Home » Security Bloggers Network » dev up 2023: Leveling up our dev skills, security posture, and careers
by Dwayne McDaniel on September 1, 2023 One theory about the Gateway Arch is that it is a giant staple connecting the Midwest to the Great Plains. Bridging the Mississippi River, it does really connect East to West in the US. It is also home to a vibrant tech community that is working to connect technology and business goals. This community got together to discuss application development, DevOps best practices, and how to stay safe while delivering awesome features and experiences at the St. Charles Convention Center for dev up 2023 .
Over 75 speakers gave talks on a wide range of subjects across more than ten simultaneous tracks . Topics included development language-focused talks such as “C# Past, Present, and Beyond” from Jim Wooley , DevOps best practices including “ARM, Bicep, knees and toes! Infrastructure as code for beginners” from Samuel Gomez , and even career advice talks like From Curiosity to Career: Becoming an Ethical Hacker from Jason Gillam .
While covering every session or lesson learned at dev up 2023 would be impossible, here are some highlights from the event. Scenes from dev up 2023 Azure and API Security
In his session “Demystifying Web API Security in Azure,” Jimmy Bogard started by laying out the short, simple history of how we used to handle authentication when all you needed to worry about was a user connecting to a single web app, namely using cookies. But as we started adding microservices, we suddenly had to start ensuring that apps and services had the right permissions, too. We started implementing Backend-For-Frontends patterns and communicating via APIs.
The rise of Zero Trust architecture means we are now in a world of ‘verify, then temporarily trust.’ While Zero Trust is a great philosophy, it stops short of giving specifications and guidelines, like OAuth lays out . Fortunately for Azure users, there is a clear path leveraging Azure Active Directory.
He referred us to the document on the scenario where a daemon application calls web APIs . […]
Click here to view original web page at securityboulevard.com
