Session: DevSecOps enabled micro-perimeter API protection
Current "Shift Left" DevSecOps approach puts more and more responsibility on Developers. Taking into consideration the current shortage of cyber security specialist among software developers, that can end up with unintended consequences. In my presentation I would like to focus on solution that allows decoupling of the application API security logic from business workloads utilizing the sidecar pattern. This design pattern provides developers an ability to describe security of their services utilizing declarative approach. Configuration artifacts representing security as a code can be then used as part of the DevSecOps pipeline and provide multilevel security for APIs including micro-segmentation, multilevel authorization, communication channel security as well as enabling the service identity. Presentation will include the theoretical concepts as well as the example of real implementation.