Upgrade to Pro — share decks privately, control downloads, hide ads and more …

¿API primero? Seguridad primero: lo que necesitas saber para crear APIs seguras

¿API primero? Seguridad primero: lo que necesitas saber para crear APIs seguras

API First? Security first: what you need to know in order to create secure APIs

Several tools and frameworks such Angular, Ember, React and Flight among others as well as mobile development depend on an API to communicate with your application back-end.

In this talk, we'll anayize common errors in both creation and consumption of APIs and how to mitigate those failures as well as exploring the anatomy of a secure API

Talk presented during Software Guru Conference and Expo in Mexico City, Mexico


Fernando Perales

July 02, 2015

More Decks by Fernando Perales

Other Decks in Programming


  1. Fernando Perales Software Engineer @ Crowd Interactive FLOSS Advocate /(.*)

    metal and lover/ Passionate about web development and lean startup
  2. “REST's client–server separation of concerns simplifies component implementation, reduces the

    complexity of connector semantics, improves the effectiveness of performance tuning, and increases the scalability of pure server components.”
  3. An attempt to make a machine or network resource unavailable

    to its intended users. https://en.wikipedia.org/wiki/Denial-of-service_attack
  4. SQL injection is a code injection technique, used to attack

    data- driven applications, in which malicious SQL statements are inserted into an entry field for execution https://en.wikipedia.org/wiki/SQL_injection
  5. An attack technique used to uncover hidden web site content

    and functionality. By making educated guesses, the attack is a brute force search looking for content that is not intended for public viewing. http://www.infosecpro.com/applicationsecurity/a54.htm
  6. me

  7. Charles can be used as a man-in- the-middle HTTPS proxy,

    enabling you to view in plain text the communication between web browser and SSL web server.