Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, Graylog

apidays
PRO
May 05, 2024
Technology
0
7

Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, Graylog

API Discovery - From Crawl to Run
Rob Dickinson, VP of Engineering - Graylog

Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays
PRO

May 05, 2024
Tweet

More Decks by apidays

See All by apidays
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by Paolo Malinverno, The Business of Technology
apidays
PRO
0
10
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, APIContext
apidays
PRO
0
11
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, Culture Builder
apidays
PRO
0
10
Apidays New York 2024 - The value of a flexible API Management solution for Open Banking by Steve Melan, State's and Saving's Bank of Luxembourg
apidays
PRO
0
8
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, FinResults
apidays
PRO
0
8
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
PRO
0
9
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the environment by Joanna Reijgersberg-Siew, Avanade
apidays
PRO
0
10
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong, GovTech Singapore
apidays
PRO
0
12
Apidays Singapore 2024 - API : New Economy for Telcos by Rajesh Mhatre, StarHub
apidays
PRO
0
10

Other Decks in Technology

See All in Technology
Laboratories in Science and Technology: Deep Neural Networks
keio_smilab
PRO
3
120
生成AI活用推進の為にやったこと/やらなかったこと
ktc_wada
0
140
YJIT Makes Rails 1.7x faster / RubyKaigi 2024
k0kubun
3
450
QA経験のないエンジニアリング マネージャーがQAのカジュアル面談に出て 苦労していること・気づいたこと / scrum fest niigata 2024
yoshikiiida
2
660
CockroachDB はどのくらい「しぶとい」のか? / How tough is CockroachDB?
kota2and3kan
13
4.9k
AWS アーキテクチャ作図入門/aws-architecture-diagram-101
ma2shita
16
6.7k
OPENLOGI Company Profile for engineer
hr01
1
2.2k
NewSQL Landscape
oracle4engineer
PRO
5
3.2k
The depthes of profiling Ruby - RubyKaigi 2024
osyoyu
0
150
使われないものを作るな!出口から作るデータ分析基盤 / Data Platform Development Starting from the User Needs
amaotone
16
4.6k
多言語化対応における TypeScript の型定義を通して開発のしやすさについて考えた / TSKaigi TypeScript Multilingualization
nabeliwo
2
390
QAエンジニアが伝えたい品質保証の羅針盤 / Compass for Quality Assurance
mii3king
1
330

Featured

See All Featured
A Philosophy of Restraint
colly
197
16k
What's new in Ruby 2.0
geeforr
338
31k
Designing for Performance
lara
601
67k
Web development in the modern age
philhawksworth
203
10k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.7k
How GitHub (no longer) Works
holman
305
140k
The Cult of Friendly URLs
andyhume
74
5.7k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
[RailsConf 2023] Rails as a piece of cake
palkan
28
4.1k
A designer walks into a library…
pauljervisheath
201
23k

Transcript

  1. API DISCOVERY FROM CRAWL TO RUN 1

  2. ڧ

  3. ױ טּ רּ � תּיּ ק ףּךּצּףּשּפֿתּשּ שּׁ� תּמּ רשּנּ

    ףּשּלּ לּ כֿףּשּנּ טּ ﭏ ת כֿטּ ، קּ תּנּ ץטּ פֿלּ כּ ףּשּ ץתּ‌ קּ כּ לּ כֿ צ �

  4. ڨ Why does API discovery matter? • API se c

    urity sta rts with d isc ove ring your a tta c k surfa c e • Ne e d m e tric s to q ua ntify risk & a le rt on c ha ng e s in risk • Ca n’t ha ve m e tric s without a g re e ing wha t to c ount שּׂ לּ ךּ ‌ כֿכֿלּ שּﭏקּ ، סּ טּ ‍ לּ אַ פ �ױ פֿ׃ ‎ סּ לּ כֿלּ אָ טּ כֿלּ שּלּ ‎ ׃ טּ שּכּ אּ שּלּ לּ כּ ףּ רּ רּ לּ כּ ףּ טּ ﭏלּ טּ ﭏﭏלּ שּﭏףּ תּשּ

  5. שׁכֿטּ ךּ צּ ךּ סּ טּ שּנּ לּ פֿ ﭏתּ

    ، תּ‌ כֿ פ � ױ ףּשּ‍ לּ שּﭏתּכֿ، צ כֿלּ טּ ﭏלּ טּ שּ פ � ױ ףּשּ‍ לּ שּﭏתּכֿ، שׁכֿטּ ךּ צּ ךּ סּ טּ שּנּ לּ פֿ ףּשּ כֿףּפֿצּ רּ לּ ﭏכֿףּךּ פֿ מּתּכֿ ، תּ‌ כֿ פ � ױ ףּשּ‍ לּ שּﭏתּכֿ، 5 API d isc ove ry from c ra wl to ru n ﬠ ﭏטּ נּ לּ פֿ תּמּ פ � ױ ק ףּפֿךּ תּ‍ לּ כֿ،

