Session Description

Microservices architectures, as well as the general shift to cloud computing, mobile and rich web applications and IoT, led to a proliferation of APIs. In fact, according to Akamai, 83 percent of web traffic is now API traffic. What used to be an internal call between application components in the world of monolithic applications of the past, is now an API call often made over public network and susceptible to attacks.

The DevOps approach to software development unwillingly exacerbated the problem. It enabled dev teams to move faster, spinning up more microservices and rapidly iterating over their releases. That means that instead of relatively few APIs that rarely change and can be tightly controlled by the security team, companies now have hundreds - if not thousands - of APIs that get created and change all the time. There is no way any manual security audits can cope with that.

Luckily Jenkins and DevSecOps processes can come to the rescue and allow any company to establish API security while maintaining R&D agility. In this presentation attendees will learn how to create a Jenkins-based DevSecOps process for REST APIs, as well as what security risks to look out for at each stage of the API lifecycle and how to mitigate them. They will also walk away understanding how to implement an end-to-end automated API security model that development, security and operations teams will love.