Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE
Book Details:
Pages: | 260 |
Published: | Aug 10 2014 |
Posted: | Nov 26 2014 |
Language: | English |
Book format: | PDF |
Book size: | 2.69 MB |
Book Description:
Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. Build APIs with rock-solid security today with Advanced API Security.Takes you through the best practices in designing APIs for rock-solid security.Provides an in depth tutorial of most widely adopted security standards for API security.Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best.What youll learnBuild APIs with rock-solid security by understanding best practices and design guidelines.Get a thorough understanding about widely adopted security standards for API security.Compare and contrast different security standards/protocols to find out what suits your business needs, the best.Expand business APIs to partners and outsiders with Identity Federation.Get hands-on experience in developing clients against Facebook, Twitter, and Salesforce APIs.Understand and learn how to mitigate security threats.Who this book is forAdvanced API Security is for enterprise security architects and developers who are designing, building and managing APIs. The book will provide guidelines, best practices in designing APIs and threat mitigation techniques for enterprise security architects while developers would be able to gain hands-on experience by developing API clients against Facebook, Twitter, Salesforce and many other cloud service providers.Table of ContentsManaged APIsSecurity by DesignHTTP Basic/Digest AuthenticationMutual Authentication and Transport Level SecurityIdentity DelegationOAuth 1.0OAuth 2.0 AND Bearer Token ProfileOAuth 2.0 MAC Token ProfileOauth 2.0 ProfilesUser Managed Access (UMA)FederationOpenID ConnectJWT, JWS, and JWEPatterns Practices
Securing ASP.NET Web API
ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols youre familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with.Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and s...
Architecture, API Design, and Implementation
2nd Edition
Series: The Java Series Security is an integral part of the Java platform; all Java APIs are built on a solid security model. That model has always been stronger than the security of other platforms, never allowing for the proliferation of a large virus such as "Melissa" or "I Love You." Now improved security and robust performance peacefully coexist. This book provides a detailed look into the central workings of the Java security architecture, including coverage of the many v1.4 enhancements. This book reviews multiple security threats, such as Trojan horses and denial of service attacks, and the strategies used to combat them. St...
Towards the Security Limits of Secure Embedded Circuits
Advanced DPA Theory and Practice provides a thorough survey of new physical leakages of embedded systems, namely the power and the electromagnetic emanations. The book presents a thorough analysis about leakage origin of embedded system. This book examines the systematic approach of the different aspects and advanced details about experimental setup for electromagnetic attack. The author discusses advanced statistical methods to successfully attack embedded devices such as high-order attack, template attack in principal subspaces, machine learning methods. The book includes theoretical framework to define side-channel based on two metrics: mutual information and success rate....
2007 - 2021 © eBooks-IT.org