APIDays_Design_API_Security.pdf

Emmanuel Paraskakis

July 31, 2018

96

APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

Emmanuel Paraskakis

July 31, 2018

More Decks by Emmanuel Paraskakis

See All by Emmanuel Paraskakis

The Double Life of the API Product Manager

0

110

The AI-Powered API Builder: Speeding Up API Delivery with AI Tools

0

41

How to break into API Product Management

0

80

API Best Practices

0

260

Outside-in Development for APIs and Microservices

0

59

Become a Pro at API Management: A declarative approach

0

360

API Design Hands-On Lab

0

88

Bring Design Thinking to your API Lifecycle

0

150

Decomposing Service Descriptions: The Future of API Design

0

870

Other Decks in Programming

See All in Programming

VueエンジニアがReactを触って感じた_設計の違い

0

170

感情を設計する

5

1.4k

PHPのバージョンアップ時にも役立ったAST（2026年版）

0

300

煩雑なSkills管理をSoC（関心の分離）により解決する――関心を分離し、プロンプトを部品として育てるためのOSSを作った話 / Solving Complex Skills Management Through SoC (Separation of Concerns)

4

860

10 Tips of AWS ～Gen AI on AWS～

5

300

Symfonyの特性(設計思想)を手軽に活かす特性(trait)

0

130

事業会社でのセキュリティ長期インターンについて

0

250

ふりがな Deep Dive try! Swift Tokyo 2026

0

190

Offline should be the norm: building local-first apps with CRDTs & Kotlin Multiplatform

0

190

[PHPerKaigi 2026]PHPerKaigi2025の企画CodeGolfが最高すぎて社内で内製して半年運営して得た内製と運営の知見

0

340

「接続」—パフォーマンスチューニングの最後の一手〜点と点を結ぶ、その一瞬のために〜

5

2.5k

Vibe NLP for Applied NLP

PRO

0

330

Featured

See All Featured

The B2B funnel & how to create a winning content strategy

PRO

1

330

Building Experiences: Design Systems, User Experience, and Full Site Editing

0

480

Highjacked: Video Game Concept Design

PRO

1

340

[RailsConf 2023] Rails as a piece of cake

59

6.5k

Building Better People: How to give real-time feedback that sticks.

370

20k

The Curse of the Amulet

1

11k

Product Roadmaps are Hard

PRO

55

12k

Helping Users Find Their Own Way: Creating Modern Search Experiences

31

3.1k

Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO

PRO

0

140

Fashionably flexible responsive web design (full day workshop)

408

66k

What the history of the web can teach us about the future of AI

PRO

1

520

Kristin Tynski - Automating Marketing Tasks With AI

PRO

0

220

Transcript

Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)