Securing The API Stronghold

Free!

Minimum price

$5.00

Suggested price

Securing The API Stronghold

The Ultimate Guide to API Security

1,823
Readers
English
PDF
EPUB
MOBI
WEB

About the Book

As the world becomes more and more connected, digital security is more and more a pressing concern. Especially in the Internet of Things (IoT), Application Programming Interface (API), and microservice spaces, the proper access management needs to be seriously addressed to ensure that web assets are securely distributed. We at Nordic APIs have collated our most helpful advice on API security into this eBook - a single tomb that introduces important terms, outlines proven API security stacks, and describes workflows using modern technologies. This knowledge is crucial for any web service that needs to properly authenticate, control access, delegate authority, and federate credentials across a system. Following an overview of basic concepts, we'll dive into specific considerations such as:

Detailing OAuth 2.0 and OpenID Connect protocols and workflows
Defining three distinct approaches to API licensing and availability
Performing delegation of user identity across microservices
Using OAuth and the Neo-Security stack to handle identity and access control
Differentiating Authentication, Authorization, Federation, and Delegation, and the importance of each
Using OpenID Connect for Native Single Sign On (SSO), Mobile Identity Management (MIM) & secure IoT applications
... and more

Please read on, share, and enjoy our 5th eBook from the Nordic APIs team, a free compilation of insights from identity experts security specialists.

*All proceeds from the sale of this eBook will be donated to the Salvation Army in Sweden.

Share this book
Feedback
Email the Author(s)

Nordic APIs

Authors for this eBook include: Kristopher Sandoval, Bill Doerrfeld, Travis Spencer, Andreas Krohn, and Jacob Ideskog.

Andreas Krohn

Co-Founder, Dopter

Bill Doerrfeld

Nordic APIs Editor in Chief

Jacob Ideskog

Co-Founder, Twobo Technologies

Kristopher Sandoval

Web Developer, Nordic APIs Blogger

Travis Spencer

Co-Founder, Twobo Technologies, Nordic APIs

Preface
1. Introducing API Security Concepts
- 1.1 Identity is at the Forefront of API Security
- 1.2 Neo-Security Stack
- 1.3 OAuth Basics
- 1.4 OpenID Connect
- 1.5 JSON Identity Suite
- 1.6 Neo-Security Stack Protocols Increase API Security
- 1.7 The Myth of API Keys
- 1.8 Access Management
- 1.9 IoT Security
- 1.10 Using Proven Standards
2. The 4 Defenses of The API Stronghold
- 2.1 Balancing Access and Permissions
- 2.2 Authentication: Identity
- 2.3 Authorization: Access
- 2.4 Federation: Reusing Credentials & Spreading Resources
- 2.5 Delegation: The Signet of (Limited) Power
- 2.6 Holistic Security vs. Singular Approach
- 2.7 Application For APIs
3. Equipping Your API With the Right Armor: 3 Approaches to Provisioning
- 3.1 Differences In API Approaches: Private, Public, & Partner APIs
- 3.2 Considerations and Caveats
- 3.3 So Where Is The Middle Ground?
- 3.4 Real-World Failure
- 3.5 Two Real-World Successes
- 3.6 Conclusion
4. Your API is Vulnerable: 4 Top Security Risks to Mitigate
- 4.1 Gauging Vulnerabilities
- 4.2 Black Hat vs. White Hat Hackers
- 4.3 Risk 1 - Security Relies on the Developer
- 4.4 Risk 2 - “Just Enough” Coding
- 4.5 Risk 3 - Misunderstanding Your Ecosystem
- 4.6 Risk 4 - Trusting the API Consumer With Too Much Control
- 4.7 Conclusion
5. Deep Dive into OAuth and OpenID Connect
- 5.1 OAuth and OpenID Connect in Context
- 5.2 Start with a Secure Foundation
- 5.3 Overview of OAuth
- 5.4 Actors in OAuth
- 5.5 Scopes
- 5.6 Kinds of Tokens
- 5.7 Passing Tokens
- 5.8 Profiles of Tokens
- 5.9 Types of Tokens
- 5.10 OAuth Flow
- 5.11 Improper and Proper Uses of OAuth
- 5.12 Building OpenID Connect Atop OAuth
- 5.13 Conclusion
6. Unique Authorization Applications of OpenID Connect
- 6.1 How OpenID Connect Enables Native SSO
- 6.2 How to Use OpenID Connect to Enable Mobile Information Management and BYOD
- 6.3 How OpenID Connect Enables the Internet of Things
7. How To Control User Identity Within Microservices
- 7.1 What Are Microservices, Again?
- 7.2 Great, So What’s The Problem?
- 7.3 The Solution: OAuth As A Delegation Protocol
- 7.4 The Simplified OAuth 2 Flow
- 7.5 The OpenID Connect Flow
- 7.6 Using JWT For OAuth Access Tokens
- 7.7 Let All Microservices Consume JWT
- 7.8 Why Do This?
8. Data Sharing in the IoT
- 8.1 A New Economy Based on Shared, Delegated Ownership
- 8.2 Connected Bike Lock Example IoT Device
- 8.3 How This Works
- 8.4 Option #1: Access Tables
- 8.5 Option #2: Delegated Tokens: OpenID Connect
- 8.6 Review:
9. Securing Your Data Stream with P2P Encryption
- 9.1 Why Encrypt Data?
- 9.2 Defining Terms
- 9.3 Variants of Key Encryption
- 9.4 Built-in Encryption Solutions
- 9.5 External Encryption Solutions
- 9.6 Use-Case Scenarios
- 9.7 Example Code Executions
- 9.8 Conclusion
10. Day Zero Flash Exploits and Versioning Techniques
- 10.1 Short History of Dependency-Centric Design Architecture
- 10.2 The Hotfix — Versioning
- 10.3 Dependency Implementation Steps: EIT
- 10.4 Lessons Learned
- 10.5 Conclusion
11. Fostering an Internal Culture of Security
- 11.1 Holistic Security — Whose Responsibility?
- 11.2 The Importance of CIA: Confidentiality, Integrity, Availability
- 11.3 4 Aspects of a Security Culture
- 11.4 Considering “Culture”
- 11.5 All Organizations Should Perpetuate an Internal Culture of Security
Resources
- API Themed Events
- API Security Talks:
- Follow the Nordic APIs Blog
- More eBooks by Nordic APIs:
Endnotes

