Neil Madden - API Security in Action MEAP V10
Here you can read online Neil Madden - API Security in Action MEAP V10 full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, publisher: Manning Publications Co., genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:API Security in Action MEAP V10
- Author:
- Publisher:Manning Publications Co.
- Genre:
- Year:2020
- Rating:4 / 5
- Favourites:Add to favourites
- Your mark:
- 80
- 1
- 2
- 3
- 4
- 5
API Security in Action MEAP V10: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "API Security in Action MEAP V10" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
API Security in Action MEAP V10 — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "API Security in Action MEAP V10" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
MEAP Edition
Manning Early Access Program
API Security in Action
Version 10
For more information on this and other Manning titles go to
manning.com
Thank you for purchasing the MEAP of API Security in Action .
Remotely accessible APIs are everywhere, from web-based REST APIs, to microservices, and the Internet of Things (IoT). This book will help you understand the threats against those APIs and how you can defend them. Whether you are a developer tasked with implementing API protections, a technical architect, or a BA making a buy or build decision, this book will help you understand what you need and how to achieve it.
In my day job as security director at ForgeRock, a leading identity and access management software company, I spend a lot of time securing our own APIs and advising customers how best to secure their own. In recent years, several mature technologies have emerged for API security, including OAuth 2 and JSON Web Tokens, but the security advice and threat landscape have evolved over time so that old patterns have been updated. At the same time, APIs have migrated from being the front-door to a monolithic system to being at the core of microservice interactions in large-scale Kubernetes deployments and now the emerging IoT market. These new environments bring new security challenges, so this book aims to bring you right up to date with the latest security best practices.
Ive always aimed to go beyond the mainstream security advice in my professional work, and this book is no exception. Rather than just covering the nuts and bolts of how to throw together some off-the-shelf security solutions, youll also gain an appreciation of exactly how those solutions work and see some emerging technologies that are driving the next generation of API security patterns.
The book is divided into four parts. After covering the fundamentals of secure software development and API security controls in part 1, I then look in depth at securing REST APIs, Kubernetes microservices, and finally IoT APIs in turn. Throughout the book, I have aimed to balance depth and breadth, concentrating on principles and patterns that provide the most effective defenses in a wide range of situations.
To get the most out of this book, you will have a background in professional software development with at least a few years of experience programming in Java or a similar programming language. Youll also need to know the basics of how REST APIs work, including a working knowledge of HTTP and JSON. Some experience with SQL databases will also help. While the examples are written in Java, I have aimed to make them as language-agnostic as possible, so Python, Ruby, Go, and C# developers should all feel comfortable.
If you have any questions, comments, or suggestions, please share them in Mannings Author Online forum for my book.
Neil Madden
This chapter covers
What is an API
What makes an API secure or insecure
Defining security in terms of goals
Identifying threats and vulnerabilities
Mechanisms for achieving security goals
Application Programming Interfaces (APIs) are everywhere. Open your smartphone or tablet and look at the apps you have installed. Almost without exception those apps are talking to one or more remote APIs to download fresh content and messages, poll for notifications, upload your new content, and perform actions on your behalf.
Load your favorite web page with the developer tools open in your browser, and you likely see dozens of API calls happening in the background to render a page that is heavily customized to you as an individual (whether you like it or not). On the server, those API calls may themselves be implemented by many microservices , communicating with each other via internal APIs.
Increasingly, even the everyday items in your home are talking to APIs in the cloudfrom smart speakers like Amazon Echo or Google Home, to fridges, electricity meters, and lightbulbs. The Internet of Things (IoT) is rapidly becoming a reality in both consumer and industrial settings, powered by ever-growing numbers of APIs in the cloud and on the devices themselves.
While the spread of APIs is driving ever more sophisticated applications that enhance and amplify our own abilities, they also bring increased risks. As we become more dependent on APIs for critical tasks in work and play, we become more vulnerable if they are attacked. The more APIs are used, the greater their potential to be attacked. The very property that makes APIs attractive for developers, ease of use, also makes them an easy target for malicious actors. At the same time, new privacy and data protection legislation such as the GDPR in the EU place legal requirements on companies to protect users data, with stiff penalties if data protections are found to be inadequate.
GDPR
The General Data Protection Regulation (GDPR) is a significant piece of EU law that came into force in 2018. The aim of the law is to ensure that EU citizens personal data is not abused and is adequately protected by both technical and organizational controls. This includes security controls that will be covered in this book, as well as privacy techniques such as pseudonymization of names and other personal information (which we will not cover) and requiring explicit consent before collecting or sharing personal data. The law requires companies to report any data breaches within 72 hours and violations of the law can result in fines of up to 20 million or 4% of the worldwide annual turnover of the company. Other jurisdictions are following the lead of the EU and introducing similar privacy and data protection legislation.
This book is about how to secure your APIs against these threats so that you can confidently expose them to the world.
To illustrate some of the concepts of API security, consider an analogy from real life: taking your driving test. This may not seem at first to have very much to do with either APIs or security, but as you will see there are similarities between aspects of this story and key concepts that you will learn in this chapter.
You finish work at 5pm as usual. But today is special. Rather than going home to tend to your carnivorous plant collection and then flopping in front of the TV, you have somewhere else to be. Today you are taking your driving test.
You rush out of your office and across the park to catch a bus to the test center. As you stumble past the queue of people at the hot dog stand, you see your old friend Alice walking her pet alpaca, Horatio.
Hi Alice! you bellow jovially, Hows the miniature recreation of 18th century Paris coming along?
Good! she replies. You should come and see it soon.
She makes the universally recognized hand-gesture for call me and you both hurry on your separate ways.
You arrive at the test center a little hot and bothered from the crowded bus journey. If only you could drive, you think to yourself! After a short wait, the examiner comes out and introduces himself. He asks to see your learners driving license and studies the old photo of you with that bad haircut you thought was pretty cool at the time. After a few seconds of quizzical stares, he eventually accepts that it really is you, and you can begin the test.
Explanation Most APIs need to identify the clients that are interacting with them. As these fictional interactions illustrate, there may be different ways of identifying your API clients that are appropriate in different situations. As with Alice, sometimes there is a long-standing trust relationship based on a history of previous interactions, while in other cases a more formal proof of identity is required, like showing a driving license. The examiner trusts the license because it is issued by a trusted body, and you match the photo on the license. Your API may allow some operations to be performed with only minimal identification of the user but require a higher level of identity assurance for other operations.
Next pageFont size:
Interval:
Bookmark:
Similar books «API Security in Action MEAP V10»
Look at similar books to API Security in Action MEAP V10. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book API Security in Action MEAP V10 and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.