Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Compliance Validation for Designed APIs

Vadim Klimov
November 12, 2022
0
120

Compliance Validation for Designed APIs

Event: SAP Inside Track Copenhagen 2022
Date: November 12, 2022
Speaker: Vadim Klimov
Session: Compliance validation for designed APIs

Vadim Klimov

November 12, 2022
Tweet

More Decks by Vadim Klimov

See All by Vadim Klimov
Developing Modern Terminal-Based Tools for SAP Cloud Integration
vadimklimov
0
4
Developer Experience in SAP Cloud Integration: An Alternative Perspective
vadimklimov
1
99
Architecture and Use Cases for Event Mesh
vadimklimov
0
78
Increase Developer Productivity and Code Quality of Custom Scripts in SAP Cloud Integration
vadimklimov
0
20
SAP Advanced Event Mesh: Event Broker Runtime at the Developer's Fingertips
vadimklimov
0
170
Exploring the Cloud Integration Technology Stack: Practical Techniques
vadimklimov
0
12
Performance Measurement and Benchmarking of Custom Code in SAP Cloud Platform Integration
vadimklimov
0
5
Exploring Internals and Discovering Hidden Features of Cloud Services: SAP Cloud Platform Integration Showcase
vadimklimov
0
10
Troubleshooting Node.js Applications: Debugging in SAP Cloud Platform Cloud Foundry
vadimklimov
0
12

Featured

See All Featured
BBQ
matthewcrist
85
9.3k
Building Applications with DynamoDB
mza
90
6.1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Designing for Performance
lara
604
68k
The Language of Interfaces
destraynor
154
24k
A Philosophy of Restraint
colly
203
16k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
820
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Embracing the Ebb and Flow
colly
84
4.5k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Become a Pro
speakerdeck
PRO
25
5k

Transcript

  1. Compliance Validation for Designed APIs Vadim Klimov SAP Integration Architect

    SAP Inside Track Copenhagen November 12, 2022

  2. API Lifecycle Management Approaches Shift left Move tasks earlier in

    the API development process. The approach promotes a contract-first principle to API design and encourages automation of API governance (including early validation of API compliance with style guides, established standards and best practices). Shield right Put controls in place that protect the deployed APIs. The approach emphasises advanced API discovery, observability and protection, proactive scanning, and API drift detection.

  3. API Contract Validations API design security guidelines Traditional API style

    guide ▪ API lifecycle management guidelines ▪ Naming conventions ▪ Versioning ▪ Design patterns ▪ Performance optimisation patterns ▪ Data formats ▪ Error formats ▪ Transport and communication protocols ▪ Authentication and authorisation mechanisms ▪ Request data validation ▪ Response data protection ▪ Excessive data exposure prevention ▪ Activity logging

  4. API Contract Validation Automation: Components API contract Linter Ruleset An

    API contract is represented using a YAML or JSON format and ▪ For REST APIs – is compliant with the OpenAPI standard, ▪ For event-driven APIs - is compliant with the AsyncAPI standard. A static analysis tool that can validate the API contract against the specified ruleset. ▪ Examples of OpenAPI linters: Spectral, Redocly, Zally, IBM OpenAPI Validator. ▪ Examples of API security platforms: 42Crunch, Salt Security. A set of rules that must be applied to an API contract. Commonly rules originate from and are based on a style guide, design guidelines, best practices, etc. ▪ Examples of API style guides and design guidelines: http://apistylebook.com. ▪ API design security guidelines, among other things, commonly include recommendations for the mitigation of OWASP API Security Top 10 security risks (https://owasp.org/www- project-api-security).

  5. API Contract Linter: Key Features and Capabilities Extensibility Enhance and

    extend out-of-the-box functionality with 3rd party or custom plugins/extensions, develop custom validation functions. Validation executions history and evolution analysis Evolution analysis and retrospective view on validation/compliance issues that have been detected in the API contract, API compliance trend analysis. Validation results output and formatting Output validation results using formats that are convenient for human-readable and machine- readable processing. Integration with CI/CD tools For example, integration with Azure Pipelines, GitLab, CircleCI, Jenkins, TeamCity. Integration with code quality assurance tools For example, integration with SonarQube. Integration with code editors and IDEs For example, integration with Visual Studio Code, IntelliJ, Eclipse.

  6. Demo

  7. None