Antonio Sanso

ANTONIO SANSO works as Senior Software Engineer at Adobe Research, Switzerland, where he is part of the Adobe Experience Manager security team. Prior to this, he worked as software engineer in the IBM Dublin Software Lab in Ireland. He found vulnerabilities in popular software, such as OpenSSL, Google Chrome, and Apple Safari, and he is included in the Google, Facebook, Microsoft, Paypal, and Github security hall of fame. He is an avid open source contributor, being the Vice President (chair) for Apache Oltu and a PMC member for Apache Sling. His working interests range from web application security to cryptography. Antonio is also the author of more than a dozen computer security patents and applied cryptography academic papers. He holds an MSc in Computer Science.

books by Antonio Sanso

Understanding API Security

  • February 2017
  • ISBN 9781617294327
  • 205 pages

Gone are the days when it was acceptable for a piece of software to live in its own little silo, disconnected from the outside world. Today, services are expected to be available for programming, mixing, and building into new applications. The web-based Application Programming Interface, or API, is how services make themselves available in this dynamic world. By exposing an API, a service can find new life and utility far beyond what its core functionality was designed to be. But these APIs need to be secured and protected in order to be truly useful. An API that's simply left open to everyone, with no security controls, cannot be used to protect personalized or sensitive information, which severely limits its usefulness.

The OAuth delegation and authorization protocol is one of the most popular standards for API security today. Understanding API Security is a selection of chapters from several Manning books that give you some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them.

OAuth 2 in Action

  • March 2017
  • ISBN 9781617293276
  • 360 pages
  • printed in black & white
  • Available translations: Japanese, Korean, Simplified Chinese

OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.