Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

it-sa 365: Header Desktop Ergon
IT Security Talks Management I

Application Security - quo vadis?

Application security is more than just a web application firewall. We show you where the journey is going.

calendar_today Tue, 15.06.2021, 13:45 - 14:00

event_available Digital

Action Video


Action description





Cloud Security Data security / DLP / Know-how protection Industry 4.0 / IoT / Edge Computing Network Security / Patch Management SIEM / Threat Analytics / SOC Trend topic



This action is part of the event IT Security Talks

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

The evolution of web technologies, DevOps and the emergence of container platforms pose great challenges for security managers. This presentation will highlight the most important aspects they will have to face in the future. The classic web application has had its day Traditional web applications are increasingly being replaced by modern single-page applications (SPA) or native mobile apps. WAF technologies built to protect simple HTML pages are no longer sufficient. The interaction paradigm between client and server has fundamentally changed down to the transport formats. APIs are becoming the new heart of web applications. Challenge #1: Who protects all the APIs? OWASP (the Open Web Application Security Project) is responding to this trend with a new and specialized top ten list for API security, which was first published in late 2019. Because APIs offer a much more direct access to business objects and resources, new risks arise. For example, the authorization of access to objects must not be left to the client. Although SPAs may control access, hackers are not dependent on interaction via the official interface. They can also interact directly with the API. An API Edge Gateway is therefore required. Challenge #2: Authentication and Access Management One of the most important issues when protecting Web resources is Access Control. Who can access which objects and when? There are standards such as OAuth 2.0, OpenID Connect or SAML for this purpose, but these are not included in the scope of delivery of a typical WAF. In order to answer the many "w" questions sensibly, the first thing you need is a suitable authentication solution to determine the identity of the users, who of course do not want to log in anew every time they access. A concept for comprehensive single sign-on on the web and API channel is therefore needed. Moreover, the identities we are talking about here are mostly heterogeneous and include a large number of "external" users, such as customers or partners. So-called cIAM (Consumer IAM) systems offer their services here. They are optimized for large numbers of users and offer a good user experience through integrated UIs for user onboarding and self-services. The handling of Social Identities (BYOI) and a high flexibility in the authentication process (Adaptive Authentication) are crucial here. Challenge #3: Micro Segmentation and DevOps WAFs must reinvent themselves not only on the functional level. New challenges also arise regarding deployment forms. With the emergence of microservice architectures and DevOps, large centralized WAF installations are increasingly being questioned. The necessary coordination between application owners, WAF administrators, developers and the security team leads to loss of efficiency and frustration. It would be better if these tasks could be segmented along the services to be protected. In concrete terms, DevOps teams would have to be able to take responsibility for their services holistically, i.e. including security, and from the first minute to production. In order for this to be possible at all, WAFs must be available as lightweight containers that can be flexibly strapped onto Kubernetes or OpenShift in front of individual services. In this model, the central security appliance guarantees basic security. Integration tasks and the development of security policies are performed close to the service by specialists with detailed knowledge of the services to be protected. A vote for an integrated solution A modern application security solution should be able to meet all these requirements. ... read more

Language: German

Questions and Answers: Yes


This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.