Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
91
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
99
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
31
How to break into API Product Management
paraskakis
0
71
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
54
Become a Pro at API Management: A declarative approach
paraskakis
0
350
API Design Hands-On Lab
paraskakis
0
82
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
860
Other Decks in Programming
See All in Programming
Lambda のコードストレージ容量に気をつけましょう
tattwan718
0
110
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
rkaga
4
2k
AtCoder Conference 2025
shindannin
0
1k
高速開発のためのコード整理術
sutetotanuki
1
390
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
190
Fragmented Architectures
denyspoltorak
0
150
組織で育むオブザーバビリティ
ryota_hnk
0
170
CSC307 Lecture 07
javiergs
PRO
0
550
Architectural Extensions
denyspoltorak
0
270
2026年 エンジニアリング自己学習法
yumechi
0
130
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
190
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
kamina_zzz
0
400
Featured
See All Featured
Producing Creativity
orderedlist
PRO
348
40k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
110
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Darren the Foodie - Storyboard
khoart
PRO
2
2.3k
Making Projects Easy
brettharned
120
6.6k
Code Review Best Practice
trishagee
74
20k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
290
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
130
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
250
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
tattwan718
rkaga
shindannin
sutetotanuki
momok47
denyspoltorak
ryota_hnk
javiergs
yumechi
tasshi
kamina_zzz
orderedlist
chrisshort
sabderemane
lfama
khoart
brettharned
trishagee
jct
techseoconnect
jcasabona
reverentgeek
hatefulcrawdad
