Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
110
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
120
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
59
How to break into API Product Management
paraskakis
0
90
API Best Practices
paraskakis
0
270
Outside-in Development for APIs and Microservices
paraskakis
0
70
Become a Pro at API Management: A declarative approach
paraskakis
0
380
API Design Hands-On Lab
paraskakis
0
99
Bring Design Thinking to your API Lifecycle
paraskakis
0
160
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
880
Other Decks in Programming
See All in Programming
共通化で考えるべきは、実装より公開する型だった
codeegg
0
210
はてなアカウント基盤 State of the Union
cockscomb
1
1.3k
なぜ関数型プログラミングで「型」と「証明」が語られるのか #fp_matsuri
kajitack
3
800
スマートグラスで並列バイブコーディング
hyshu
0
290
Even G2とAWSで推しのエージェントを召喚しよう!
har1101
1
160
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
licux
6
460
AI がコードを書く時代における新卒エンジニアの仕事風景 (2026) / New Graduate Engineers in the Era of AI Coding (2026)
sushichan044
0
220
技術記事、 専門家としてのプログラマ、 言語化
mizchi
14
7.4k
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.8k
Welcome to the "Parametricity" 🏙️ − Generic だけど Specific な世界 −
guvalif
PRO
1
150
使用 Meilisearch 建立新聞搜尋工具
johnroyer
0
130
コンテキストの使い捨てをやめる — ビジネスルール駆動開発と miko —
ioki
0
270
Featured
See All Featured
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
560
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
10k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Automating Front-end Workflow
addyosmani
1370
210k
The Cost Of JavaScript in 2023
addyosmani
55
10k
Test your architecture with Archunit
thirion
1
2.3k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
Docker and Python
trallard
47
3.9k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
Amusing Abliteration
ianozsvald
1
220
WENDY [Excerpt]
tessaabrams
11
38k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)