Explore two critical aspects of application security in this DevSecCon conference talk. Delve into secure coding practices within the Software Development Life Cycle (SDLC) and learn how to identify common vulnerabilities, debug secure code, and integrate security throughout the development process. Then, discover the emerging field of Cloud-native Web Application and API Protection (WAAP), focusing on securing web and API endpoints for cloud-native deployments. Gain insights into open-appsec, an open-source WAAP solution that utilizes machine learning to analyze HTTP/S requests and provide preemptive protection against OWASP Top-10 and zero-day attacks. Learn about deployment options, configuration, and monitoring techniques for effective application security in modern cloud environments.
Securing Applications in SDLC and Cloud-Native Web and API Protection - Sessions 1 and 2
Overview
Syllabus
Introduction
Who am I
Agenda
Perspective
Signatures
Open Absec
Configuration
Open Source Bill
Checkpoint
OpenAppSec
SQL Injection Example
Machine Learning Models
Zero Day
Zero T
Stage 1 Atomic Indicators
Stage 2 User Reputation
Stage 2 Management Options
Pro DevOps
Middleground
Demo
Logs
Management portal
Deployment
Monitoring
Conclusion
Taught by
DevSecCon
