Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

IT Security Talks Management I

Application Security - quo vadis?

Application security is more than just a web application firewall. We show you where the journey is going.

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: IT Security Talks

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Tue, 15.06.2021, 13:45 - 14:00

event_available Digital

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Cloud Security Data security / DLP / Know-how protection Industry 4.0 / IoT / Edge Computing Network Security / Patch Management SIEM / Threat Analytics / SOC Trend topic

Organizer

Airlock

Event

This action is part of the event IT Security Talks

Action Video

Action description

The evolution of web technologies, DevOps and the emergence of container platforms pose great challenges for security managers. This presentation will highlight the most important aspects they will have to face in the future. The classic web application has had its day Traditional web applications are increasingly being replaced by modern single-page applications (SPA) or native mobile apps. WAF technologies built to protect simple HTML pages are no longer sufficient. The interaction paradigm between client and server has fundamentally changed down to the transport formats. APIs are becoming the new heart of web applications. Challenge #1: Who protects all the APIs? OWASP (the Open Web Application Security Project) is responding to this trend with a new and specialized top ten list for API security, which was first published in late 2019. Because APIs offer a much more direct access to business objects and resources, new risks arise. For example, the authorization of access to objects must not be left to the client. Although SPAs may control access, hackers are not dependent on interaction via the official interface. They can also interact directly with the API. An API Edge Gateway is therefore required. Challenge #2: Authentication and Access Management One of the most important issues when protecting Web resources is Access Control. Who can access which objects and when? There are standards such as OAuth 2.0, OpenID Connect or SAML for this purpose, but these are not included in the scope of delivery of a typical WAF. In order to answer the many "w" questions sensibly, the first thing you need is a suitable authentication solution to determine the identity of the users, who of course do not want to log in anew every time they access. A concept for comprehensive single sign-on on the web and API channel is therefore needed. Moreover, the identities we are talking about here are mostly heterogeneous and include a large number of "external" users, such as customers or partners. So-called cIAM (Consumer IAM) systems offer their services here. They are optimized for large numbers of users and offer a good user experience through integrated UIs for user onboarding and self-services. The handling of Social Identities (BYOI) and a high flexibility in the authentication process (Adaptive Authentication) are crucial here. Challenge #3: Micro Segmentation and DevOps WAFs must reinvent themselves not only on the functional level. New challenges also arise regarding deployment forms. With the emergence of microservice architectures and DevOps, large centralized WAF installations are increasingly being questioned. The necessary coordination between application owners, WAF administrators, developers and the security team leads to loss of efficiency and frustration. It would be better if these tasks could be segmented along the services to be protected. In concrete terms, DevOps teams would have to be able to take responsibility for their services holistically, i.e. including security, and from the first minute to production. In order for this to be possible at all, WAFs must be available as lightweight containers that can be flexibly strapped onto Kubernetes or OpenShift in front of individual services. In this model, the central security appliance guarantees basic security. Integration tasks and the development of security policies are performed close to the service by specialists with detailed knowledge of the services to be protected. A vote for an integrated solution A modern application security solution should be able to meet all these requirements. ... read more

Language: German

Questions and Answers: Yes