  6. ڪ צ סּ טּ קּקּלּ שּנּ לּ פֿ ףּשּ ךּ

    תּ‌ שּﭏףּשּנּ פ � ױ פֿ • פ �ױ יּ לּ פֿﭏ וֹ כֿטּ ךּﭏףּךּלּ פֿ טּ כֿלּ שּתּﭏ ‎ לּ קּ קּ א‌ שּכּ לּ כֿפֿﭏתּתּכּ

  7. ڪ API discovery example P OST coin b roke r.io/u

    se r { "first_n am e ":”Rob ", "last_n am e ":”Dickin son ", "e m ail":rob @re su rface .io” } g M ‡ Ĩ ήỲ Ρħ Ў ήΐ ļ Ў ۡ Ỳ ήۧ ЌЬήФ ļ ۺ ۤ ℅ Ĩ Ĩ ήЬΡФ ۨ Ф ήΐ ļ Ρۤ ۛ ۤ ڨħ ڪ ڪ Ĩ į ڨŷ�Ĩ Ĩ ℅ ŷ�ڨڨڪ ħ �ħ ﭱ ګ ګۤ ۜ ۤ ℅ Ο ήЬΡФ ۨ ЬЖ į ۤ ۛ ۤ ڪ ۤ ۜ ۤ Ĩ ήỲ Ρۨ Ф ыЊļ ۤ ۛ ۤ = ‡> � ۺ ∆£ “ ‡ Ĩ ήỲ Ρħ Ў ήΐ ļ Ў ۡ Ỳ ήۧ ήЎ į ļ Ў ۺ ۤ ℅ Ĩ Ĩ ήЬΡФ ۨ Ф ήΐ ļ Ρۤ ۛ ۤ ڨħ ڪ ڪ Ĩ į ڨŷ�Ĩ Ĩ ℅ ŷ�ڨڨڪ ħ �ħ ﭱ ګ ګۤ ۜ �ЌЬήФ ļ ۨ Ф ήΐ ļ Ρۤ ۛ ۤ ڪ ڪ ڧĨ į ګ į ℅ �ڧŷŷڨ�ڨį ŷļ �ħ ڧļ ħ � ۺ D^ á ┐ X � Yç ┐ � i E p┐ � l 4┐ i l 4p4Yv┐ D4l 4Ů┐ � Ypá 4l ś┐ Đ � Ypá 4l ś┐ ę

  8. 8 � לּ טּ פֿתּשּטּ יּ קּלּ ‎ טּ ،

    פֿ ﭏתּ §Ÿˆ ‘ Ú ┐ � i E Î • צ תּ‌ שּﭏ מּ‌ קּ קּ ، בֿ ‌ טּ קּ ףּמּףּלּ כּ כּ תּרּ טּ ףּשּ שּטּ רּ לּ פֿ ֿ ש� ק � פֿ׀ • צ תּ‌ שּﭏ ש� ק � ׂ רּ לּ ﭏסּ תּכּ ׂ וֹ טּ ﭏסּ ֿ ‌ שּףּבֿ ‌ לּ כֿתּ‌ ﭏלּ פֿ׀ • צ תּ‌ שּﭏ פ �ױ סּ תּפֿﭏפֿג ךּתּשּﭏטּ ףּשּלּ כֿפֿ ֿ וֹ סּ ، פֿףּךּטּ קּ ֽ ‍ ףּכֿﭏ‌ טּ קּ פֿלּ כֿ‍ לּ כֿפֿ׀ • צ תּ‌ שּﭏ ‍ לּ שּכּ תּכֿג פֿ‌ וֹ וֹ קּ ףּלּ כֿג ךּ‌ פֿﭏתּרּ לּ כֿ ףּשּﭏלּ נּ כֿטּ ﭏףּתּשּפֿ ֿ ףּשּﭏלּ כֿשּטּ קּ ‍ פֿ לּ ‏ ﭏלּ כֿשּטּ קּ ׀ • צ תּ‌ שּﭏ פֿוֹ לּ ךּףּמּףּךּטּ ﭏףּתּשּפֿ ֿ � וֹ לּ שּפ �ױ ׀

