Upload File

wso2con asia 2016: securing apis: how, what, why, when

  • Home
  • Technology
  • WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
20

Upload: wso2-inc

Post on 16-Apr-2017

598 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 2: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 3: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

https://api.github.com/user/repos
Page 4: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

Authorization: Digest username="prabath", realm="cute-cupcakes.com", nonce="1390781967182:c2db4ebb26207f6ed38bb08eeffc7422", uri="/recipe", cnonce="MTM5MDc4", nc=00000001, qop="auth", response="f5bfb64ba8596d1b9ad1514702f5a062", opaque="F5288F4526B8EAFFC4AC79F04CA8A6ED"

HTTP/1.1 401 UnauthorizedWWW-Authenticate: Digest realm="cute-cupcakes.com", qop="auth”, nonce="1390781967182:c2db4ebb26207f6ed38bb08eeffc7422", opaque="F5288F4526B8EAFFC4AC79F04CA8A6ED"

https://localhost:8443/recipe
Page 5: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 6: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

▪▪

https://localhost:8443/recipe
Page 7: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

OAuth•

•–

•–

•––

•–––

Page 8: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 9: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 10: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

-

Page 11: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 12: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 13: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 14: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 15: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

POST /introspection HTTP/1.1Accept: application/x-www-form-urlencodedHost: server.example.comAuthorization: Basic czZCaGRSa3F0Mzo3RmpmcDBaQnIxS3REUmJuZlZkbUl3

token=X3241Affw.4233-99JXJ&resource_id=…

{ "active": true, "client_id":"s6BhdRkqt3", "scope": "read write dolphin", "sub": "2309fj32kl", "aud": http://example.org/protected-resource/*}

http://example.org/protected-resource/*
Page 16: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 17: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

Page 18: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When
Page 19: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

•• : ,

Page 20: WSO2Con ASIA 2016: Securing APIs: How, What, Why, When

DevOps, CI, APIs, Oh My! Security Gone Agile - SANS · DevOps, CI, APIs, Oh My! Security Gone Agile Matt Tesauro, SANS AppSec 2014 – Austin, TX, February 2014 . RACKSPACE ... Securing

WSO2Con USA 2017: APIs as Your Digital Connector

Securing RESTful APIs using OAuth 2 and OpenID Connect

WSO2Con USA 2015: Securing your APIs: Patterns and More

Expose Existing z Systems Assets as APIs to extend your ...€¦ · Expose Existing z Systems Assets as APIs to extend your Customer Reach ... Securing APIs using a secure GW from

Accelerating and Protecting APIs | Akamai · ACCELERATING AND PROTECTING APIs WITH AKAMAI ... For a deep dive into accelerating and securing your APIs, check out this …

Securing RESTful Payment APIs Using OAuth 2

APIS M / APIS 15 / APIS 13 / APIS WR / APIS E - skynet.beusers.skynet.be/am259776/APIS FOLDER.pdf · APIS M / APIS 15 / APIS 13 / APIS WR / APIS E APIS, CARAT, AM- 01, DG- 303 ELAN,

Integrations Securing Messaging, APIS, and

Five Simple Strategies for Securing APIs · What Are APIs and are They Worth the Risk? 4 How Do You Make the Enterprise Flexible? APIs are an emerging technology for integrating applications

WSO2Con EU 2016: Securing APIs: How, What, Why, When

Challenges and Best Practices in Securing APIs

Securing APIs: The New Application Attack Surface

Protecting APIs and Securing Applications So Business Can

Securing APIs throughout the enterprise - IBM€¦ · Securing APIs throughout the enterprise z API Roadshow Eric Phan z Systems IT Specialist ... Use for securing access to mainframe,

WSO2Con US 2013 - APIs Everywhere

Securing Web APIs for JavaScript/SPA Apps · •Can use same-site cookies for single domain apps and APIs •Can use token based authentication for more complex scenarios •Use OpenID

Securing APIs with OAuth 2.0

WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Architecture

State of Securing Restful APIs s12gx2015

SECURING REST APIS PROTECTING OF MOBILE C … · Session ID: Session Classification: John Thielens Axway SPO-W03A Intermediate SECURING REST APIS— PROTECTING THE NEW WORLD OF MOBILE

Securing your APIs with OAuth 2.0 in InterSystems API

Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3

WSO2Con 2011: Introduction to Stratos

Securing APIs using OAuth 2.0

CIS13: APIs, Identity, and Securing the Enterprise

Securing your APIs on the Cloud - Red Hat€¦ · SECURING YOUR APIS ON THE CLOUD 31 3scale API Management Istio Service Mesh API Contracts Monetisation Partner Ecosystem Developer

Wso2con identity patterns

WSO2Con US 2013 - Powering an enterprise with messaging and APIs

Securing and Governing Cloud APIs

Five Simple Strategies for Securing APIs - CA Technologies · Five Simple Strategies for Securing APIs. ... But it is a mistake to think we can secure APIs using the same methods

Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, 2014

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

Securing APIs

Enabling and Securing Digital Business in API Economy · SUI BIEF Enabling and Securing Digital Business in API Economy Protect APIs Serving Business Critical Applications