SecDevOps for API Security: Shift-Left with BDD + DDD (w/ Iwan Eising)

Description

APIs are easy to consume — and hard to secure. In this webinar, Iwan Eising (aka Arc-E-Tect) breaks down how teams can deliver secure APIs by shifting security left using SecDevOps, Behavior-Driven Development (BDD), and Domain-Driven Design (DDD). Instead of relying on last-minute security gates, we explore how to make security a business requirement, turn expectations into testable behaviors, and model domains in a way that makes authorization and data exposure decisions clearer. 🎓 This session is based on Iwan’s APIsec University course: Start Left – API SecDevOps ⸻ ⏱️ Bookmarks 00:00 — Intro + kickoff 00:50 — What “SecDevOps” means (and why it’s not DevSecOps) 01:41 — BDD basics: Given / When / Then for secure APIs 04:42 — Security vs usability: what status codes reveal (401/403/404/409/422) 07:35 — Shifting security left with requirements + cross-functional standards 39:25 — API-first vs contract-driven development (and why it matters) 44:44 — Wrap-up + key takeaways ⸻ 🔗 Links ✅ APIsec University: Start Left – API SecDevOps - https://www.apisecuniversity.com ✅ APIsec BOLT - https://chromewebstore.google.com/detail/apisec-bolt/pahogphomhkblammgnlnlgpiifkbfldi ✅ APIsec MCP Audit Tools - https://apisec-inc.github.io/mcp-audit/ #APIsecurity #SecDevOps #DevSecOps #APIs #BDD #DDD #ShiftLeft #AppSec