Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Apidays Paris 2023 - IAM for API security strat...

apidays
December 15, 2023

Apidays Paris 2023 - IAM for API security strategy, Danielle Kayumbi, Deezer

Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023

IAM for API security strategy
Danielle Kayumbi, IAM for API security strategy, Deezer

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

December 15, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. 90% of breaches targeted Applications and APIs 2022 APIs become

    “Most frequent attack vector” https://lab.wallarm.com/evolution-of-api-security-in-2023-a-practical-guide/
  2. API attacks will jump nearly 1 000 % by 2030

    https://siliconangle.com/2023/07/27/api-cyberattacks-projected-jump-nearly-tenfold-2030/
  3. In 2016, Nissan Leaf Allowed to control remotely the climate,

    the charge of the battery and get the driving range
  4. A simple denial-of-service attack has the potential to kill. Pacemaker

    https://www.theguardian.com/technology/2017/aug/31/hacking-risk-recall-pacemakers-patient-death-fears-fda-firmware-update
  5. What do we need to expose ? Who are your

    users now ? In the future ? What’s the worst thing someone can do with your API ?
  6. GraphQL Authorization request Client Authorization server Resource server Authorization grant

    Authorization grant Access token (role, scope) Resource owner
  7. GraphQL Authorization request Client Resource owner Authorization server Resource server

    Authorization grant Access token (role, scope) Resources Authorization grant Access token (role, scope) ACL