Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
110
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
120
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
59
How to break into API Product Management
paraskakis
0
90
API Best Practices
paraskakis
0
270
Outside-in Development for APIs and Microservices
paraskakis
0
70
Become a Pro at API Management: A declarative approach
paraskakis
0
380
API Design Hands-On Lab
paraskakis
0
99
Bring Design Thinking to your API Lifecycle
paraskakis
0
160
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
880
Other Decks in Programming
See All in Programming
地域 SRE コミュニティ最前線 - ホンマでっかSRE勉強会
tk3fftk
0
220
act1-costs.pdf
sumedhbala
0
210
【SRE NEXT 2026 Lunch Session】一人目専任SREの立ち上げを加速する ― AIと進めたオンボーディングで2分を0.04秒にした話
pkshadeck
PRO
0
2.3k
『コードを書く以外の』エンジニアリング〜課金基盤移行プロジェクト推進のためのTips4選
yuriko1211
0
380
えっ!!コードを読まずに開発を!?
hananouchi
0
190
Generative UI & AI-Assistants for Your Angular Solutions
manfredsteyer
PRO
1
160
継続モナドとリアクティブプログラミング
yukikurage
3
500
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
260
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
akihisaikeda
2
4.2k
エンジニアにデザインハーネスを 〜デザインプロセスを規定するためのハーネス〜 / Design harness from an engineer's perspective
rkaga
2
1.4k
【やさしく解説 設計編 #0】DDDのコード、読めるのに分からない人へ
panda728
PRO
2
260
信頼性について考えてみる(SRE NEXT 2026 miniLT)
hayama17
0
160
Featured
See All Featured
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
410
WENDY [Excerpt]
tessaabrams
11
38k
Making Projects Easy
brettharned
120
6.7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
3k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
2.1k
Automating Front-end Workflow
addyosmani
1370
210k
The browser strikes back
jonoalderson
0
1.4k
Prompt Engineering for Job Search
mfonobong
0
370
A Soul's Torment
seathinner
6
3.1k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
290
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
Raft: Consensus for Rubyists
vanstee
141
7.6k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)