Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
paraskakis
July 31, 2018
Programming
0
83
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
paraskakis
July 31, 2018
Tweet
Share
More Decks by paraskakis
See All by paraskakis
API Best Practices
paraskakis
0
210
Outside-in Development for APIs and Microservices
paraskakis
0
30
Become a Pro at API Management: A declarative approach
paraskakis
0
310
API Design Hands-On Lab
paraskakis
0
47
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
820
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Easy Data Modeling with MSON (Defrag 2016)
paraskakis
0
99
Other Decks in Programming
See All in Programming
Scaling your build logic
antalmonori
1
130
Package Traits
ikesyo
2
220
Lookerは可視化だけじゃない。UIコンポーネントもあるんだ!
ymd65536
1
130
動作確認やテストで漏れがちな観点3選
starfish719
5
600
CNCF Project の作者が考えている OSS の運営
utam0k
5
550
AHC041解説
terryu16
0
510
Azure AI Foundryのご紹介
qt_luigi
1
240
チームの立て直し施策をGoogleの 『効果的なチーム』と見比べてみた
maroon8021
0
160
20241217 競争力強化とビジネス価値創出への挑戦:モノタロウのシステムモダナイズ、開発組織の進化と今後の展望
monotaro
PRO
0
340
ある日突然あなたが管理しているサーバーにDDoSが来たらどうなるでしょう?知ってるようで何も知らなかったDDoS攻撃と対策 #phpcon.2024
akase244
2
7.8k
Beyond ORM
77web
11
1.6k
Linux && Docker 研修/Linux && Docker training
forrep
16
3.1k
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
A Philosophy of Restraint
colly
203
16k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.3k
Producing Creativity
orderedlist
PRO
343
39k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Building an army of robots
kneath
302
45k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.5k
Designing Experiences People Love
moore
139
23k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
113
50k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
antalmonori
ikesyo
ymd65536
starfish719
utam0k
terryu16
qt_luigi
maroon8021
monotaro
akase244
77web
forrep
hatefulcrawdad
colly
mraible
orderedlist
bermonpainter
kneath
aarron
stephaniewalter
kevinliebholz
moore
marcduiker
aki_iinuma
