Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
90
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
94
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
21
How to break into API Product Management
paraskakis
0
56
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
49
Become a Pro at API Management: A declarative approach
paraskakis
0
340
API Design Hands-On Lab
paraskakis
0
73
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
850
Other Decks in Programming
See All in Programming
SidekiqでAIに商品説明を生成させてみた
akinko_0915
0
130
乱雑なコードの整理から学ぶ設計の初歩
masuda220
PRO
31
12k
Promise.tryで実現する新しいエラーハンドリング New error handling with Promise try
bicstone
2
440
最新のDirectX12で使えるレイトレ周りの機能追加について
projectasura
0
220
Core MIDI を勉強して作曲用の電子ピアノ作ってみた!
hypebeans
0
110
2025 컴포즈 마법사
jisungbin
0
120
イベントストーミングのはじめかた / Getting Started with Event Storming
nrslib
1
400
Bakuraku E2E Scenario Test System Architecture #bakuraku_qa_study
teyamagu
PRO
0
720
What's New in Web AI?
christianliebel
PRO
0
120
Verilator + Rust + gRPC と Efinix の RISC-V でAIアクセラレータをAIで作ってる話 RTLを語る会(18) 2025/11/08
ryuz88
0
350
なぜ強調表示できず ** が表示されるのか — Perlで始まったMarkdownの歴史と日本語文書における課題
kwahiro
11
5.6k
What’s Fair is FAIR: A Decentralised Future for WordPress Distribution
rmccue
0
170
Featured
See All Featured
Designing Experiences People Love
moore
142
24k
Docker and Python
trallard
46
3.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Bash Introduction
62gerente
615
210k
Building Applications with DynamoDB
mza
96
6.8k
RailsConf 2023
tenderlove
30
1.3k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
How STYLIGHT went responsive
nonsquared
100
5.9k
Thoughts on Productivity
jonyablonski
73
4.9k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
akinko_0915
masuda220
bicstone
projectasura
hypebeans
.png){kind=avatar}
jisungbin
nrslib
teyamagu
christianliebel
ryuz88
kwahiro
rmccue
moore
trallard
maggiecrowley
malarkey
62gerente
mza
tenderlove
scottboms
nonsquared
jonyablonski
marcelosomers
keavy
