Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
84
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
How to break into API Product Management
paraskakis
0
18
API Best Practices
paraskakis
0
230
Outside-in Development for APIs and Microservices
paraskakis
0
31
Become a Pro at API Management: A declarative approach
paraskakis
0
310
API Design Hands-On Lab
paraskakis
0
49
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
830
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Other Decks in Programming
See All in Programming
アプリを起動せずにアプリを開発して品質と生産性を上げる
ishkawa
0
450
いまさら聞けない生成AI入門: 「生成AIを高速キャッチアップ」
soh9834
12
3.9k
eBPF Updates (March 2025)
kentatada
0
130
SideKiqでジョブが二重起動した事象を深堀りしました
t_hatachi
0
240
List とは何か? / PHPerKaigi 2025
meihei3
0
560
Go1.24で testing.B.Loopが爆誕
kuro_kurorrr
0
170
신입 안드로이드 개발자의 AI 스타트업 생존기 (+ Native C++ Code를 Android에서 사용해보기)
dygames
0
510
コンテナでLambdaをデプロイするときに知っておきたかったこと
_takahash
0
150
なぜselectはselectではないのか
taiyow
2
310
Develop Faster With FrankenPHP
dunglas
2
2.7k
Fluent UI Blazor 5 (alpha)の紹介
tomokusaba
0
150
爆速スッキリ! Rspack 移行の成果と道のり - Muddy Web #11
dora1998
1
160
Featured
See All Featured
Making Projects Easy
brettharned
116
6.1k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
The World Runs on Bad Software
bkeepers
PRO
67
11k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
A Philosophy of Restraint
colly
203
16k
Code Review Best Practice
trishagee
67
18k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
12
620
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
ishkawa
soh9834
kentatada
t_hatachi
meihei3
kuro_kurorrr
dygames
_takahash
taiyow
dunglas
tomokusaba
dora1998
brettharned
keavy
bkeepers
keithpitt
colly
trishagee
sstephenson
eileencodes
addyosmani
samlambert
productmarketing
sergeychernyshev
