عنوان

Advanced API Security :

(Number (ISBN

1484220501

(Number (ISBN

9781484220504

Erroneous ISBN

9781484220498

Title Proper

Advanced API Security :

General Material Designation

[Book]

Other Title Information

OAuth 2. 0 and Beyond /

First Statement of Responsibility

Prabath Siriwardena.

Edition Statement

2nd ed.

Place of Publication, Distribution, etc.

Berkeley, CA :

Name of Publisher, Distributor, etc.

Apress L.P.,

Date of Publication, Distribution, etc.

2020.

Specific Material Designation and Extent of Item

1 online resource (455 pages)

Text of Note

JWT Claims Set

Text of Note

Intro -- Table of Contents -- About the Author -- Acknowledgments -- Introduction -- Chapter 1: APIs Rule! -- API Economy -- Amazon -- Salesforce -- Uber -- Facebook -- Netflix -- Walgreens -- Governments -- IBM Watson -- Open Banking -- Healthcare -- Wearables -- Business Models -- The API Evolution -- API Management -- The Role of APIs in Microservices -- Summary -- Chapter 2: Designing Security for APIs -- Trinity of Trouble -- Design Challenges -- User Experience -- Performance -- Weakest Link -- Defense in Depth -- Insider Attacks -- Security by Obscurity -- Design Principles

Text of Note

Least Privilege -- Fail-Safe Defaults -- Economy of Mechanism -- Complete Mediation -- Open Design -- Separation of Privilege -- Least Common Mechanism -- Psychological Acceptability -- Security Triad -- Confidentiality -- Integrity -- Availability -- Security Control -- Authentication -- Something You Know -- Something You Have -- Something You Are -- Authorization -- Nonrepudiation -- Auditing -- Summary -- Chapter 3: Securing APIs with Transport Layer Security (TLS) -- Setting Up the Environment -- Deploying Order API -- Securing Order API with Transport Layer Security (TLS)

Text of Note

Protecting Order API with Mutual TLS -- Running OpenSSL on Docker -- Summary -- Chapter 4: OAuth 2.0 Fundamentals -- Understanding OAuth 2.0 -- OAuth 2.0 Actors -- Grant Types -- Authorization Code Grant Type -- Implicit Grant Type -- Resource Owner Password Credentials Grant Type -- Client Credentials Grant Type -- Refresh Grant Type -- How to Pick the Right Grant Type? -- OAuth 2.0 Token Types -- OAuth 2.0 Bearer Token Profile -- OAuth 2.0 Client Types -- JWT Secured Authorization Request (JAR) -- Pushed Authorization Requests (PAR) -- Summary -- Chapter 5: Edge Security with an API Gateway

Text of Note

Setting Up Zuul API Gateway -- Running the Order API -- Running the Zuul API Gateway -- What Happens Underneath? -- Enabling TLS for the Zuul API Gateway -- Enforcing OAuth 2.0 Token Validation at the Zuul API Gateway -- Setting Up an OAuth 2.0 Security Token Service (STS) -- Testing OAuth 2.0 Security Token Service (STS) -- Setting Up Zuul API Gateway for OAuth 2.0 Token Validation -- Enabling Mutual TLS Between Zuul API Gateway and Order Service -- Securing Order API with Self-Contained Access Tokens -- Setting Up an Authorization Server to Issue JWT -- Protecting Zuul API Gateway with JWT

Text of Note

The Role of a Web Application Firewall (WAF) -- Summary -- Chapter 6: OpenID Connect (OIDC) -- From OpenID to OIDC -- Amazon Still Uses OpenID 2.0 -- Understanding OpenID Connect -- Anatomy of the ID Token -- OpenID Connect Request -- Requesting User Attributes -- OpenID Connect Flows -- Requesting Custom User Attributes -- OpenID Connect Discovery -- OpenID Connect Identity Provider Metadata -- Dynamic Client Registration -- OpenID Connect for Securing APIs -- Summary -- Chapter 7: Message-Level Security with JSON Web Signature -- Understanding JSON Web Token (JWT) -- JOSE Header

0

8

8

8

8

Text of Note

Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0.

Source for Acquisition/Subscription Address

Springer Nature

Stock Number

com.springer.onix.9781484220504

Title

Advanced API Security : OAuth 2. 0 and Beyond.

International Standard Book Number

9781484220498

Application software-- Security measures.

Computer security.

Computers, Special purpose.

Data protection.

Programming languages (Electronic computers)

Number

Edition

Class number

Class number

Siriwardena, Prabath.

Date of Transaction

20200823031943.0

Cataloguing Rules (Descriptive Conventions))

pn

Electronic name

[Book]

Y