SlideShare a Scribd company logo

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Download as PPTX, PDF
Akana
Akana

The document discusses API security and outlines the SOA Software API platform. It describes the evolution of digital channels from client-server/web applications to web services to APIs. It then covers various aspects of API security like authentication, authorization, OAuth, message security, threat protection, content filtering, rate limiting. Finally, it provides an overview of the capabilities of the SOA Software API platform for securing APIs across the lifecycle.

Internet
1 of 28
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API Security: Securing Digital Channels and Mobile Apps Against Hacks Sachin Agarwal VP, Product Marketing
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API and SOA Resources • Resource Center – http://resource.soa.com/ • Webinar Recording – http://resource.soa.com/resource/webinars • Follow us on: www.facebook.com/soasoftware www.linkedin.com/company/soasoftware @soasoftwareinc
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. What is an API? Your ApplicationYour APIYour Customers
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. APIs – Extend the Reach of your Business
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. EVOLUTION OF DIGITAL CHANNELS
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Client-Server/ Web Applications • No Programmatic Access • Security through network isolation • Limited Users Access locations and variability of operations were limited
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Web Services The enterprise opened slightly with Web Services/SOAP • SSL/TLS, Certificate based, PKI, WS-Trust • Some B2B and Partners applications • Complex, but quite secure and flexible
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. And then came APIs Disrupting how and where information is accessed • Mobile and Social Apps don’t’ understand PKI, WS-Security, etc. • Focus on human readability, developer adoption
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Realizing End-to-End Security Managing the User Experience Securing the App - PII, PHI Enabling Easy Developer Access Securing the Channel Securing the Backend
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Understanding the Security Landscape • Protocol specific threats • Key Management • OAuth • Monitoring • Licensing • Security Token Mediation API Specific Security Single Sign On MDM ATP, Firewall, VPN etc.
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. UNDERSTANDING API SECURITY
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. The API Lifecycle Transform & Secure Publish Monetize Dev. Adoption API SOAP to REST Mobile- Optimization OAuth Mediation Analytics API Documentation Applications and Services Apps API Producers API Consumers
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API Security 1 Authentication & Authorization 2 App Key Validation/ Licensing 3 Message Security 4 Threat Protection 5 Content Filtering 6 Rate Limiting Developers
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Authentication/Authorization/SSO Control and restrict access to your APIs Make it easy yet secure
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Understanding OAuth OAuth lets a person delegate constrained access from one app to another User Resource Owner Client App Resource Server
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. OAuth Flow
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. OAuth – You need • OAuth Clients • Provisioning • Approval Flow • OAuth Server • Identity Integration • Token Validation • Token Issue/refresh • Token Mediation (SAML, LDAP etc) • QoS, Monitoring • Policy Management • API Proxying • Reporting • Analytics OAuth is hard and complicated
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Licensing Package your APIs in different ways Use API keys to restrict what the App can access The licenses control: – OAuth Authorization Scopes – Document visibility – Quota policies
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Message and Parameter Security HTTP Parameter • http://apis.foo.com/resources/sample/foo?app_id=myid&app_key=mykey • Protect API Keys with HMAC – Hash-based Message Authentication Code Message Security • Implement HTTPS • For XML payloads encrypt specific parts of the message
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Threat Protection • Denial of Service • Injection Attacks – Detect and prevent SQL, JavaScript or XPath/XQuery injection attacks • Cross Site Scripting • Network address and range blacklists/whitelists • HTTP Parameter Stuffing
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Content Filtering • Provide a content firewall, protecting against malicious content • Validate message content including message headers, form and query parameters, XML and JSON data structures. • Policies for XML and JSON DoS • Protection against viruses in attachments and other binary content via ICAP integration with leading anti-virus engines
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Quota Management/Rate Limiting Restrict the number of calls an App can make Apply controls based on context, affinity, segmentation etc.
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. SOA Software API Gateway Gateway Security Authentication Protection IAM Integration Encryption Mediation Quality of Service Paging/Caching Orchestration Scripting
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. The SOA Software API Platform Analytics Developer Engagement Gateway Services Service Integration Lifecycle Management
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Flexible Deployment Model
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. SOA Software API Platform Capabilities Platform Licensing Quota Mgmt. Partner Mgmt. PCI Compliance Provisioning Policy Mgmt. Monitoring OAuth Federation Analytics Lifecycle API/Services Application User Compliance Integrations Gateway Security Authentication Protection IAM Integration Encryption Mediation Quality of Service Paging/Caching Orchestration Scripting API Portal Search Documentation Groups Social
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Questions
Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API and SOA Resources • Resource Center – http://resource.soa.com/ • Webinar Recording – http://resource.soa.com/resource/webinars • Follow us on: www.facebook.com/soasoftware www.linkedin.com/company/soasoftware @soasoftwareinc

