API Platform Test API Platform Staging API Platform Production CI/CD Platform (e.g., Jenkins) DevOps Stakeholder Dev CI/CD
  • 14. akana.com14 | Akana by Perforce © 2020 Perforce Software, Inc. Secure Cloud Architecture PRODUCTION STAGING DEVELOPMENT TEST
  • 15. akana.com15 | Akana by Perforce © 2020 Perforce Software, Inc. How Akana Fits Into Your Existing Architecture DEVELOPER SERVICES MGMT. SERVICES SECURITY SERVICES ANALYTICS SERVICES
  • 16. akana.com16 | Akana by Perforce © 2020 Perforce Software, Inc. Key API Security Policy Examples Protect against vulnerabilities presented in OWASP API Security Top 10, such as: • Broken Object Level Authorization • Broken Authentication • Lack of Resources and Rate Limiting • Broken Function Level Authorization • Improper Assets Management
  • 17. akana.com17 | Akana by Perforce © 2020 Perforce Software, Inc. Security Policy Example - Malicious Pattern Detection • Inspects HTTP for dangerous content • If dangerous, rejects and returns a fault
  • 18. What Does Security-First Lifecycle Management Look Like?
  • 19. akana.com19 | Akana by Perforce © 2020 Perforce Software, Inc. Demo Scenario • Three stage environment – Dev, Test, and Acc (Staging) • Solution Architect approval required to exit Dev • Enterprise Architect and IT Security notified for optional comment • Solution Architect approval required to promote from Test to Acc • API Owner initiates minor version (non-breaking) update to promoted API from Dev portal
  • 20. akana.com20 | Akana by Perforce © 2020 Perforce Software, Inc. 1 - API in Dev with Metadata (Tags)
  • 21. akana.com21 | Akana by Perforce © 2020 Perforce Software, Inc. 2 - API Owner Requests Dev Approval
  • 22. akana.com22 | Akana by Perforce © 2020 Perforce Software, Inc. 3 - Solution Architect Approves API
  • 23. akana.com23 | Akana by Perforce © 2020 Perforce Software, Inc. 4 - Workflow Initiates Auto-Promotion
  • 24. akana.com24 | Akana by Perforce © 2020 Perforce Software, Inc. 5 - API Promoted to Test
  • 25. akana.com25 | Akana by Perforce © 2020 Perforce Software, Inc. 6 - API Promotion to Acc Pending
  • 26. akana.com26 | Akana by Perforce © 2020 Perforce Software, Inc. 7 - Solution Architect Approves API
  • 27. akana.com27 | Akana by Perforce © 2020 Perforce Software, Inc. 8 - API Promoted to Acc (Staging)
  • 28. akana.com28 | Akana by Perforce © 2020 Perforce Software, Inc. 9 - API Status in Dev Tenant Auto-Updated
  • 29. akana.com29 | Akana by Perforce © 2020 Perforce Software, Inc. 10 - API Owner Initiates Reversion for Minor Version Update
  • 30. akana.com30 | Akana by Perforce © 2020 Perforce Software, Inc. Regardless of your size, you still have the same tech requirements. The new Akana SaaS Club gives you our full-featured enterprise API management solution – without the investment or implementation time. QuickStart packages are right-sized to your needs. As you grow, we’ll grow with you! Get started with Akana API Management faster and more affordably than ever before. Akana QuickStart S U G G E S T E D P A C K A G E : 250 Gb/month Total bandwidth in/out of the gateway Learn more at akana.com/akana-quickstart
  • 31. Q&A

Notas do Editor

  1. Abstract:   In the race to unlock new business channels and create more value, there is always a push to develop new APIs. But how do they get from idea to value? And how do you ensure that they are developed not only swiftly, but securely? Strict top-down control destroys speed, but no governance puts you at major risk of regulatory and compliance violations.   Any phase of your API lifecycle - from strategy and design to deployment and optimization – can be the source of vulnerabilities that enable malicious attacks and allow unauthorized access, unapproved APIs, and exposed data.   In this webinar, we explore the API development process: where it originates, how to secure it, and how to maximize automation while preserving developer creativity and speed.   Join Rod Cope, CTO of Perforce Software, and guest speaker Randy Heffner, VP and Principal Analyst from Forrester Research, Inc., as they discuss:   How new APIs originate from new business channels and new web and mobile applications Infusing security throughout the API development process Structuring API delivery workflows to both meet compliance demands and speed development Integrating with CI/CD/DevOps to automate and harden the API lifecycle  
  2. Development Governance - ensure you aren't building same functionality multiple times - ties into Portal capabilities, approval processes - Akana can do it and very few others can - authentication, proxying, having a gateway, rate limiting - automating - not leaving a chance that a policy is not applied, not attaching the right policy, ability to attach policies to meta data Can your API platform really do all of this?
  3. Lifecycle Coordinator highlights: Objective: automated API configuration and promotion through runtime staging environments – eliminate hands-on actions as much as possible and by doing so gain efficiency and reduce potential for error Automated API configuration - API architects can easily define configuration patterns to be automatically applied via extended metadata values Auditable promotion records – Lifecycle Coordinator records all API promotion activities across multiple iterations with full visibility to configuration changes between staging environments Configurable role-based gating – enterprises can easily specify RACI (Responsible/Approver/Commenter/Informed) roles into promotion workflows; these become part of the audit record Integration with CI/CD platforms (e.g., Jenkins) – Lifecycle Coordinator can act as either a master or a slave within an enterprise’s CI/CD architecture When you promote from Dev to Production, can change OAuth domain The keys are: Configurable role-based gating (make gating more generic) RACI - broken down into roles that people have in any governance process -- who is responsible for promoting something into next environment, who approved that, who comments on it / reviews it, who needs to be informed of it -- all of this concept is built into the Akana platform
  4. This is just a sample – not fixed -- there can be as many tasks/approvals as you want.
  5. Promotions are being initiated and governed by the Lifecycle Manager, which drives approvals. In each Promotion (gray arrows), you can change appropriate policies for each instance, and change Oauth domains in each stage.
  6. We typically position this architecture to those who want to be PCI compliant or have a little more security than they are currently doing – i.e. “you need to be doing AT LEAST this much” Advantage of Akana – Lifecycle Manager (pink box) -- managing review/approval side of things before production, so the managers get a notice of a request to do this promotion, and it must be approved before a change is made. Not just about encryption, also about process and architecture.
  7. Customer wrapped in Akana’s architecture We add gateways on top of interaction layer, add a developer portal, add these security/management services along with our Oauth server, etc.
  8. The HTTP Malicious Pattern Detection Policy is used to inspect HTTP messages for content that could be considered dangerous to an API or web service. This policy can be attached based on the metadata (previous slide) If the message content matches any of the expressions identified in the policy as potentially dangerous, the policy rejects the message and returns a fault. This policy uses regular expressions to define the content that could be considered dangerous, that would warrant a message being rejected. Typical uses of this policy are for SQL injection detection or JavaScript detection. You don’t need to order your policies, like with other platforms.
  9. Note: change “Asset Submission” to “API submission” if possible
  10. Same slide title at step #3. Are they both correct?