Upgrade to Pro — share decks privately, control downloads, hide ads and more …

INTERFACE by apidays 2023 - API Standards and S...

apidays
PRO
July 11, 2023
Programming
0
12

INTERFACE by apidays 2023 - API Standards and Shift Left Security, Alex Savage, Advanced

INTERFACE by apidays 2023
APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization
June 28 & 29, 2023

API Standards and Shift Left Security
Alex Savage, Head of Integrations at Advanced

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays
PRO

July 11, 2023
Tweet

More Decks by apidays

See All by apidays
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security Challenges by Eli Arkush, Akamai
apidays
PRO
0
26
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finnlines and Grimaldi Lines by Vesa Vähämaa, Finnlines
apidays
PRO
0
24
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hanna Sillanpaa, Abloy
apidays
PRO
0
17
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
apidays
PRO
0
27
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Testing with K6 by Ayush Goyal, Grafana Labs
apidays
PRO
0
16
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli Kilpeläinen, Betolar
apidays
PRO
0
13
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovský, Thermo Fisher Scientific
apidays
PRO
0
28
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giraldo, ING
apidays
PRO
0
25
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring Them Together by Merja Kajava, Aavista Oy
apidays
PRO
0
13

Other Decks in Programming

See All in Programming
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
0
120
Boost Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
510
GraphQLの魅力を引き出すAndroidクライアント実装
morux2
3
780
Prolog入門
qnighy
4
1k
大公開!iOS開発の悩みトップ5 〜iOSDC Japan 2024〜
ryunakayama
0
190
Patched fetch did not work
quramy
4
400
Swiftコードバトル必勝法
toshi0383
0
170
Hermes: Better Performance with Bytecode Translation (React Universe 2024)
tmikov2023
0
100
今インフラ技術をイチから学び直すなら
yuhta28
1
140
o1モデルのプロンプトエンジニアリングって?
ktc_wada
0
280
Some more adventure of Happy Eyeballs
coe401_
2
190
GraphQL あるいは React における自律的なデータ取得について
quramy
11
3k

Featured

See All Featured
Code Review Best Practice
trishagee
62
16k
Git: the NoSQL Database
bkeepers
PRO
425
64k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Fashionably flexible responsive web design (full day workshop)
malarkey
401
65k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
Debugging Ruby Performance
tmm1
72
12k
[RailsConf 2023] Rails as a piece of cake
palkan
48
4.6k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
BBQ
matthewcrist
83
9.2k
GraphQLの誤解/rethinking-graphql
sonatard
65
9.8k
Build your cross-platform service in a week with App Engine
jlugia
228
18k
Visualization
eitanlees
142
15k

Transcript

  1. Software Powered Possibility API standards and shifting security left Alex

    Savage (He / Him) 6/28/2023
  2. None

  3. Software Powered Possibility About Me Leader of Platform Integrations Team

    (was API C4E) • Standards, tooling + enablement for 800+ global engineering staff Likes: • Adventures with young family • Cars • BBQ • Lego (especially Lego cars) • APIs Alex Savage (He / Him) Head of Integrations @ Advanced https://www.linkedin.com/in/alexandersavage/,

  4. Software Powered Possibility • Safe • Consistent • Reliable •

    Good CX • Performant • Recognizable • Modern

  5. Software Powered Possibility

  6. Software Powered Possibility Consistency at Scale

  7. Software Powered Possibility

  8. Software Powered Possibility

  9. Software Powered Possibility We were not the first https://apihandyman.io/toolbox/apistylebook/ https://dret.github.io/guidelines/

  10. Software Powered Possibility Standardisation obsession Casing Pagination Sorting HTTP Methods

    HTTP Codes Errors Formats Tenancy Versioning Security ….

  11. Software Powered Possibility API / Governance Team Dev Teams

  12. Software Powered Possibility

  13. Software Powered Possibility Good rules + Linter = Great security

    from design onwards Good security No Basic Auth, OAuth Password or Implicit flows… Versioning Request validation AuthN + AuthZ Rate limiting HTTPS Allowed response codes Resource Id formats Pagination Bonus: Casing Look + feel MUST have SHOULD have

  14. Software Powered Possibility Don’t forget API reviews!!! Focused on: Outside

    in perspective Is it a “good” API? Is it safe/secure? What would a consumer think? What advice can I give this team? Review observations may be your next linter rule

  15. Software Powered Possibility DESIGN Design in a language agnostic way

    supported by great standards VALIDATE + REVIEW Automate as much as possible. Don’t forget the human but make it constructive. AUTOMATE / CODE Great design + great code-gen or good prompts for devs TEST Great design = Good tests + Bonus for automation RELEASE + OBSERVE Check traffic vs design. Expect the unexpected 01 02 03 04 05 Summary

  16. Software Powered Possibility Callouts: Security Linting rules https://github.com/stoplightio/spectra l-owasp-ruleset https://github.com/italia/api-oas-

    checker/ https://api.oneadvanced.com/rules/.spectr al.js

  17. Software Powered Possibility