Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
87
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
87
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
18
How to break into API Product Management
paraskakis
0
44
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
45
Become a Pro at API Management: A declarative approach
paraskakis
0
330
API Design Hands-On Lab
paraskakis
0
66
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
840
Other Decks in Programming
See All in Programming
Rancher と Terraform
fufuhu
0
110
Flutter로 Gemini와 MCP를 활용한 Agentic App 만들기 - 박제창 2025 I/O Extended Seoul
itsmedreamwalker
0
150
TanStack DB ~状態管理の新しい考え方~
bmthd
2
330
Langfuseと歩む生成AI活用推進
licux
3
300
Portapad紹介プレゼンテーション
gotoumakakeru
1
130
ライブ配信サービスの インフラのジレンマ -マルチクラウドに至ったワケ-
mirrativ
2
260
学習を成果に繋げるための個人開発の考え方 〜 「学習のための個人開発」のすすめ / personal project for leaning
panda_program
1
110
画像コンペでのベースラインモデルの育て方
tattaka
3
1.9k
パスタの技術
yusukebe
1
400
マイコンでもRustのtestがしたい その2/KernelVM Tokyo 18
tnishinaga
2
2.3k
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
110
AIエージェント開発、DevOps and LLMOps
ymd65536
1
340
Featured
See All Featured
Mobile First: as difficult as doing things right
swwweet
223
9.9k
Designing for Performance
lara
610
69k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
The Invisible Side of Design
smashingmag
301
51k
Embracing the Ebb and Flow
colly
87
4.8k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
21k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
fufuhu
itsmedreamwalker
bmthd
licux
gotoumakakeru
mirrativ
panda_program
tattaka
yusukebe
tnishinaga
yosuke_furukawa
ymd65536
swwweet
lara
jcasabona
lauravandoore
reverentgeek
cassininazir
sergeychernyshev
smashingmag
colly
jeffersonlam
eileencodes
bkeepers
