SaaS applications typically have public APIs, and must be concerned with securing these APIs. Buchi Reddy answered many security questions on the SaaS Developer slack community, and we invited him to chat about his approach to API Security and how he sees the future of secure SaaS products.
Buchi and Gwen followed up and shared resources on the SaaS Developer Slack – secure container images and opinions on JWT tokens. Join us in the community to continue the discussion: https://launchpass.com/all-about-saas
And maybe you’ll want to take Buchi on his offer to find all your API security issues in 5 minutes?
Chapters:
1:15 – What’s API security
4:19 – Where to start?
8:20 – ebpf
11:39 – prioritizing security issues
14:00 – chasing vulnerabilities and dependencies
20:21 – what engineers need in security reports
23:15 – can we replace pen-testers?
27:52 – devsecops and shift left
34:00 – compliance and certifications
37:00 – top mistakes developers make
41:00 – Is JWT secure?
45:00 – future of saas security
47:15 – security layers
source
