/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Defense-In-Depth for API and DevOps Security [Slides]

DZone's Guide to

Defense-In-Depth for API and DevOps Security [Slides]

We must add authorization processes and intelligence to API and DevOps security. Check out this presentation to learn more about creating architectures and UX designs that support mitigation.

by
·
Oct. 09, 18 · Security Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Authorization has come a long way since setting bits in the file system. With the advancements in machine learning, big data, and behavioral profiling, it's time for authorization to take its next generational leap and move into a flexible, risk-based access control model that works in concert with legacy access control policies.

Cloud Authorization engines must focus on adding intelligence to the authorization process with validators that query external platforms for consensus during transactional processing and merry that with emerging threats to any of the entities (users, services, things, locations, etc.) present within the transaction. Threat mitigation options must be designed to rebuild the trust within the transaction or to mitigate the emerging risk by providing consensus via the leveraging of traditional methods, ABAC, RBAC, entitlements, scope, and respond during the transaction with transactional step-up Auth, degradation of Entitlements, reduction in data attributes returned, etc.

In this presentation, we showed how to create architectures and UX flows that support real-time threat mitigation for transactions involving any user, service, or thing.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Like This Article? Read More From DZone

Considering How Machine Learning APIs Might Violate Privacy and Security
Amazon EKS Authentication and Authorization Process
Configure the Header to Carry the Bearer Token

Free DZone Refcard

Securing Mobile Applications With Cert Pinning
DOWNLOAD
Topics:
security ,api ,devops ,ux ,machine learning ,authorization ,authorization processes

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Lightweight plugin for Java and .NET to apply current and historical virtual patches, Critical Patch Updates (CPUs).
Find out how using compiler techniques means 100% Accuracy against common attacks and zero days.
Case Study: Virtual Patching While Under Attack

Security Partner Resources

Lightweight plugin for Java and .NET to apply current and historical virtual patches, Critical Patch Updates (CPUs).
Find out how using compiler techniques means 100% Accuracy against common attacks and zero days.
Case Study: Virtual Patching While Under Attack

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone