Microservices architectures (as well as the general trend to cloud computing, mobile- and rich web applications, IoT) led to proliferation of APIs (
according to Akamai, 83% of web traffic is now API traffic). What used to be an internal call between application components in the world of monolithic applications of the past, is now an API call often made over public network and susceptible to attacks.
DevOps approach unwillingly exacerbated the problem. It enabled dev teams to move faster spinning up more microservices and rapidly iterating over their releases.
This is a huge expansion of the attack surface:
Gartner estimates that by 2021 exposed APIs will form a larger attack surface than UIs for 90% of web-enabled applications. And also a huge challenge, because rapid agile iterations of hundreds if not thousands of APIs within a single company makes it impossible for the security team to manually control and enforce security policies and best practices across all of them.
With the ever rising privacy and cybersecurity requirements and the potential catastrophic consequences of a breach, companies are turning to DevSecOps approach to enable automated security static analysis and security testing as part of their CI/CD pipelines.
In this session, we will discuss these trends and the practical steps of establishing security by design practices in your company.
