API Security Starter
With chapters selected by Neil Madden
  • April 2020
  • ISBN 9781617297823
  • 122 pages
APIs have become the foundation of modern software. A reliable API turns a service into a ready-made building block for developers to build into their applications. But the openness and accessibility that make APIs so popular can also put them at risk for security breaches. That’s why building security into your APIs is so important. This mini ebook is a great way to get you started!

About the book

API Security Starter showcases chapters from three Manning books chosen by author and digital security expert Neil Madden. You’ll start with an introduction to API security elements and take a look at security mechanisms including identification and authentication as well as access control and authorization. As you build a sample API project in the next chapter, you’ll see examples of attacks against APIs and learn how to guard against those attacks, applying basic secure development principles as you go. Next, you’ll zoom in on the importance of integrating security into the design and implementation of microservices. Last but not least, you’ll discover security-minded API design constructs. With the valuable lessons and best practices in this guide, you’ll have the skills you need to get started building secure APIs.
Table of Contents detailed table of contents

Introduction

Part 1: What is API security?

What is API security?

1.1 An analogy: taking your driving test

1.2 What is an API?

1.3 API security in context

1.4 Elements of API security

1.5 Security mechanisms

Part 2: Secure API development

Secure API development

2.1 The Natter API

2.2 Developing the REST API

2.3 Wiring up the REST endpoints

2.4 Injection attacks

2.5 Input validation

2.6 Producing safe output

2.7 What hasn’t been covered

2.8 Summary

Part 3: Securing north/south traffic with an API gateway

Securing north/south traffic with an API gateway

3.1 The need for an API gateway in a microservices deployment

3.2 Security at the edge

3.3 Setting up an API gateway with Zuul

3.4 Securing communication between Zuul and the microservice

Part 4: Code constructs promoting security

Code constructs promoting security

4.1 Immutability

4.2 Failing fast using contracts

4.3 Validation

What's inside

  • “What is API security” - Chapter 1 from API Security in Action by Neil Madden
  • “Secure API development” - Chapter 2 from API Security in Action by Neil Madden
  • “Deploying a Microservice behind an API gateway” - Chapter 3 from Microservices Security in Action by Prabath Siriwardena and Nuwan Dias
  • “Code constructs promoting security” - Chapter 4 from Secure by Design by Dan Bergh Johnsson, Daniel Deogun, and Daniel Sawano

About the author

Neil Madden is Security Director at ForgeRock and has an in-depth knowledge of applied cryptography, application security, and current API security technologies. He has worked as a programmer for 20 years and holds a PhD in Computer Science.

placing your order...

Don't refresh or navigate away from the page.
eBook $0.00 PDF only + liveBook
API Security Starter (eBook) added to cart
continue shopping
go to cart

Prices displayed in rupees will be charged in USD when you check out.

FREE domestic shipping on three or more pBooks