Upgrade to Pro — share decks privately, control downloads, hide ads and more …

APIDays_Design_API_Security.pdf

 APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

paraskakis

July 31, 2018
Tweet

More Decks by paraskakis

Other Decks in Programming

Transcript

  1. Defense In-Depth • Enforce CIA at every layer in your

    stack • Assume there will be a failure in each
  2. What does Design-First Mean? • Think about Security upfront •

    Don’t bolt it on at the end • Buying Silver Bullets won’t save you
  3. openapi: "3.0.1" info: title: Online Store API version: 1.0 …

    servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
  4. Learn More: • OWASP API Security Project • Dredd •

    Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)