  9. ګ � וֹ לּ שּפ � ױ ﭏתּ ﭏסּ לּ

    כֿלּ פֿךּ ‌ לּ ∆£ “ ‡ Ĩ ήỲ Ρħ Ў ήΐ ļ Ў ۡ Ỳ ήۧ ЬЖ ļ Ў ۺ ۤ שּЎ Ж Ф ۨ Ρ℅ Ο ļ ۤ ۛ �… ήħ ۤ ۜ ۤ Ε ℅ Ж Ф ۨ Ρ℅ Ο ļ ۤ ۛ �E Ỳ Ĩ ΐ Ỳ ΡЖ ήΡۤ ۜ ۤ ļ Ο ℅ Ỳ Ε ۤ ۛ Ў ήħ Ƿ Ў ļ Ж ЬЎ ŷ℅ Ĩ ļ ۡ Ỳ ή� ۺ GET coin b roke r.io/q u ote { "accou n t_toke n ":"4 b 86cd 3f-ccaf-4 4 5b -b 0 99", "am ou n t_u sd ":"6", "coin _typ e ":"BTC” } P OST coin b roke r.io/ord e r { "accou n t_toke n ":"4 b 86cd 3f-ccaf-4 4 5b -b 0 99", ”q u ote _toke n ":"552cd 9d a -2ff4 -4 d fe -b 2e b ” } D^ á ┐ X � Yç ┐ � i E p┐ � l 4┐ i l 4p4Yv┐ D4l 4Ů┐ Đ ┐ � i E ę ┐ i � vDp

  10. ڧ ﭱ Tracking changes in APIs • Now we ne

    e d to c ount APIs b y life c yc le sta te • “Rog ue ” or “unm a na g e d ” APIs a re ne w & ne e d re vie w • “Prohib ite d ” or “b a nne d ” APIs a re not a p p rove d for use • “Monitore d ” or “sup p orte d ” APIs a re a c tive ly m a inta ine d • “De p re c a te d ” or “zom b ie ” APIs ha ve ne we r ve rsions פ �ױ כּ ףּפֿךּ תּ‍ לּ כֿ، מּכֿתּרּ ךּ כֿטּ ‎ קּ ﭏתּ כֿ‌ שּ

  11. ڧ ڧ ?ŸÁ ┐ §Ÿ‘ Ú ø ‘ ˆ Ÿˆ

    Î ┐ ©ø Î §Ÿł ≠Á ðŚ ┐ Î ≠Õ �τ ©≠Î §Á ø £ ø ‘ ∫ ┐ � i E Î ┐ óÁ ≠┐ £ ≠Î Ú ř┐ 4Љ ŸÎ ≠┐ ó‘ ┐ ø ‘ Ú Á ŸÎ ‰ ≠§Ú ø Ÿ‘ ┐ Á Ÿˆ Ú ≠┐ Ú æóÚ ┐ ‰ Á Ÿł ø ©≠Î ┐ Ú æ≠┐ � i E ┐ Î ‰ ≠§Ť @l � çR^ @┐ � i E ┐ p4+ z l E vç

  12. ڧ ڧ � ‌ טּ שּﭏףּמּ، ףּשּנּ פ � ױ

    כֿףּפֿצּ פֿ • How ha ve re c e nt c ha ng e s a ffe c te d the API a tta c k surfa c e ? • Runtim e b e ha viors/ c onfig ura tion b ring unfore se e n risks • Thre a ts c a n a rise from insid e or outsid e the org a niza tion • The re is no sta nd a rd wa y to c a lc ula te risk sc ore s • Re q ue st a nd re sp onse should b e inc lud e d in risk sc ore s • Risk sc ore s should b e c a lc ula te d a c ross life c yc le g roup s API d isc ove ry from c ra wl to ru n

  13. ڧ ڨ � ףּפֿצּ פֿךּ תּכֿףּשּנּ ‎ ףּﭏסּ ת כֿטּ

    ، קּתּנּ פ �ױ כּ ףּפֿךּ תּ‍ לּ כֿ، מּכֿתּרּ ךּ כֿטּ ‎ קּ ﭏתּ כֿ‌ שּ

  14. ڧ ڨ

  15. שׁװ פ � ׳ אָ � שׂב שתּכֿ טּ כּ

    כּ ףּ ﭏףּ תּשּטּ קּ ףּ שּמּתּכֿרּ טּ ﭏףּ תּשּ כֿלּ נּ טּ כֿכּ ףּ שּנּ ת כֿטּ ، קּ תּנּ פ �ױ ﬠלּ ךּ ‌ כֿףּ ﭏ، וֹ קּ לּ טּ פֿלּ ‍ ףּ פֿףּ ﭏם נּ כֿטּ ، קּ תּנּ ב תּכֿנּ גוֹ כֿתּכּ ‌ ךּ ﭏפֿגטּ וֹ ףּ אפֿלּ ךּ ‌ כֿףּ ﭏ، ג