Advanced API Security : OAuth 2. 0 and Beyond /

Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Siriwardena, Prabath
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Berkeley, CA : Apress L.P., 2020.
Edición:2nd ed.
Temas:
Application software > Security measures.
Logiciels d'application > Sécurité > Mesures.
Computer security.
Computers, Special purpose.
Data protection.
Programming languages (Electronic computers)
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Intro
  • Table of Contents
  • About the Author
  • Acknowledgments
  • Introduction
  • Chapter 1: APIs Rule!
  • API Economy
  • Amazon
  • Salesforce
  • Uber
  • Facebook
  • Netflix
  • Walgreens
  • Governments
  • IBM Watson
  • Open Banking
  • Healthcare
  • Wearables
  • Business Models
  • The API Evolution
  • API Management
  • The Role of APIs in Microservices
  • Summary
  • Chapter 2: Designing Security for APIs
  • Trinity of Trouble
  • Design Challenges
  • User Experience
  • Performance
  • Weakest Link
  • Defense in Depth
  • Insider Attacks
  • Security by Obscurity
  • Design Principles
  • Least Privilege
  • Fail-Safe Defaults
  • Economy of Mechanism
  • Complete Mediation
  • Open Design
  • Separation of Privilege
  • Least Common Mechanism
  • Psychological Acceptability
  • Security Triad
  • Confidentiality
  • Integrity
  • Availability
  • Security Control
  • Authentication
  • Something You Know
  • Something You Have
  • Something You Are
  • Authorization
  • Nonrepudiation
  • Auditing
  • Summary
  • Chapter 3: Securing APIs with Transport Layer Security (TLS)
  • Setting Up the Environment
  • Deploying Order API
  • Securing Order API with Transport Layer Security (TLS)
  • Protecting Order API with Mutual TLS
  • Running OpenSSL on Docker
  • Summary
  • Chapter 4: OAuth 2.0 Fundamentals
  • Understanding OAuth 2.0
  • OAuth 2.0 Actors
  • Grant Types
  • Authorization Code Grant Type
  • Implicit Grant Type
  • Resource Owner Password Credentials Grant Type
  • Client Credentials Grant Type
  • Refresh Grant Type
  • How to Pick the Right Grant Type?
  • OAuth 2.0 Token Types
  • OAuth 2.0 Bearer Token Profile
  • OAuth 2.0 Client Types
  • JWT Secured Authorization Request (JAR)
  • Pushed Authorization Requests (PAR)
  • Summary
  • Chapter 5: Edge Security with an API Gateway
  • Setting Up Zuul API Gateway
  • Running the Order API
  • Running the Zuul API Gateway
  • What Happens Underneath?
  • Enabling TLS for the Zuul API Gateway
  • Enforcing OAuth 2.0 Token Validation at the Zuul API Gateway
  • Setting Up an OAuth 2.0 Security Token Service (STS)
  • Testing OAuth 2.0 Security Token Service (STS)
  • Setting Up Zuul API Gateway for OAuth 2.0 Token Validation
  • Enabling Mutual TLS Between Zuul API Gateway and Order Service
  • Securing Order API with Self-Contained Access Tokens
  • Setting Up an Authorization Server to Issue JWT
  • Protecting Zuul API Gateway with JWT
  • The Role of a Web Application Firewall (WAF)
  • Summary
  • Chapter 6: OpenID Connect (OIDC)
  • From OpenID to OIDC
  • Amazon Still Uses OpenID 2.0
  • Understanding OpenID Connect
  • Anatomy of the ID Token
  • OpenID Connect Request
  • Requesting User Attributes
  • OpenID Connect Flows
  • Requesting Custom User Attributes
  • OpenID Connect Discovery
  • OpenID Connect Identity Provider Metadata
  • Dynamic Client Registration
  • OpenID Connect for Securing APIs
  • Summary
  • Chapter 7: Message-Level Security with JSON Web Signature
  • Understanding JSON Web Token (JWT)
  • JOSE Header

Ejemplares similares