Thursday
Room 3
15:00 - 16:00
(UTC+01)
Talk (60 min)
Secure and Compliant APIs - By Design
If you ask 10 developers for a code review, they will identify different issues, and many will miss security concerns like broken access control and lack of input validation.
How can a DevOps team in their daily work assert that new features do not introduce vulnerabilities, that security bugs get caught before deploy to production? What are the key questions to ask in a code review? And how can we show that the application code also aligns with requirements from compliance, well-known best practices and internal security policies?
This presentation will demonstrate how to build APIs that are both secure and compliant by design; using OWASP ASVS and support from an application security tuned coding agent.
Demos will be for an API in .NET with Copilot custom agents.
Daniel Sandberg
Daniel Sandberg is a Senior Software Architect with 20 years of experience designing scalable, high-performance systems. He combines deep architectural expertise with a strong focus on building reliable and secure solutions that meet modern business needs.
Tobias Ahnoff
Tobias Ahnoff is an experienced developer and architect with focus on application security. He specializes in implementing authentication flows and authorization for web applications and APIs that manage sensitive data in the bank, finance, and health sectors. He performs security reviews and penetration tests as part of Omegapoint Cybersecurity, contributes to the OWASP ASVS working group and is a co-author of http://securityblog.omegapoint.se/