Speakers
Synopsis
This topic covers security considerations for the entire lifecycle of Cloud-Native Application development. (CNAPP & WAAP)
Application modernization has given a rise to cloud-first decentralized and distributed small, loosely coupled microservices and in turn API endpoints. This modern app development has expanded the threat surface and have introduced unforeseen risks due to complex software supply chains and third-party integrations.
There is no definitive guide to protect the Web Applications in this highly opinionated security frameworks.
There is an overarching Cloud Native Application Protection Platform (CNAPP) the includes asset and cloud security. CNAPP has various modules like vulnerability detection, Software Composition Analysis, CI Build Pipeline Security, IaC security, Cloud Misconfiguration, Cloud Compliance, Secrets and Malware detections and easy integrations. Every secure web application development starts from the build phase and extends to runtime protection of cloud environments.
Web Application and API Protection (WAAP) provides protection for web applications from a broad range of runtime attacks. It also has additional security checks like Open Web Application Security Project (OWASP) Top 10, Runtime Vulnerabilities, API security, Compliance, Misconfigurations and Web Malware etc. Additionally, proactively scanning REST/SOAP APIs hosted by the microservices, API connectors can help secure the web traffic and prevent exploitations.
Fostering strong collaboration between AppSec & DevSecOps for faster remediation by integrating scanning in CI/CD pipelines (Shift Left), and integration with ITSM ticketing systems (Shift Right).
The perfect match for end-to-end protection of cloud native web applications is of Cloud Native Application Protection Platform (CNAPP) and Web Application and API Protection (WAAP).
Finally, always associate enterprise risk across everything including your Web Application and Cloud.
