Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
85
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
11
How to break into API Product Management
paraskakis
0
29
API Best Practices
paraskakis
0
240
Outside-in Development for APIs and Microservices
paraskakis
0
39
Become a Pro at API Management: A declarative approach
paraskakis
0
320
API Design Hands-On Lab
paraskakis
0
58
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
840
Have Your Layer Cake and Eat it Too
paraskakis
1
170
Other Decks in Programming
See All in Programming
PHP 8.4の新機能「プロパティフック」から学ぶオブジェクト指向設計とリスコフの置換原則
kentaroutakeda
2
480
git worktree × Claude Code × MCP ~生成AI時代の並列開発フロー~
hisuzuya
1
450
なぜ「共通化」を考え、失敗を繰り返すのか
rinchoku
1
490
関数型まつり2025登壇資料「関数プログラミングと再帰」
taisontsukada
2
850
AIエージェントはこう育てる - GitHub Copilot Agentとチームの共進化サイクル
koboriakira
0
350
Haskell でアルゴリズムを抽象化する / 関数型言語で競技プログラミング
naoya
17
4.9k
Blazing Fast UI Development with Compose Hot Reload (droidcon New York 2025)
zsmb
1
190
技術同人誌をMCP Serverにしてみた
74th
0
290
F#で自在につくる静的ブログサイト - 関数型まつり2025
pizzacat83
0
310
Code as Context 〜 1にコードで 2にリンタ 34がなくて 5にルール? 〜
yodakeisuke
0
100
VS Code Update for GitHub Copilot
74th
1
320
Webの外へ飛び出せ NativePHPが切り拓くPHPの未来
takuyakatsusa
2
340
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
46
9.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.8k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
GraphQLとの向き合い方2022年版
quramy
47
14k
Become a Pro
speakerdeck
PRO
28
5.4k
Practical Orchestrator
shlominoach
188
11k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
The Straight Up "How To Draw Better" Workshop
denniskardys
233
140k
Adopting Sorbet at Scale
ufuk
77
9.4k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)