"Defense in depth": trench warfare principles for building secure web applications

It comes to no surprise, that any micro-services, any security controls you use to build applications – will eventually be broken (or fail). Under certain pressure, some components will fail together. 

The question is – how do we build our systems in a way that security incidents won't happen even if some components fail. And the data leaks won't occur even if penetration tests are successful.

"Defense in depth" is a security engineering pattern, that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During the talk, we will model threats and risks for the modern web application, and improve it by building multiple lines of defence. We will overview high-level patterns and exact tools from the security engineering world and explain them to the modern web devs ;)