Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Emmanuel Paraskakis
July 31, 2018
Programming
0
94
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
100
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
35
How to break into API Product Management
paraskakis
0
75
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
56
Become a Pro at API Management: A declarative approach
paraskakis
0
360
API Design Hands-On Lab
paraskakis
0
85
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
870
Other Decks in Programming
See All in Programming
RAGでハマりがちな"Excelの罠"を、データの構造化で突破する
harumiweb
6
1.4k
20260228_JAWS_Beginner_Kansai
takuyay0ne
3
310
AI活用のコスパを最大化する方法
ochtum
0
110
15年目のiOSアプリを1から作り直す技術
teakun
0
560
生成AIを活用したソフトウェア開発ライフサイクル変革の現在値
hiroyukimori
PRO
0
140
オブザーバビリティ駆動開発って実際どうなの?
yohfee
2
600
受け入れテスト駆動開発(ATDD)×AI駆動開発 AI時代のATDDの取り組み方を考える
kztakasaki
2
480
CSC307 Lecture 12
javiergs
PRO
0
450
CDIの誤解しがちな仕様とその対処TIPS
futokiyo
0
120
今、アーキテクトとして 品質保証にどう関わるか
nealle
0
190
要求定義・仕様記述・設計・検証の手引き - 理論から学ぶ明確で統一された成果物定義
orgachem
PRO
1
460
エージェント開発初心者の僕が エージェントを作った話と今後やりたいこと
thasu0123
0
200
Featured
See All Featured
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
240
Design in an AI World
tapps
0
160
Abbi's Birthday
coloredviolet
2
5k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
290
A Soul's Torment
seathinner
5
2.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
67
37k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
130
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Typedesign – Prime Four
hannesfritz
42
3k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
harumiweb
takuyay0ne
ochtum
teakun
hiroyukimori
yohfee
kztakasaki
javiergs
futokiyo
nealle
orgachem
thasu0123
inesmontani
tapps
coloredviolet
aleyda
katarinadahlin
seathinner
kevinliebholz
akihiro_kokubo
sabderemane
destraynor
hannesfritz
