Wednesday, October 27, 2021
APIs are everywhere, leading the digital transformation age. With 90% of all web traffic being via API calls, the attack surface and threat model has changed exponentially.
Agile development and rapid release cycles with iterative changes leaves APIs vulnerable to attack, however security testing of APIs has not kept up with this pace.
Security testing automation is key, integrated as part of your pipelines to put developers into the security testing driving seat, to rely less on manual testing and produce secure APIs by design.
Traditional security scanners are a blocker to this automation. They are hard to use, impossible to integrate, not developer friendly and produce too many false positives. This results in crippling human bottlenecks that stifle CI/CD, whether it's the need for security to constantly tweak scanners or the drain of manually validating vulnerabilities.
Either way, technical and security debt is compounded, resulting in insecure product hitting production. Change is needed, and fast.
In this session Oliver will discover:
1. Key features that your dev-first security tools needs to enable developers to take ownership of security
2. How you can detect, prioritise and remediate security issues early, automated in the pipeline, for your REST, SOAP and GraphQL APIs
3. Insights into reducing the noise of false alerts to remove your manual bottlenecks to shift left
4. Steps you can take to achieve security testing automation as part of your CI/CD, to test your applications and APIs