Securing The API Stronghold

Free!

Minimum price

$5.00

Suggested price

1,621
Readers

English
PDF
EPUB
MOBI
APP

This book is 100% complete

Completed on 2015-09-23

About the Book

As the world becomes more and more connected, digital security is more and more a pressing concern. Especially in the Internet of Things (IoT), Application Programming Interface (API), and microservice spaces, the proper access management needs to be seriously addressed to ensure that web assets are securely distributed. We at Nordic APIs have collated our most helpful advice on API security into this eBook - a single tomb that introduces important terms, outlines proven API security stacks, and describes workflows using modern technologies. This knowledge is crucial for any web service that needs to properly authenticate, control access, delegate authority, and federate credentials across a system. Following an overview of basic concepts, we'll dive into specific considerations such as:

Detailing OAuth 2.0 and OpenID Connect protocols and workflows
Defining three distinct approaches to API licensing and availability
Performing delegation of user identity across microservices
Using OAuth and the Neo-Security stack to handle identity and access control
Differentiating Authentication, Authorization, Federation, and Delegation, and the importance of each
Using OpenID Connect for Native Single Sign On (SSO), Mobile Identity Management (MIM) & secure IoT applications
... and more

Please read on, share, and enjoy our 5th eBook from the Nordic APIs team, a free compilation of insights from identity experts security specialists.

*All proceeds from the sale of this eBook will be donated to the Salvation Army in Sweden.

Share this book
Feedback
Email the Author(s)

Nordic APIs

Authors for this eBook include: Kristopher Sandoval, Bill Doerrfeld, Travis Spencer, Andreas Krohn, and Jacob Ideskog.

Andreas Krohn

Co-Founder, Dopter

Bill Doerrfeld

Nordic APIs Editor in Chief

Jacob Ideskog

Co-Founder, Twobo Technologies

Kristopher Sandoval

Web Developer, Nordic APIs Blogger

Travis Spencer

Co-Founder, Twobo Technologies, Nordic APIs

Preface
1. Introducing API Security Concepts
- 1.1 Identity is at the Forefront of API Security
- 1.2 Neo-Security Stack
- 1.3 OAuth Basics
- 1.4 OpenID Connect
- 1.5 JSON Identity Suite
- 1.6 Neo-Security Stack Protocols Increase API Security
- 1.7 The Myth of API Keys
- 1.8 Access Management
- 1.9 IoT Security
- 1.10 Using Proven Standards
2. The 4 Defenses of The API Stronghold
- 2.1 Balancing Access and Permissions
- 2.2 Authentication: Identity
- 2.3 Authorization: Access
- 2.4 Federation: Reusing Credentials & Spreading Resources
- 2.5 Delegation: The Signet of (Limited) Power
- 2.6 Holistic Security vs. Singular Approach
- 2.7 Application For APIs
3. Equipping Your API With the Right Armor: 3 Approaches to Provisioning
- 3.1 Differences In API Approaches: Private, Public, & Partner APIs
- 3.2 Considerations and Caveats
- 3.3 So Where Is The Middle Ground?
- 3.4 Real-World Failure
- 3.5 Two Real-World Successes
- 3.6 Conclusion
4. Your API is Vulnerable: 4 Top Security Risks to Mitigate
- 4.1 Gauging Vulnerabilities
- 4.2 Black Hat vs. White Hat Hackers
- 4.3 Risk 1 - Security Relies on the Developer
- 4.4 Risk 2 - “Just Enough” Coding
- 4.5 Risk 3 - Misunderstanding Your Ecosystem
- 4.6 Risk 4 - Trusting the API Consumer With Too Much Control
- 4.7 Conclusion
5. Deep Dive into OAuth and OpenID Connect
- 5.1 OAuth and OpenID Connect in Context
- 5.2 Start with a Secure Foundation
- 5.3 Overview of OAuth
- 5.4 Actors in OAuth
- 5.5 Scopes
- 5.6 Kinds of Tokens
- 5.7 Passing Tokens
- 5.8 Profiles of Tokens
- 5.9 Types of Tokens
- 5.10 OAuth Flow
- 5.11 Improper and Proper Uses of OAuth
- 5.12 Building OpenID Connect Atop OAuth
- 5.13 Conclusion
6. Unique Authorization Applications of OpenID Connect
- 6.1 How OpenID Connect Enables Native SSO
- 6.2 How to Use OpenID Connect to Enable Mobile Information Management and BYOD
- 6.3 How OpenID Connect Enables the Internet of Things
7. How To Control User Identity Within Microservices
- 7.1 What Are Microservices, Again?
- 7.2 Great, So What’s The Problem?
- 7.3 The Solution: OAuth As A Delegation Protocol
- 7.4 The Simplified OAuth 2 Flow
- 7.5 The OpenID Connect Flow
- 7.6 Using JWT For OAuth Access Tokens
- 7.7 Let All Microservices Consume JWT
- 7.8 Why Do This?
8. Data Sharing in the IoT
- 8.1 A New Economy Based on Shared, Delegated Ownership
- 8.2 Connected Bike Lock Example IoT Device
- 8.3 How This Works
- 8.4 Option #1: Access Tables
- 8.5 Option #2: Delegated Tokens: OpenID Connect
- 8.6 Review:
9. Securing Your Data Stream with P2P Encryption
- 9.1 Why Encrypt Data?
- 9.2 Defining Terms
- 9.3 Variants of Key Encryption
- 9.4 Built-in Encryption Solutions
- 9.5 External Encryption Solutions
- 9.6 Use-Case Scenarios
- 9.7 Example Code Executions
- 9.8 Conclusion
10. Day Zero Flash Exploits and Versioning Techniques
- 10.1 Short History of Dependency-Centric Design Architecture
- 10.2 The Hotfix — Versioning
- 10.3 Dependency Implementation Steps: EIT
- 10.4 Lessons Learned
- 10.5 Conclusion
11. Fostering an Internal Culture of Security
- 11.1 Holistic Security — Whose Responsibility?
- 11.2 The Importance of CIA: Confidentiality, Integrity, Availability
- 11.3 4 Aspects of a Security Culture
- 11.4 Considering “Culture”
- 11.5 All Organizations Should Perpetuate an Internal Culture of Security
Resources
- API Themed Events
- API Security Talks:
- Follow the Nordic APIs Blog
- More eBooks by Nordic APIs:
Endnotes

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. Free App. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets), MOBI (for Kindle) and in the free Leanpub App (for Mac, Windows, iOS and Android). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

Authors, publishers and universities use Leanpub to publish amazing in-progress and completed books and courses, just like this one. You can use Leanpub to write, publish and sell your book or course as well! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub

Top Bundles

View All

Technical leadership and the balance with agility

Visualise, document and explore your software architecture

Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication

2 Books

A Guide to Artificial Intelligence in Healthcare

The Technological Future of Medical Specialties

How To Prepare For The Age Of AI In Medicine?

2 Books

Django for Beginners/APIs/Professionals

3 Books

Growing Agile: A Coach's Guide to Training Scrum

Growing Agile: A Coach's Guide to Agile Requirements

Growing Agile: A Coach's Guide to Mastering Backlogs

Growing Agile: A Coach's Guide to Release Planning

Growing Agile: The Complete Coach's Guide

7 Books

Securing The API Stronghold

About the Book

Share this book

Feedback

About the Author

About the Contributors

Table of Contents

The Leanpub 45-day 100% Happiness Guarantee

Free Updates. Free App. DRM Free.

Write and Publish on Leanpub

Top Books

Top Bundles

About

Authors

Author Support

More

Legal