Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
100
0
Share
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
110
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
47
How to break into API Product Management
paraskakis
0
84
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
60
Become a Pro at API Management: A declarative approach
paraskakis
0
370
API Design Hands-On Lab
paraskakis
0
91
Bring Design Thinking to your API Lifecycle
paraskakis
0
150
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
870
Other Decks in Programming
See All in Programming
From Formal Specification to Property Based Test
ohbarye
0
690
実用!Hono RPC2026
yodaka
2
300
[RubyKaigi 2026] Require Hooks
palkan
1
280
My daily life on Ruby
a_matsuda
2
180
tRPCの概要と少しだけパフォーマンス
misoton665
2
260
検索設計から 推論設計への重心移動と Recall-First Retrieval
po3rin
5
1.5k
AgentCore Optimizationを始めよう!
licux
3
170
書き換えて学ぶTemporal #fukts
pirosikick
2
340
実践ハーネスエンジニアリング:ステアリングループを実例から読み解く / Practical Harness Engineering: Understanding Steering Loops Through Real-World Examples
nrslib
0
150
mruby on C#: From VM Implementation to Game Scripting (RubyKaigi 2026)
hadashia
2
1.5k
10 Tips of AWS ~Gen AI on AWS~
licux
5
540
Firefoxにコントリビューションして得られた学び
ken7253
2
150
Featured
See All Featured
30 Presentation Tips
portentint
PRO
1
290
Amusing Abliteration
ianozsvald
1
160
Exploring anti-patterns in Rails
aemeredith
3
350
Darren the Foodie - Storyboard
khoart
PRO
3
3.3k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
220
Marketing to machines
jonoalderson
1
5.2k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
690
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.4k
Mind Mapping
helmedeiros
PRO
1
180
A Soul's Torment
seathinner
6
2.8k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
530
Designing for Performance
lara
611
70k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
ohbarye
yodaka
palkan
a_matsuda
misoton665
po3rin
licux
pirosikick
nrslib
hadashia
ken7253
portentint
ianozsvald
aemeredith
khoart
samtorres
jonoalderson
.jpg){kind=avatar}
cargoodrich
aleyda
helmedeiros
seathinner
inesmontani
lara
