Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
83
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
How to break into API Product Management
paraskakis
0
10
API Best Practices
paraskakis
0
220
Outside-in Development for APIs and Microservices
paraskakis
0
30
Become a Pro at API Management: A declarative approach
paraskakis
0
310
API Design Hands-On Lab
paraskakis
0
48
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
830
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Other Decks in Programming
See All in Programming
SRE、開発、QAが協業して挑んだリリースプロセス改革@SRE Kaigi 2025
nealle
3
4.1k
AHC041解説
terryu16
0
590
DevinとCursorから学ぶAIエージェントメモリーの設計とMoatの考え方
itarutomy
1
640
個人アプリを2年ぶりにアプデしたから褒めて / I just updated my personal app, praise me!
lovee
0
340
最近のVS Codeで気になるニュース 2025/01
74th
1
250
SwiftUIで単方向アーキテクチャを導入して得られた成果
takuyaosawa
0
260
GAEログのコスト削減
mot_techtalk
0
110
ペアーズでの、Langfuseを中心とした評価ドリブンなリリースサイクルのご紹介
fukubaka0825
2
300
DROBEの生成AI活用事例 with AWS
ippey
0
130
Grafana Cloudとソラカメ
devoc
0
140
ARA Ansible for the teams
kksat
0
150
Immutable ActiveRecord
megane42
0
130
Featured
See All Featured
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
175
51k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
950
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
400
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Code Reviewing Like a Champion
maltzj
521
39k
Why Our Code Smells
bkeepers
PRO
335
57k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
nealle
terryu16
itarutomy
lovee
74th
takuyaosawa
mot_techtalk
fukubaka0825
ippey
devoc
kksat
megane42
bermonpainter
pedronauck
soudai
honnibal
tammyeverts
keavy
lauravandoore
morganepeng
maltzj
bkeepers
eileencodes
swwweet
