Secure and Compliant APIs - By Design - Daniel Sandberg & Tobias Ahnoff - NDC Security 2026

Description

This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndc-security.com/ Subscribe to our YouTube channel and learn every day: @NDC Follow our Social Media! https://www.facebook.com/ndcconferences https://twitter.com/NDC_Conferences https://www.instagram.com/ndc_conferences #applicationsecurity #programming #securitytools #testing #devops #owasp #api If you ask 10 developers for a code review, they will identify different issues, and many will miss security concerns like broken access control and lack of input validation. How can a DevOps team in their daily work assert that new features do not introduce vulnerabilities, that security bugs get caught before deploy to production? What are the key questions to ask in a code review? And how can we show that the application code also aligns with requirements from compliance, well-known best practices and internal security policies? This presentation will demonstrate how to build APIs that are both secure and compliant by design; using OWASP ASVS and support from an application security tuned coding agent. Demos will be for an API in .NET with Copilot custom agents.