Farshad Abasi

Farshad Abasi

Founder & CSO, Forward Security

Farshad Abasi is an innovative technologist with over twenty-four years of experience in software design and development, network and system architecture, cybersecurity, management, and technical instruction. With a keen interest in security from the start, he has become an expert in that aspect of computing and communication over the last twenty years. He started Forward Security in 2018, with a mission to provide world-class information security services, particularly in the Application and Cloud security domains. Prior to creating Forward, he was a senior member of HSBC Group’s IT Security team with the most recent positions being the Principal Global Security Architect and Head of IT Security of the Canadian division. Farshad is continuing an eighteen-year stint as an instructor at BCIT where he shares his passion for information and network security, helping others build a career in this exciting field. He is also the security correspondent for CFAX radio, BSides Vancouver/MARS board member, Vancouver OWASP chapter lead, a CISSP designate, and a UBC CS alumnus.

Presentation Abstract

Farshad Abasi - Securing Modern API and Microservices-based Applications by Design

Many applications are being modernized by leveraging APIs and being decomposed into smaller units typically living in containers. These involve many new tools and technologies that are not always well understood, leading to a poor application security posture. Many application architects and developers who take advantage of these architectures lack the knowledge to apply the required security controls. The ideas, principles, and concepts such as API gateways, end-to-end trust, authentication, and authorization discussed in this presentation have existed for some time. But this presentation brings it all together to provide a blueprint for modern API and microservices-based application security. Learning Objectives: Gain a high-level understanding of modern API and services/microservices based application architectures. Become aware of key security concerns with these application architectures. Understand how to best secure application microservices and their APIs.