Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
88
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
88
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
18
How to break into API Product Management
paraskakis
0
48
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
45
Become a Pro at API Management: A declarative approach
paraskakis
0
330
API Design Hands-On Lab
paraskakis
0
69
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
840
Other Decks in Programming
See All in Programming
複雑なドメインに挑む.pdf
yukisakai1225
5
1.2k
1から理解するWeb Push
dora1998
7
2k
そのAPI、誰のため? Androidライブラリ設計における利用者目線の実践テクニック
mkeeda
2
4.8k
ぬるぬる動かせ! Riveでアニメーション実装🐾
kno3a87
1
230
ProxyによるWindow間RPC機構の構築
syumai
3
1.2k
チームのテスト力を鍛える
goyoki
3
990
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
590
「手軽で便利」に潜む罠。 Popover API を WCAG 2.2の視点で安全に使うには
taitotnk
0
880
OSS開発者という働き方
andpad
5
1.7k
Navigating Dependency Injection with Metro
zacsweers
3
5.7k
詳解!defer panic recover のしくみ / Understanding defer, panic, and recover
convto
0
250
Azure SRE Agentで運用は楽になるのか?
kkamegawa
0
2.6k
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Fireside Chat
paigeccino
39
3.6k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Practical Orchestrator
shlominoach
190
11k
Side Projects
sachag
455
43k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
A Modern Web Designer's Workflow
chriscoyier
696
190k
Balancing Empowerment & Direction
lara
3
630
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
yukisakai1225
dora1998
mkeeda
kno3a87
syumai
goyoki
874wokiite
taitotnk
andpad
zacsweers
convto
kkamegawa
stephaniewalter
paigeccino
lynnandtonic
eileencodes
shlominoach
sachag
sugarenia
chriscoyier
lara
bcantrill
lauravandoore
