Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
85
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
11
How to break into API Product Management
paraskakis
0
28
API Best Practices
paraskakis
0
240
Outside-in Development for APIs and Microservices
paraskakis
0
39
Become a Pro at API Management: A declarative approach
paraskakis
0
320
API Design Hands-On Lab
paraskakis
0
58
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
840
Have Your Layer Cake and Eat it Too
paraskakis
1
170
Other Decks in Programming
See All in Programming
AIエージェントはこう育てる - GitHub Copilot Agentとチームの共進化サイクル
koboriakira
0
200
Team topologies and the microservice architecture: a synergistic relationship
cer
PRO
0
930
Kotlin エンジニアへ送る:Swift 案件に参加させられる日に備えて~似てるけど色々違う Swift の仕様 / from Kotlin to Swift
lovee
1
250
カクヨムAndroidアプリのリブート
numeroanddev
0
430
Cline指示通りに動かない? AI小説エージェントで学ぶ指示書の書き方と自動アップデートの仕組み
kamomeashizawa
1
560
Gleamという選択肢
comamoca
6
740
Composerが「依存解決」のためにどんな工夫をしているか #phpcon
o0h
PRO
1
120
社内での開発コミュニティ活動とモジュラーモノリス標準化事例のご紹介/xPalette and Introduction of Modular monolith standardization
m4maruyama
1
130
関数型まつり2025登壇資料「関数プログラミングと再帰」
taisontsukada
2
840
「ElixirでIoT!!」のこれまでとこれから
takasehideki
0
370
deno-redisの紹介とJSRパッケージの運用について (toranoana.deno #21)
uki00a
0
130
[初登壇@jAZUG]アプリ開発者が気になるGoogleCloud/Azure+wasm/wasi
asaringo
0
130
Featured
See All Featured
What's in a price? How to price your products and services
michaelherold
245
12k
Raft: Consensus for Rubyists
vanstee
140
7k
Making the Leap to Tech Lead
cromwellryan
134
9.3k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Embracing the Ebb and Flow
colly
86
4.7k
Faster Mobile Websites
deanohume
307
31k
Designing for Performance
lara
609
69k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Six Lessons from altMBA
skipperchong
28
3.8k
Fireside Chat
paigeccino
37
3.5k
Navigating Team Friction
lara
187
15k
GitHub's CSS Performance
jonrohan
1031
460k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
koboriakira
cer
lovee
numeroanddev
kamomeashizawa
comamoca
o0h
m4maruyama
taisontsukada
takasehideki
uki00a
asaringo
michaelherold
vanstee
cromwellryan
chriscoyier
colly
deanohume
lara
bcantrill
skipperchong
paigeccino
jonrohan
