Upgrade to Pro — share decks privately, control downloads, hide ads and more …

APIDays_Design_API_Security.pdf

paraskakis
July 31, 2018
Programming
0
83

 APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

paraskakis

July 31, 2018
Tweet

More Decks by paraskakis

See All by paraskakis
API Best Practices
paraskakis
0
210
Outside-in Development for APIs and Microservices
paraskakis
0
30
Become a Pro at API Management: A declarative approach
paraskakis
0
310
API Design Hands-On Lab
paraskakis
0
47
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
820
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Easy Data Modeling with MSON (Defrag 2016)
paraskakis
0
99

Other Decks in Programming

See All in Programming
振り返れば奴(Cline)がいる
keiyagi
0
100
DMMオンラインサロンアプリのSwift化
hayatan
0
230
shadcn/uiを使ってReactでの開発を加速させよう!
lef237
0
370
定理証明プラットフォーム lapisla.net
abap34
1
610
ゼロからの、レトロゲームエンジンの作り方
tokujiros
3
1.1k
Linux && Docker 研修/Linux && Docker training
forrep
16
3.2k
ASP. NET CoreにおけるWebAPIの最新情報
tomokusaba
0
180
Azure AI Foundryのご紹介
qt_luigi
1
250
CNCF Project の作者が考えている OSS の運営
utam0k
5
570
PHPで学ぶプログラミングの教訓 / Lessons in Programming Learned through PHP
nrslib
4
1.1k
ペアーズでの、Langfuseを中心とした評価ドリブンなリリースサイクルのご紹介
fukubaka0825
1
170
2,500万ユーザーを支えるSREチームの6年間のスクラムのカイゼン
honmarkhunt
6
3.6k

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Code Review Best Practice
trishagee
65
17k
Writing Fast Ruby
sferik
628
61k
GitHub's CSS Performance
jonrohan
1030
460k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Done Done
chrislema
182
16k
Mobile First: as difficult as doing things right
swwweet
222
9.1k
We Have a Design System, Now What?
morganepeng
51
7.4k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Typedesign – Prime Four
hannesfritz
40
2.5k
A Modern Web Designer's Workflow
chriscoyier
693
190k

Transcript

  1. Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API

    Security

  2. apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers

  3. Infosec Goals 1. Confidentiality 2. Integrity 3. Availability

  4. What’s Different About APIs? Attack Surface is Huge!

  5. Defense In-Depth • Enforce CIA at every layer in your

    stack • Assume there will be a failure in each

  6. What does Design-First Mean? • Think about Security upfront •

    Don’t bolt it on at the end • Buying Silver Bullets won’t save you

  7. Design For API Security • Architecture • Processes • API

    Interface

  8. Design your Architecture

  9. Design your Processes

  10. Design your API Interface • Authentication Scheme • Leverage the

    Protocol • Data Structures & Validation

  11. openapi: "3.0.1" info: title: Online Store API version: 1.0 …

    servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema

  12. Learn More: • OWASP API Security Project • Dredd •

    Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)