Container Security and Their APIs
Bonus Talk at TBD EDT
Cloud-native application security involves balancing contradictory requirements: the benefits of cloud services in accelerating development, while at the same time handling security in an adverse environment where there are more attack surfaces and opportunities for data breaches. Unfortunately, many security tools do not address the vulnerabilities of APIs that run in those containers. Cloud-native applications expose many internal API services and developers are increasingly using external API services for their applications. Both internal and external API use expose the workload to new vulnerabilities; more strongly, workload security and API security are really two sides to the same coin.
This talk specifically focuses on the security problems and vulnerabilities exposed through APIs, and introduces Cisco’s Panoptica, a tool for discovering, managing, and repairing these vulnerabilities, and APIClarity, Panoptica’s open source core.