OPEN TALK (API): Rest Assured...API Security Testing Automation for CICD

Oliver Moradov
NeuraLegion, VP

Oli is VP of NeuraLegion's developer focussed security testing platform, helping developers understand how they can run seamless, fast and accurate security tests on every build for their WebApps and APIs.

Oli works closely with security and engineering teams globally to help them ship secure software more efficiently and is passionate about automation, CI/CD and DevOps / DevSecOps.

Oli has has spoken at many conferences internationally and is a regular at developer and security related events and meetups

APIs are everywhere, leading the digital transformation age. With 90% of all web traffic being via API calls, the attack surface and threat model has changed exponentially.

Agile development and rapid release cycles with iterative changes leaves APIs vulnerable to attack, however security testing of APIs has not kept up with this pace.

Security testing automation is key, integrated as part of your pipelines to put developers into the security testing driving seat, to rely less on manual testing and produce secure APIs by design.

Traditional security scanners are a blocker to this automation. They are hard to use, impossible to integrate, not developer friendly and produce too many false positives. This results in crippling human bottlenecks that stifle CI/CD, whether it's the need for security to constantly tweak scanners or the drain of manually validating vulnerabilities.

Either way, technical and security debt is compounded, resulting in insecure product hitting production. Change is needed, and fast.

In this session Oliver will discover:

1. Key features that your dev-first security tools needs to enable developers to take ownership of security

2. How you can detect, prioritise and remediate security issues early, automated in the pipeline, for your REST, SOAP and GraphQL APIs

3. Insights into reducing the noise of false alerts to remove your manual bottlenecks to shift left

4. Steps you can take to achieve security testing automation as part of your CI/CD, to test your applications and APIs