Mr. Anirudha Karandikar

API Security in DevSecOps:Built In, Not Bolted On

Abstract: 

 “API Security in DevSecOps: Built In, Not Bolted On” APIs are the backbone of modern digital ecosystems, enabling seamless integration and data exchange across platforms. However, the rapid proliferation of APIs has made them a prime target for security threats, with misconfigurations and vulnerabilities leading to significant risks. This talk, “API Security in DevSecOps: Built In, Not Bolted On,” emphasizes the critical need for proactive and integrated security practices within the software development lifecycle (SDLC). The session highlights the Security First Principle, advocating for embedding security into every phase of API design, development, testing, release, and operations. Key topics include best practices for securing APIs, such as robust authentication methods, encryption, rate limiting, and continuous monitoring. The talk also introduces advanced techniques like automated security testing, dependency management, and using infrastructure-as-code tools to mitigate vulnerabilities effectively. Attendees will gain insights into leveraging DevSecOps principles to foster collaboration between development, security, and operations teams, ensuring APIs are secure by design. Real-world examples and actionable strategies are provided to address challenges such as bot attacks, resource exhaustion, and misconfigured access controls. The session concludes with a call to action for adopting a security-first mindset, emphasizing that safeguarding APIs is essential for building resilient, trustworthy digital ecosystems.