Please log in to watch this conference skillscast.
The question is – how do you build your systems in a way that security incidents won't happen even if some components fail. And the data leaks won't occur even if penetration tests are successful.
"Defense in depth" is a security engineering pattern, that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During the talk, Anastasiia will model threats and risks for the modern web application, and improve it by building multiple lines of defence. She will overview high-level patterns and exact tools from the security engineering world and explain them to the modern web devs ;)
She won't: crack real applications, discuss how insecure JWT tokens are, steal WiFi passwords
She will: discuss practical security engineering approaches, cover security controls from complex encryption schemes to modern DevOps tools
YOU MAY ALSO LIKE:
- Hands‑on Microservices Architecture and Design Workshop with Chris Richardson (Online Workshop on 7th - 17th June 2022)
- Domain-Driven Design in Practice with Michael Plöd (Online Workshop on 20th - 22nd September 2022)
- Java Forum (Online Conference on 31st August 2022)
- iSAQB Software Architecture Gathering — Digital 2022: 2-Day Sessions Ticket (Online Conference on 16th - 17th November 2022)
- LDN Talks May 2022 - Quickwit Takeover (in London on 30th May 2022)
- Gravitee APIM Behind Istio Service Mesh (SkillsCast recorded in May 2022)
- Enabling Microservice Success (SkillsCast recorded in May 2022)
"Defense in Depth": Trench Warfare Principles for Building Secure Distributed Applications
Anastasiia Voitova
Anastasiia is a Product Engineer at Cossack Labs.