Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
84
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
How to break into API Product Management
paraskakis
0
19
API Best Practices
paraskakis
0
230
Outside-in Development for APIs and Microservices
paraskakis
0
33
Become a Pro at API Management: A declarative approach
paraskakis
0
310
API Design Hands-On Lab
paraskakis
0
53
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
830
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Other Decks in Programming
See All in Programming
RuboCop: Modularity and AST Insights
koic
2
1.4k
監視 やばい
syossan27
11
9.8k
Java 24まとめ / Java 24 summary
kishida
3
500
Golangci-lint v2爆誕: 君たちはどうすべきか
logica0419
1
130
[NG India] Event-Based State Management with NgRx SignalStore
markostanimirovic
1
160
Memory API : Patterns, Performance et Cas d'Utilisation
josepaumard
0
140
VitestのIn-Source Testingが便利
taro28
6
2.1k
AWS で実現する 安全な AI エージェントの作り方 〜 Bedrock Engineer の実装例を添えて 〜 / how-to-build-secure-ai-agents
gawa
8
830
ウォンテッドリーの「ココロオドル」モバイル開発 / Wantedly's "kokoro odoru" mobile development
kubode
1
140
Lambda(Python)の リファクタリングが好きなんです
komakichi
3
210
API for docs
soutaro
2
1.4k
国漢文混用体からHolloまで
minhee
1
200
Featured
See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
5
560
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.4k
Six Lessons from altMBA
skipperchong
27
3.7k
Embracing the Ebb and Flow
colly
85
4.6k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k
Documentation Writing (for coders)
carmenintech
69
4.7k
Producing Creativity
orderedlist
PRO
344
40k
How STYLIGHT went responsive
nonsquared
99
5.5k
Unsuck your backbone
ammeep
670
57k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
23
2.6k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
koic
syossan27
kishida
logica0419
markostanimirovic
josepaumard
taro28
gawa
kubode
komakichi
soutaro
minhee
tammyeverts
addyosmani
denniskardys
skipperchong
colly
thoeni
carmenintech
orderedlist
nonsquared
ammeep
eileencodes
