Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
85
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
How to break into API Product Management
paraskakis
0
20
API Best Practices
paraskakis
0
240
Outside-in Development for APIs and Microservices
paraskakis
0
34
Become a Pro at API Management: A declarative approach
paraskakis
0
320
API Design Hands-On Lab
paraskakis
0
53
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
830
Have Your Layer Cake and Eat it Too
paraskakis
1
170
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Other Decks in Programming
See All in Programming
REALITY コマンド作成チュートリアル
nishiuriraku
0
120
GitHub Copilot for Azureを使い倒したい
ymd65536
1
300
AIコーディングの理想と現実
tomohisa
35
37k
Ruby's Line Breaks
yui_knk
4
2.7k
プロダクト横断分析に役立つ、事前集計しないサマリーテーブル設計
hanon52_
3
520
Носок на сок
bo0om
0
1k
M5UnitUnified 最新動向 2025/05
gob
0
120
Qiita Bash
mercury_dev0517
2
220
今話題のMCPサーバーをFastAPIでサッと作ってみた
yuukis
0
100
By the way Google Cloud Next 2025に行ってみてどうだった
ymd65536
0
110
七輪ライブラリー: Claude AI で作る Next.js アプリ
suneo3476
1
160
VitestのIn-Source Testingが便利
taro28
8
2.4k
Featured
See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
105
19k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Unsuck your backbone
ammeep
671
57k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
40
7.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
A Tale of Four Properties
chriscoyier
158
23k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Adopting Sorbet at Scale
ufuk
76
9.3k
YesSQL, Process and Tooling at Scale
rocio
172
14k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
Facilitating Awesome Meetings
lara
54
6.3k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
nishiuriraku
ymd65536
tomohisa
yui_knk
hanon52_
bo0om
gob
mercury_dev0517
yuukis
suneo3476
taro28
panda_program
marktimemedia
ammeep
maggiecrowley
aleyda
cassininazir
chriscoyier
wjessup
ufuk
rocio
samlambert
lara
