Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
paraskakis
July 31, 2018
Programming
0
81
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
paraskakis
July 31, 2018
Tweet
Share
More Decks by paraskakis
See All by paraskakis
API Best Practices
paraskakis
0
190
Outside-in Development for APIs and Microservices
paraskakis
0
27
Become a Pro at API Management: A declarative approach
paraskakis
0
300
API Design Hands-On Lab
paraskakis
0
46
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
820
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Easy Data Modeling with MSON (Defrag 2016)
paraskakis
0
99
Other Decks in Programming
See All in Programming
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
600
Ethereum_.pdf
nekomatu
0
460
Less waste, more joy, and a lot more green: How Quarkus makes Java better
hollycummins
0
100
Amazon Qを使ってIaCを触ろう!
maruto
0
400
OnlineTestConf: Test Automation Friend or Foe
maaretp
0
110
AWS Lambdaから始まった Serverlessの「熱」とキャリアパス / It started with AWS Lambda Serverless “fever” and career path
seike460
PRO
1
260
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
470
距離関数を極める! / SESSIONS 2024
gam0022
0
280
Enabling DevOps and Team Topologies Through Architecture: Architecting for Fast Flow
cer
PRO
0
330
Macとオーディオ再生 2024/11/02
yusukeito
0
370
Contemporary Test Cases
maaretp
0
140
Featured
See All Featured
Teambox: Starting and Learning
jrom
133
8.8k
The Language of Interfaces
destraynor
154
24k
Ruby is Unlike a Banana
tanoku
97
11k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Gamification - CAS2011
davidbonilla
80
5k
Building Adaptive Systems
keathley
38
2.3k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Code Review Best Practice
trishagee
64
17k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
iriikeita
righttouch
nekomatu
hollycummins
maruto
maaretp
seike460
zsmb
gam0022
cer
yusukeito
jrom
destraynor
tanoku
sstephenson
bermonpainter
davidbonilla
keathley
lauravandoore
trishagee
addyosmani
soudai
tammyeverts