Authors have earned$9,883,643writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub

Top Books

#1
C++ Best Practices
Jason Turner
Level up your C++, get the tools working for you, eliminate common problems, and move on to more exciting things!
#2
OpenIntro Statistics
David Diez, Christopher Barr, Mine Cetinkaya-Rundel, and OpenIntro
A complete foundation for Statistics, also serving as a foundation for Data Science.

Leanpub revenue supports OpenIntro (US-based nonprofit) so we can provide free desk copies to teachers interested in using OpenIntro Statistics in the classroom and expand the project to support free textbooks in other subjects.

More resources: openintro.org.
#3
Functional Design and Architecture
Alexander Granin
Software Design in Functional Programming, Design Patterns and Practices, Methodologies and Application Architectures. How to build real software in Haskell with less efforts and low risks. The first complete source of knowledge.
#4
R Programming for Data Science
Roger D. Peng
This book brings the fundamentals of R programming to you, using the same material developed as part of the industry-leading Johns Hopkins Data Science Specialization. The skills taught in this book will lay the foundation for you to begin your journey learning data science. Printed copies of this book are available through Lulu.
#5
C++20
Rainer Grimm
C++20 is the next big C++ standard after C++11. As C++11 did it, C++20 changes the way we program modern C++. This change is, in particular, due to the big four of C++20: ranges, coroutines, concepts, and modules.
#6
I am a Software Engineer and I am in Charge
Alexis Monville and Michael Doyle
I am a Software Engineer and I am in Charge is a real-world, practical book that helps you increase your impact and satisfaction at work no matter who you work with.
In the book, we will follow Sandrine, a fictional character who learns to think in a new way enabling her to take a different course of action.
#7
Atomic Kotlin
Bruce Eckel and Svetlana Isakova
For both beginning and experienced programmers! From the author of the multi-award-winning Thinking in C++ and Thinking in Java together with a member of the Kotlin language team comes a book that breaks the concepts into small, easy-to-digest "atoms," along with exercises supported by hints and solutions directly inside IntelliJ IDEA!
#8
Invest In Digital Health - The Medical Futurist's Guide
Dr. Bertalan Mesko
Artificial Intelligence and Digital Health are booming. In this book, we explain why now it's a good time to invest in Digital Health and give recommendations on where to invest by looking at the top 24 technological trends we find the most promising.
#9
The Hundred-Page Machine Learning Book
Andriy Burkov
Everything you really need to know in Machine Learning in a hundred pages.
#10
Mastering STM32
Carmine Noviello
With more than 600 microcontrollers, STM32 is probably the most complete ARM Cortex-M platform on the market. This book aims to be the first guide around that introduces the reader to this exciting MCU portfolio from ST Microelectronics and its official CubeHAL.

Securing The API Stronghold

Securing The API Stronghold

The Ultimate Guide to API Security

About the Book

Share this book

Feedback

Authors have earned$9,883,643writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Free Updates. DRM Free.

Write and Publish on Leanpub

Top Books

C++ Best Practices

OpenIntro Statistics

Functional Design and Architecture

R Programming for Data Science

C++20

I am a Software Engineer and I am in Charge

Atomic Kotlin

Invest In Digital Health - The Medical Futurist's Guide

The Hundred-Page Machine Learning Book

Mastering STM32

Top Bundles

Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication

CCIE Service Provider Ultimate Study Bundle

The Future of Digital Health

Cisco CCNA 200-301 Complet

CCDE Practical Studies (All labs)

"The C++ Standard Library" and "Concurrency with Modern C++"

Modern Management Made Easy

Linux Administration Complet

Programming with Ease

Vagrant Ansible

Publish Early, Publish Often

Path

READERS

Newsletters

Store

Support

FRONTMATTER PODCAST

COMPANY

About

Essays

More

AUTHORS

Write and Publish on Leanpub

Author Newsletter

Author Support

Developer Support

Companies

Universities

LEGAL

Authors have earned$9,883,643writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub