AppSec California 2020

The current "Shift Left" DevSecOps approach puts more and more responsibility on Developers. Taking into consideration the current shortage of cybersecurity specialists among software developers, that can end up with unintended consequences. In my presentation, I would like to focus on a solution that allows the decoupling of the application API security logic from business workloads utilizing the sidecar pattern. This design pattern provides developers an ability to describe the security of their services utilizing the declarative approach. Configuration artifacts representing security as a code can be then used as part of the DevSecOps pipeline and provide multilevel security for APIs, including micro-segmentation, multilevel authorization, communication channel security, as well as enabling the service identity. The presentation will include the theoretical concepts as well as the example of a real implementation.