AppSecCali 2019 Lightning Talk - Building Cloud-Native Security for Apps and APIs with NGINX
NGINX is a very flexible platform that can be enhanced with strong security capabilities -- if you know what components you need and how to cook them. With our set of modules and tricks, everyone can get security visibility and real-time protection against OWASP Top10 attacks, bots, application abuse and potential data leakage issues. We will provide practical methods that your Dev, Sec and Ops teams can use whether NGINX is deployed as an ingress controller, an API gateway, a load balancer or an application server.
# Alerting and visibility
- Building a security dashboard to gain visibility of malicious traffic
- Easy & flexible alerting with NGINX and ElasticSearch
- Elegant analysis of web server log files for anomalies
- Mirroring traffic for async analysis with 3rd party tools
# APIs and microservices security
- Mitigating OWASP Top10 threats (SQL injections, XXE, XSS etc.)
- Up-to-date WAF options overview
- Proper WAF configurations and reducing false-positives.
- Detecting information data leakage events.
- Blocking traffic from Tor, data-centers and malicious IP addresses
# Protecting from bots and behavioral attacks
- Fingerprinting and blocking bots, account take-over attacks and identifying good crawlers (Google bot, etc).
- Catching scrapers with hidden links and honeypots.
# Ingress security:
- How and why to add a security layer on top of NGINX Ingress controller in cloud-native environments.
Speakers
Stepan Ilyin
Co-Founder, Wallarm
Stepan Ilyin is a co-founder and COO of Wallarm, an AI startup focused on the security of websites, microservices and APIs running on public and private clouds. He is a frequent speaker at tech conferences and an author of more than 500 publications for DevOps, developers and security
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...