42CRUNCH BLOG


Developer Week NYC 2020 [Virtual]


Developer Week NYC 2020 Virtual Event | December 9th – 10th

DeveloperWeek New York 2020 is the East Coast’s largest developer & software engineering conference & expo with tracks covering Javascript, API & Microservices, Containers & Kubernetes, Blockchain, AI, Machine Learning & Data Science and more!

Get your free open pass here and a promotion code with a $150 discount will be applied automatically to your order — making your OPEN Pass completely free (or allowing you to purchase a PRO or Premium Pass at a $150 discount).

 

 

API Security in a Kubernetes World

Wednesday, December 9, 2020, 1:30 PM EST – 1:55 PM EST

 

Securing APIs deployed in Kubernetes implies securing the infrastructure but also the APIs themselves. Having a perfectly setup cluster, with all possible protections in place unfortunately is only one aspect of the recent OWASP Top10 for API Security. Other issues such as data leakage, mass assignment or broken authentication must be handled at the application level.

Learning from other’s mistakes:
The publication of the OWASP API Security Top 10 marks a corner stone in the API Security history. Finally, there is a global recognition that applications based on APIs require different protection. In the past year or so, more than 200 breaches have been published on apisecurity.io. Some very well known names are on that list: T-Mobile, Facebook, and Uber to name a few. What did they do wrong? How can we learn from their mistakes and take an approach that prevents most common API security issues.

The Kubernetes specifics:
API security is not specific to Kubernetes. But Kubernetes deployments, usually created to run microservices-based, decoupled applications, make some API security worse. To start with, the sheer number of APIs to manage and protect. In Kubernetes deployments, everything is an API. Enterprises end up having to protect 1000’s of endpoints, and to make it worse, those endpoints get re-deployed very frequently. DevSecOps anyone?

Pragmatism is key:
Our goal in this talk is to share pragmatic, direct actionable best practices. We present a methodology to “pick your battles” and focus on the most critical issues first. You will leave this with either the great satisfaction that you’ve already done a good job to protect your APIs or an actionable TO-DO list to address immediate issues.

 

Try our security audit for free. If you want to see the whole platform in action, request a demo now!