Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
89
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
90
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
20
How to break into API Product Management
paraskakis
0
51
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
45
Become a Pro at API Management: A declarative approach
paraskakis
0
330
API Design Hands-On Lab
paraskakis
0
70
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
840
Other Decks in Programming
See All in Programming
エンジニアとして高みを目指す、 利益を生み出す設計の考え方 / design-for-profit
minodriven
23
12k
LLMとPlaywright/reg-suitを活用した jQueryリファクタリングの実際
kinocoboy2
4
660
NetworkXとGNNで学ぶグラフデータ分析入門〜複雑な関係性を解き明かすPythonの力〜
mhrtech
3
970
プログラマのための作曲入門
cheebow
0
530
Serena MCPのすすめ
wadakatu
4
880
フロントエンド開発に役立つクライアントプログラム共通のノウハウ / Universal client-side programming best practices for frontend development
nrslib
7
3.9k
なぜあの開発者はDevRelに伴走し続けるのか / Why Does That Developer Keep Running Alongside DevRel?
nrslib
2
360
ソフトウェア設計の実践的な考え方
masuda220
PRO
3
410
デミカツ切り抜きで面倒くさいことはPythonにやらせよう
aokswork3
0
140
2分台で1500examples完走!爆速CIを支える環境構築術 - Kaigi on Rails 2025
falcon8823
3
2.8k
Pull-Requestの内容を1クリックで動作確認可能にするワークフロー
natmark
1
440
iOSエンジニア向けの英語学習アプリを作る!
yukawashouhei
0
160
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
79
6k
A Modern Web Designer's Workflow
chriscoyier
697
190k
RailsConf 2023
tenderlove
30
1.2k
How to train your dragon (web standard)
notwaldorf
96
6.3k
Automating Front-end Workflow
addyosmani
1371
200k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.6k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Code Review Best Practice
trishagee
72
19k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
Raft: Consensus for Rubyists
vanstee
139
7.1k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
53k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)