Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
90
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
94
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
22
How to break into API Product Management
paraskakis
0
57
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
49
Become a Pro at API Management: A declarative approach
paraskakis
0
340
API Design Hands-On Lab
paraskakis
0
74
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
850
Other Decks in Programming
See All in Programming
『実践MLOps』から学ぶ DevOps for ML
nsakki55
2
470
ゼロダウンタイムでミドルウェアの バージョンアップを実現した手法と課題
wind111
0
210
Flutterアプリ運用の現場で役立った監視Tips 5選
ostk0069
1
510
Vueで学ぶデータ構造入門 リンクリストとキューでリアクティビティを捉える / Vue Data Structures: Linked Lists and Queues for Reactivity
konkarin
1
340
OSS開発者の憂鬱
yusukebe
12
6k
モビリティSaaSにおけるデータ利活用の発展
nealle
1
620
なぜ強調表示できず ** が表示されるのか — Perlで始まったMarkdownの歴史と日本語文書における課題
kwahiro
12
7.2k
Microservices Platforms: When Team Topologies Meets Microservices Patterns
cer
PRO
0
480
Feature Flags Suck! - KubeCon Atlanta 2025
phodgson
0
160
「AWS CDK入門」の前日譚/Prequelto-Introduction-To-AWSCDK
tyumugi1113
0
100
スタートアップを支える技術戦略と組織づくり
pospome
8
11k
Rails Girls Sapporo 2ndの裏側―準備の日々から見えた、私が得たもの / SAPPORO ENGINEER BASE #11
lemonade_37
2
190
Featured
See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
The Cost Of JavaScript in 2023
addyosmani
55
9.3k
RailsConf 2023
tenderlove
30
1.3k
Become a Pro
speakerdeck
PRO
30
5.6k
How GitHub (no longer) Works
holman
315
140k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Designing for Performance
lara
610
69k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Code Review Best Practice
trishagee
72
19k
Embracing the Ebb and Flow
colly
88
4.9k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
nsakki55
wind111
.jpeg){kind=avatar}
ostk0069
konkarin
yusukebe
nealle
kwahiro
cer
phodgson
tyumugi1113
pospome
lemonade_37
mongodb
mraible
addyosmani
tenderlove
speakerdeck
holman
csswizardry
keavy
lara
trishagee
colly
