Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
paraskakis
July 31, 2018
Programming
0
83
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
paraskakis
July 31, 2018
Tweet
Share
More Decks by paraskakis
See All by paraskakis
API Best Practices
paraskakis
0
210
Outside-in Development for APIs and Microservices
paraskakis
0
30
Become a Pro at API Management: A declarative approach
paraskakis
0
310
API Design Hands-On Lab
paraskakis
0
47
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
820
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Easy Data Modeling with MSON (Defrag 2016)
paraskakis
0
99
Other Decks in Programming
See All in Programming
振り返れば奴(Cline)がいる
keiyagi
0
100
DMMオンラインサロンアプリのSwift化
hayatan
0
230
shadcn/uiを使ってReactでの開発を加速させよう!
lef237
0
370
定理証明プラットフォーム lapisla.net
abap34
1
610
ゼロからの、レトロゲームエンジンの作り方
tokujiros
3
1.1k
Linux && Docker 研修/Linux && Docker training
forrep
16
3.2k
ASP. NET CoreにおけるWebAPIの最新情報
tomokusaba
0
180
Azure AI Foundryのご紹介
qt_luigi
1
250
CNCF Project の作者が考えている OSS の運営
utam0k
5
570
PHPで学ぶプログラミングの教訓 / Lessons in Programming Learned through PHP
nrslib
4
1.1k
ペアーズでの、Langfuseを中心とした評価ドリブンなリリースサイクルのご紹介
fukubaka0825
1
170
2,500万ユーザーを支えるSREチームの6年間のスクラムのカイゼン
honmarkhunt
6
3.6k
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Code Review Best Practice
trishagee
65
17k
Writing Fast Ruby
sferik
628
61k
GitHub's CSS Performance
jonrohan
1030
460k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Done Done
chrislema
182
16k
Mobile First: as difficult as doing things right
swwweet
222
9.1k
We Have a Design System, Now What?
morganepeng
51
7.4k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Typedesign – Prime Four
hannesfritz
40
2.5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)