Oct 17, 2025 – Jeremy Snyder – EMBEDDING API SECURITY BY DESIGN INTO DEVOPS PIPELINES

Recently, I did a presentation titled “Embedding API Security by Design into DevOps Pipelines” at DevOps institute. The video is available for review on the post-event page here (registration required).

‍

Also, the good people at Mind’s Eye Creative produced a really nice graphic that helps explain the message that I was trying to convey.

Embedding API security into DevOps pipelines

Here’s a tl;dr version of what I hoped to communicate in this presentation:

* Organizations are moving towards more platform-as-a-service (PaaS) offerings
* Part of the motivation for doing this is more API-oriented architecture
* But cyber attacks against APIs are actually increasing pretty rapidly, with very real impact and lots of sensitive data leaked
* The main attack vectors (authentication, probing, authorization, injection / bad requests) are things that can be easily detected and controlled at the application layer
* As such, defining the security controls around those can and should be done in your API
* Helper files and dedicated libraries can then check the validity of API requests in real-time

IMPLEMENTING REAL-TIME API SECURITY IS POSSIBLE, AND SHOULD BE EASY. THAT’S WHERE FIRETAIL HOPES TO HELP.

Please contact us if you’d like to discuss how.

*** This is a Security Bloggers Network syndicated blog from FireTail - AI and API Security Blog authored by FireTail - AI and API Security Blog. Read the original post at: https://www.firetail.ai/blog/devops-institute-skilup-presentation-embedding-api-security-design-devops-pipelines