Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
89
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
93
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
20
How to break into API Product Management
paraskakis
0
54
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
47
Become a Pro at API Management: A declarative approach
paraskakis
0
330
API Design Hands-On Lab
paraskakis
0
71
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
850
Other Decks in Programming
See All in Programming
ビルドプロセスをデバッグしよう!
yt8492
0
130
テーブル定義書の構造化抽出して、生成AIでDWH分析を試してみた / devio2025tokyo
kasacchiful
0
340
バッチ処理を「状態の記録」から「事実の記録」へ
panda728
PRO
0
210
AIと人間の共創開発!OSSで試行錯誤した開発スタイル
mae616
2
830
AkarengaLT vol.38
hashimoto_kei
1
130
Towards Transactional Buffering of CDC Events @ Flink Forward 2025 Barcelona Spain
hpgrahsl
0
120
Vue 3.6 時代のリアクティビティ最前線 〜Vapor/alien-signals の実践とパフォーマンス最適化〜
hiranuma
2
280
Swift Concurrency 年表クイズ
omochi
3
190
Blazing Fast UI Development with Compose Hot Reload (Bangladesh KUG, October 2025)
zsmb
2
430
GC25 Recap: The Code You Reviewed is Not the Code You Built / #newt_gophercon_tour
mazrean
0
130
pnpm に provenance のダウングレード を検出する PR を出してみた
ryo_manba
1
170
Dive into Triton Internals
appleparan
0
270
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
57
6k
Agile that works and the tools we love
rasmusluckow
331
21k
The Cult of Friendly URLs
andyhume
79
6.6k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.7k
Unsuck your backbone
ammeep
671
58k
Designing for humans not robots
tammielis
254
26k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.5k
Keith and Marios Guide to Fast Websites
keithpitt
411
23k
Documentation Writing (for coders)
carmenintech
75
5.1k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
yt8492
kasacchiful
panda728
mae616
hashimoto_kei
hpgrahsl
hiranuma
omochi
zsmb
mazrean
ryo_manba
appleparan
palkan
rasmusluckow
andyhume
pedronauck
chrisshort
reverentgeek
ammeep
tammielis
bcantrill
keithpitt
carmenintech
jeffersonlam
