Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
90
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
96
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
26
How to break into API Product Management
paraskakis
0
64
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
52
Become a Pro at API Management: A declarative approach
paraskakis
0
350
API Design Hands-On Lab
paraskakis
0
78
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
860
Other Decks in Programming
See All in Programming
AI前提で考えるiOSアプリのモダナイズ設計
yuukiw00w
0
210
AtCoder Conference 2025
shindannin
0
830
Patterns of Patterns
denyspoltorak
0
390
AI 駆動開発ライフサイクル(AI-DLC):ソフトウェアエンジニアリングの再構築 / AI-DLC Introduction
kanamasa
11
4.6k
20251212 AI 時代的 Legacy Code 營救術 2025 WebConf
mouson
0
230
認証・認可の基本を学ぼう後編
kouyuume
0
260
0→1 フロントエンド開発 Tips🚀 #レバテックMeetup
bengo4com
0
440
SQL Server 2025 LT
odashinsuke
0
100
TestingOsaka6_Ozono
o3
0
230
令和最新版Android Studioで化石デバイス向けアプリを作る
arkw
0
470
まだ間に合う!Claude Code元年をふりかえる
nogu66
5
920
re:Invent 2025 のイケてるサービスを紹介する
maroon1st
0
160
Featured
See All Featured
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
39
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Reality Check: Gamification 10 Years Later
codingconduct
0
2k
Speed Design
sergeychernyshev
33
1.4k
KATA
mclloyd
PRO
33
15k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.3k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
180
Information Architects: The Missing Link in Design Systems
soysaucechin
0
720
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
860
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
ラッコキーワード サービス紹介資料
rakko
0
1.9M
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
0
100
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
yuukiw00w
shindannin
denyspoltorak
kanamasa
mouson
kouyuume
bengo4com
odashinsuke
o3
arkw
nogu66
maroon1st
stuffmc
maggiecrowley
codingconduct
sergeychernyshev
mclloyd
dougneiner
tamaranovitovic
soysaucechin
szymonslowik
destraynor
rakko
nikkihalliwell
