APIs have become the foundation of modern software. A reliable API turns a service into a ready-made building block for developers to build into their applications. But the openness and accessibility that make APIs so popular can also put them at risk for security breaches. That’s why building security into your APIs is so important. This mini ebook is a great way to get you started!
About the book
API Security Starter showcases chapters from three Manning books chosen by author and digital security expert Neil Madden. You’ll start with an introduction to API security elements and take a look at security mechanisms including identification and authentication as well as access control and authorization. As you build a sample API project in the next chapter, you’ll see examples of attacks against APIs and learn how to guard against those attacks, applying basic secure development principles as you go. Next, you’ll zoom in on the importance of integrating security into the design and implementation of microservices. Last but not least, you’ll discover security-minded API design constructs. With the valuable lessons and best practices in this guide, you’ll have the skills you need to get started building secure APIs.
Part 3: Securing north/south traffic with an API gateway
Securing north/south traffic with an API gateway
3.1 The need for an API gateway in a microservices deployment
3.2 Security at the edge
3.3 Setting up an API gateway with Zuul
3.4 Securing communication between Zuul and the microservice
Part 4: Code constructs promoting security
Code constructs promoting security
4.2 Failing fast using contracts
“What is API security” - Chapter 1 from API Security in Action by Neil Madden
“Secure API development” - Chapter 2 from API Security in Action by Neil Madden
“Deploying a Microservice behind an API gateway” - Chapter 3 from Microservices Security in Action by Prabath Siriwardena and Nuwan Dias
“Code constructs promoting security” - Chapter 4 from Secure by Design by Dan Bergh Johnsson, Daniel Deogun, and Daniel Sawano
Neil Madden is Security Director at ForgeRock and has an in-depth knowledge of applied cryptography, application security, and current API security technologies. He has worked as a programmer for 20 years and holds a PhD in Computer Science.