Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
89
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
91
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
20
How to break into API Product Management
paraskakis
0
52
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
46
Become a Pro at API Management: A declarative approach
paraskakis
0
330
API Design Hands-On Lab
paraskakis
0
71
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
850
Other Decks in Programming
See All in Programming
Goで実践するドメイン駆動開発 AIと歩み始めた新規プロダクト開発の現在地
imkaoru
4
890
Pythonに漸進的に型をつける
nealle
1
120
AI 駆動開発におけるコミュニティと AWS CDK の価値
konokenj
5
220
理論と実務のギャップを超える
eycjur
0
180
AI駆動で0→1をやって見えた光と伸びしろ
passion0102
1
810
Domain-centric? Why Hexagonal, Onion, and Clean Architecture Are Answers to the Wrong Question
olivergierke
3
960
技術的負債の正体を知って向き合う
irof
0
230
O Que É e Como Funciona o PHP-FPM?
marcelgsantos
0
190
モテるデスク環境
mozumasu
3
1.2k
Google Opalで使える37のライブラリ
mickey_kubo
3
140
ソフトウェア設計の実践的な考え方
masuda220
PRO
4
640
AIと人間の共創開発!OSSで試行錯誤した開発スタイル
mae616
2
800
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
55
11k
Side Projects
sachag
455
43k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Agile that works and the tools we love
rasmusluckow
331
21k
A Modern Web Designer's Workflow
chriscoyier
697
190k
Producing Creativity
orderedlist
PRO
347
40k
Code Reviewing Like a Champion
maltzj
526
40k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.5k
Fireside Chat
paigeccino
41
3.7k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)