Advanced API Security - Prabath Siriwardena

Advanced API Security (eBook)

OAuth 2.0 and Beyond
eBook Download: PDF
2019 | 2nd ed.
XIX, 449 Seiten
Apress (Verlag)
978-1-4842-2050-4 (ISBN)
Systemvoraussetzungen
46,99 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. 

Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. 

Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. 


What You Will Learn
  • Securely design, develop, and deploy enterprise APIs
  • Pick security standards and protocols to match business needs
  • Mitigate security exploits by understanding the OAuth 2.0 threat landscape
  • Federate identities to expand business APIs beyond the corporate firewall
  • Protect microservices at the edge by securing their APIs
  • Develop native mobile applications to access APIs securely
  • Integrate applications with SaaS APIs protected with OAuth 2.0

Who This Book Is For

Enterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications. 



Prabath Siriwardena is an identity evangelist, author, blogger, and VP of Identity Management and Security at WSO2. He has more than 11 years of industry experience in designing and building critical identity and access management (IAM) infrastructure for global enterprises, including many Fortune 100/500 companies. As a technology evangelist, Prabath has published five books. He blogs on various topics from blockchain, PSD2, GDPR, and IAM to microservices security. He also runs a YouTube channel. Prabath has spoken at many conferences, including RSAConference, Identiverse, European Identity Conference, Consumer Identity World USA, API World, API Strategy and Practice Con, QCon, OSCON, and WSO2Con. He has traveled the world conducting workshops and meetups to evangelize IAM communities. He is the founder of the Silicon Valley IAM User Group, which is the largest IAM meetup in the San Francisco Bay Area.
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. What You Will LearnSecurely design, develop, and deploy enterprise APIsPick security standards and protocols to match business needsMitigate security exploits by understanding the OAuth 2.0 threat landscapeFederate identities to expand business APIs beyond the corporate firewallProtect microservices at the edge by securing their APIsDevelop native mobile applications to access APIs securelyIntegrate applications with SaaS APIs protected with OAuth 2.0Who This Book Is ForEnterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications. 
Erscheint lt. Verlag 16.12.2019
Zusatzinfo XIX, 449 p. 96 illus.
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Programmiersprachen / -werkzeuge
Informatik Theorie / Studium Künstliche Intelligenz / Robotik
Schlagworte API's • IoT security • JSON • JSON Encrytption • JSON Seurity • OAuth • Rest • REST Security • SAML • Securing API's • User Managed Access (UMA)
ISBN-10 1-4842-2050-1 / 1484220501
ISBN-13 978-1-4842-2050-4 / 9781484220504
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 12,2 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99