2016 last Conference – Devops and API Security


Just comming home from DevopsCon Munich where i was speaking at about “Best Practices for delivering secure WebAPIS”. API Security is realy something that i’m keen on talking about so i was looking forward to do my Session. Unfortunatly it was just one day for me and i was in the last speaking slot that day but still had a decent amount of people attending and asking Questions. It was the last conference for me in 2016. I liked it a lot because there were some great talks e.g. from John Willis about Devops in the context of Enterprise and reasons to invest into Devops. Some takeaways for me were that investing into Humans is more important than into tools. We in IT sometimes fall so deep in love with tools that we forget about the people. The second one was a prototype IT desaster that i will certainly reuse during my talks in future https://en.wikipedia.org/wiki/Knight_Capital_Group They lost 420 Million USD in 45 minutes as they forgot to update a single server in a eight server cluster and finaly got bankrupt. John actually shares his slides here: https://github.com/botchagalupe/my-presentations and i also recommend the DevOpsHandbook he has writen.

Rainer Stropek was doing a great session demoing Docker on Windows and usecases that you can take away for your daliy work. I was pretty impressed by the fact that it is really seamless and that there is no difference between running docker on Windows or Linux.

I really look forward 2017 DevopsCon Conferences, stay tuned for updates.


For thoose who have been in my talk and had some question on Links and References that i used…

Nissan Leaf API Desaster: https://www.troyhunt.com/controlling-vehicle-features-of-nissan

OVUM API Security Survey: https://resources.distilnetworks.com/white-paper-reports/ovum-survey-on-api-security-a-disjointed-affair

Dominos Pizza Payment API: http://www.ifc0nfig.com/dominos-pizza-and-payments/

DDOS on Krebs on Security: https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

Swagger Tools: http://swagger.io/tools/


Last but not least you can also watch the recording from my Session at DevopsCon Berlin which is posted here: https://www.axway.com/en/video/api-lifecycle-best-practices-creation-and-continuous-integrationdelivery-secured-web-apis


Leave a Reply