Alumni/Industry Lecture: Farshad Abasi - Securing Modern API and Services/MicroServices-based Applications By Design

Date: 
Thursday, November 22, 2018 | 6:00pm - 7:30pm

Title: Securing Modern API and Services/MicroServices-based Applications By Design

Speaker: Farshad Abasi, Co-Founder/Director of Application and Cloud Security, Mirai Security Inc.; CTO/CISO, Machool Technologies

Date: Thurs. Nov 22, 2018

Time: 6 - 7:30 pm.  Networking starts at 6 pm, talk begins at 6:30 pm. Light refreshments will be served.

Location: ACL, 14th Floor, 980 Howe St. Vancouver

RSVP: Please rsvp below

Abstract:

Applications have taken many forms over the years, from single to multi-user, client-server, and distributed architectures. For the most part, these applications followed a monolithic design where various functions lived together inside a walled garden or trust boundary. These functions communicated primarily via memory or the local filesystem, removing the possibility of the network as an attack vector. With the advent of SOA (Service-Oriented Architecture) and microservices, the walls have fallen, and modern applications are being decomposed into discrete and independent units of functionality. Each component usually lives inside a container and is accessible over the network through an exposed API (typically RESTful). This results in flexible and independently deployable components, suitable for DevOps and Agile models.

At the same time, this requires having the right security controls in place to create a similar level of trust between these newly-decoupled units as existed previously when they lived closely together and communicated locally within the same application trust boundary. End-to-end trust needs to be maintained from the time user authentication takes place, all the way through to the end of the user journey across the various units of the application. In addition, the tools and technologies used to facilitate these modern architectures such as container engines and orchestration tools are fairly new and not mature or fully understood, leading to risks from misconfiguration or vulnerabilities that need to be addressed.

This presentation is targeted to application as well as security architects, developers, or anyone else who is dealing with these modern service-based applications and requires practical knowledge on how to best secure these applications. We will further this topic by bringing together the difference security concepts and required controls such as end-to-end trust and policy enforcement points into a single high level architecture pattern that can be applied when building services or microservices based applications.

Bio:

Farshad Abasi is an innovative technologist with over twenty years of experience in software design and development, network and system architecture, management, and technical instruction. With a keen interest in security from the start, he has become an expert in that aspect of computing and communication over the last 15 years. He is currently a partner at Mirai Security as well as the CTO/CISO at Machool Technologies. He spent the last decade as a senior member of HSBC Group's IT Security team with the most recent positions being the Principal Global Security Architect, and Head of IT Security for the Canadian division. In addition, Farshad is continuing a fifteen year stint as an instructor at BCIT where he shares his passion for information and network security, helping others build a career in this exciting field. He is also the security correspondent for CFAX radio, BSides Vancouver/MARS board member, Vancouver OWASP chapter lead, a CISSP designate, and a UBC CS alumnus.

Thanks to the following companies for sponsoring this event:

Hootsuite

Sign up for Alumni/Industry Lecture: Farshad Abasi - Securing Modern API and Services/MicroServices-based Applications By Design
Please provide an e-mail address so we can notify you of any changes or cancellations. Any address is fine. If you are a CS member please sign up on My CS.

a place of mind, The University of British Columbia

 

ICICS/CS Building 201-2366 Main Mall
Vancouver, B.C. V6T 1Z4 Canada
Tel: 604-822-3061 | Fax: 604-822-5485
General: help@cs.ubc.ca
Undergrad program: undergrad-info@cs.ubc.ca
Graduate program: grad-info@cs.ubc.ca

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia