The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
View analytic
Thursday, January 24 • 12:00pm - 12:25pm
Lightning Talk: Building Cloud-Native Security for Apps and APIs with NGINX

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
NGINX is a very flexible platform that can be enhanced with strong security capabilities -- if you know what components you need and how to cook them. With our set of modules and tricks, everyone can get security visibility and real-time protection against OWASP Top10 attacks, bots, application abuse and potential data leakage issues. We will provide practical methods that your Dev, Sec and Ops teams can use whether NGINX is deployed as an ingress controller, an API gateway, a load balancer or an application server.

# Alerting and visibility
- Building a security dashboard to gain visibility of malicious traffic
- Easy & flexible alerting with NGINX and ElasticSearch
- Elegant analysis of web server log files for anomalies
- Mirroring traffic for async analysis with 3rd party tools

# APIs and microservices security
- Mitigating OWASP Top10 threats (SQL injections, XXE, XSS etc.)
- Up-to-date WAF options overview
- Proper WAF configurations and reducing false-positives.
- Detecting information data leakage events.
- Blocking traffic from Tor, data-centers and malicious IP addresses

# Protecting from bots and behavioral attacks
- Fingerprinting and blocking bots, account take-over attacks and identifying good crawlers (Google bot, etc).
- Catching scrapers with hidden links and honeypots.

# Ingress security:
- How and why to add a security layer on top of NGINX Ingress controller in cloud-native environments.

avatar for Stepan Ilyin

Stepan Ilyin

Co-Founder, Wallarm
Stepan Ilyin is a co-founder and COO of Wallarm, an AI startup focused on the security of websites, microservices and APIs running on public and private clouds. He is a frequent speaker at tech conferences and an author of more than 500 publications for DevOps, developers and security... Read More →

Thursday January 24, 2019 12:00pm - 12:25pm
Club Room