APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

Emmanuel Paraskakis

July 31, 2018

More Decks by Emmanuel Paraskakis

See All by Emmanuel Paraskakis

The Double Life of the API Product Manager

0

120

The AI-Powered API Builder: Speeding Up API Delivery with AI Tools

0

52

How to break into API Product Management

0

86

API Best Practices

0

260

Outside-in Development for APIs and Microservices

0

63

Become a Pro at API Management: A declarative approach

0

370

API Design Hands-On Lab

0

95

Bring Design Thinking to your API Lifecycle

0

160

Decomposing Service Descriptions: The Future of API Design

0

870

Other Decks in Programming

See All in Programming

Lemonade + Foundry Toolkit でお手軽アプリ開発

1

200

不変条件と整合性境界—ビジネスが決める設計判断と実現パターン / Invariants and Consistency Boundaries

10

2.8k

Augmenting AI with the Power of Jakarta EE

0

300

Technical Debt: Understanding it Rightly, Engaging it Rightly #LaravelLiveJP

0

160

自動レビューエンジンの実装と運用 ~レビューのない世界へ~

2

280

ユニットテストの先へ：テスト技法で要求・仕様を整理するJava開発実践 / Beyond_Unit_Testing_Practical_Java_Development_Techniques_for_Organizing_Requirements_and_Specifications

0

270

柔軟なPDFレイアウトエディタを支える型システム設計 — Discriminated UnionとConditional Typeの実践

4

1.1k

AIとRubyの静的型付け

0

190

TypeSpec で繋ぐ複数プロダクトの型安全

1

260

ECR拡張スキャンでSBOMを収集してサプライチェーン攻撃の影響調査を爆速で終わらせてみた

2

200

JavaDoc 再入門

0

180

Agentic UI beyond Chats Architecture Patterns & Open Standards @ngMunich 05/2026

PRO

0

160

Featured

See All Featured

What's in a price? How to price your products and services

247

13k

Organizational Design Perspectives: An Ontology of Organizational Design Elements

PRO

1

710

Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)

0

430

Fashionably flexible responsive web design (full day workshop)

408

66k

Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline

PRO

0

190

PRO

2

640

The Curious Case for Waylosing

1

360

Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO

PRO

0

180

世界の人気アプリ100個を分析して見えたペイウォール設計の心得

PRO

70

39k

Fantastic passwords and where to find them - at NoRuKo

52

3.7k

How to Ace a Technical Interview

281

24k

Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation

PRO

3

2.2k

Transcript

Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)