Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
94
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
100
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
36
How to break into API Product Management
paraskakis
0
75
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
56
Become a Pro at API Management: A declarative approach
paraskakis
0
360
API Design Hands-On Lab
paraskakis
0
86
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
870
Other Decks in Programming
See All in Programming
あなたはユーザーではない #PdENight
kajitack
4
340
go directiveを最新にしすぎないで欲しい話──あるいは、Go 1.26からgo mod initで作られるgo directiveの値が変わる話 / Go 1.26 リリースパーティ
arthur1
2
510
AWS×クラウドネイティブソフトウェア設計 / AWS x Cloud-Native Software Design
nrslib
15
2.8k
ベクトル検索のフィルタを用いた機械学習モデルとの統合 / python-meetup-fukuoka-06-vector-attr
monochromegane
2
340
LangChain4jとは一味違うLangChain4j-CDI
kazumura
1
160
Docコメントで始める簡単ガードレール
keisukeikeda
1
110
米国のサイバーセキュリティタイムラインと見る Goの暗号パッケージの進化
tomtwinkle
2
530
Swift ConcurrencyでよりSwiftyに
yuukiw00w
0
250
ご飯食べながらエージェントが開発できる。そう、Agentic Engineeringならね。
yokomachi
1
290
社内規程RAGの精度を73.3% → 100%に改善した話
oharu121
13
7.8k
猫の手も借りたい!ので AIエージェント猫を作って社内に放した話 Claude Code × Container Lambda の Slack Bot "DevNeko"
naramomi7
0
260
API Platformを活用したPHPによる本格的なWeb API開発 / api-platform-book-intro
ttskch
1
130
Featured
See All Featured
What's in a price? How to price your products and services
michaelherold
247
13k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
120
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
180
Claude Code のすすめ
schroneko
67
220k
How GitHub (no longer) Works
holman
316
140k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.7k
Optimizing for Happiness
mojombo
378
71k
It's Worth the Effort
3n
188
29k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
100
WCS-LA-2024
lcolladotor
0
480
A Soul's Torment
seathinner
5
2.4k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
kajitack
.jpeg){kind=avatar}
arthur1
nrslib
monochromegane
kazumura
keisukeikeda
tomtwinkle
yuukiw00w
yokomachi
oharu121
naramomi7
ttskch
michaelherold
codingconduct
nikkihalliwell
schroneko
holman
tammyeverts
jcasabona
mojombo
3n
marketingsoph
lcolladotor
seathinner
