Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Designing Secure APIs with State Machines

Designing Secure APIs with State Machines

Did you ever need to create an application whose behavior varies with its state, while still presenting a consistent interface to its callers? A good, layered design using state machines can help avoid the tedious 'if' checks for flags, and ensure that if your code runs at all, it will run with all the required values initialized. I will demonstrate this with examples, and talk about some available tools and libraries to build state machines in Python.

I will also discuss how to effectively use the process of threat modeling to build secure web applications. Threat modeling is a computer security technique that helps you better understand the systems you create, identify attacks, and build defenses. I will talk about things that we, as software developers, can do to assess the security of our applications in the real world through this process.

Ashwini Oruganti

May 20, 2017

More Decks by Ashwini Oruganti

Other Decks in Programming


  1. Threat Modeling a computer security technique to help defenders understand

    their own systems and drive the process of building better defenses. -https://alexgaynor.net/2016/jul/29/intro-to-threat-modeling/
  2. A state machine is a piece of software that accepts

    input and then (usually) generates a deterministic (probably) output.
  3. “Automat is designed from the perspective of a deep and

    abiding sense of shame” - Glyph, Author
  4. Q. How do I get the current state of a

    state machine? A. You don’t.
  5. If you find yourself writing a lot of if-else checks,

    Remember there’s one or more explicit State Machines to explore. To summarize: