Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
88
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
88
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
18
How to break into API Product Management
paraskakis
0
45
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
45
Become a Pro at API Management: A declarative approach
paraskakis
0
330
API Design Hands-On Lab
paraskakis
0
67
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
840
Other Decks in Programming
See All in Programming
AHC051解法紹介
eijirou
0
640
モバイルアプリからWebへの横展開を加速した話_Claude_Code_実践術.pdf
kazuyasakamoto
0
290
Portapad紹介プレゼンテーション
gotoumakakeru
1
130
テストカバレッジ100%を10年続けて得られた学びと品質
mottyzzz
2
370
Nuances on Kubernetes - RubyConf Taiwan 2025
envek
0
220
CSC305 Summer Lecture 12
javiergs
PRO
0
130
A Gopher's Guide to Vibe Coding
danicat
0
200
Langfuseと歩む生成AI活用推進
licux
3
320
Claude Codeで実装以外の開発フロー、どこまで自動化できるか?失敗と成功
ndadayo
3
1.8k
Zendeskのチケットを Amazon Bedrockで 解析した
ryokosuge
3
230
AIエージェント開発、DevOps and LLMOps
ymd65536
1
370
RDoc meets YARD
okuramasafumi
4
160
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.6k
Automating Front-end Workflow
addyosmani
1370
200k
Building an army of robots
kneath
306
46k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
11
1.1k
Scaling GitHub
holman
463
140k
A designer walks into a library…
pauljervisheath
207
24k
Thoughts on Productivity
jonyablonski
69
4.8k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Designing for humans not robots
tammielis
253
25k
For a Future-Friendly Web
brad_frost
179
9.9k
How to Think Like a Performance Engineer
csswizardry
26
1.9k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
eijirou
kazuyasakamoto
gotoumakakeru
mottyzzz
envek
javiergs
danicat
licux
ndadayo
ryokosuge
ymd65536
okuramasafumi
eileencodes
addyosmani
kneath
tammyeverts
holman
pauljervisheath
jonyablonski
marktimemedia
tammielis
brad_frost
csswizardry
iamctodd