Recommended

The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
 
CIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and HacksCIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and Hacks
CloudIDSummit
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API Security
Akana
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoft
akshay yeluru
 
Security components in mule esb
Security components in mule esbSecurity components in mule esb
Security components in mule esb
himajareddys
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the Web
Akana
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
 

Recommended

The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
 
CIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and HacksCIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and Hacks
CloudIDSummit
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API Security
Akana
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoft
akshay yeluru
 
Security components in mule esb
Security components in mule esbSecurity components in mule esb
Security components in mule esb
himajareddys
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the Web
Akana
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
Apigee | Google Cloud
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
Eldert Grootenboer
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
Akana
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
CA API Management
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
CA API Management
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id concept
Mostafa El Lathy
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
CloudIDSummit
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
DevOps.com
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
Will Tran
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
SOA Security Model For EAI
SOA Security Model For EAISOA Security Model For EAI
SOA Security Model For EAI
vivekjv
 
Informatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken MethodesInformatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken Methodes
Leon Kuunders
 

More Related Content

What's hot

Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
Apigee | Google Cloud
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
Eldert Grootenboer
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
Akana
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
CA API Management
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
CA API Management
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id concept
Mostafa El Lathy
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
CloudIDSummit
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
DevOps.com
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
Will Tran
 

What's hot (19)

Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile Apps
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id concept
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
 

Viewers also liked

Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
SOA Security Model For EAI
SOA Security Model For EAISOA Security Model For EAI
SOA Security Model For EAI
vivekjv
 
Informatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken MethodesInformatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken Methodes
Leon Kuunders
 
Web services and SOA
Web services and SOAWeb services and SOA
Web services and SOA
Subin Sugunan
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
Intuit Developer
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model Requirements
CA API Management
 
Data-Ed Online: How Safe is Your Data? Data Security
Data-Ed Online: How Safe is Your Data? Data SecurityData-Ed Online: How Safe is Your Data? Data Security
Data-Ed Online: How Safe is Your Data? Data SecurityDATAVERSITY
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 

Viewers also liked (10)

Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
SOA Security Model For EAI
SOA Security Model For EAISOA Security Model For EAI
SOA Security Model For EAI
 
Informatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken MethodesInformatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken Methodes
 
Web services and SOA
Web services and SOAWeb services and SOA
Web services and SOA
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model Requirements
 
Data-Ed Online: How Safe is Your Data? Data Security
Data-Ed Online: How Safe is Your Data? Data SecurityData-Ed Online: How Safe is Your Data? Data Security
Data-Ed Online: How Safe is Your Data? Data Security
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

Similar to API Security: Securing Digital Channels and Mobile Apps Against Hacks

The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseAkana
 
APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?Akana
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
Akana
 
API and SOA: Two sides of the same coin
API and SOA: Two sides of the same coinAPI and SOA: Two sides of the same coin
API and SOA: Two sides of the same coinSachin Agarwal
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?Akana
 
Are APIs and SOA Converging
Are APIs and SOA ConvergingAre APIs and SOA Converging
Are APIs and SOA ConvergingSachin Agarwal
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?Akana
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebAkana
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API CommunitiesAkana
 
Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API Communities
Akana
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoAkana
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
Akana
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption PatternsAkana
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
Akana
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and Demo
Akana
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
Akana
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
API Frenzy: The Implications and Planning for a Successful API Strategy
API Frenzy: The Implications and Planning for a Successful API StrategyAPI Frenzy: The Implications and Planning for a Successful API Strategy
API Frenzy: The Implications and Planning for a Successful API Strategy
Akana
 
Api frenzy june 2013 v2
Api frenzy june 2013 v2Api frenzy june 2013 v2
Api frenzy june 2013 v2Sachin Agarwal
 

Similar to API Security: Securing Digital Channels and Mobile Apps Against Hacks (20)

The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 
APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
 
API and SOA: Two sides of the same coin
API and SOA: Two sides of the same coinAPI and SOA: Two sides of the same coin
API and SOA: Two sides of the same coin
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
 
Are APIs and SOA Converging
Are APIs and SOA ConvergingAre APIs and SOA Converging
Are APIs and SOA Converging
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the Web
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API Communities
 
Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API Communities
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and Demo
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and Demo
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
API Frenzy: The Implications and Planning for a Successful API Strategy
API Frenzy: The Implications and Planning for a Successful API StrategyAPI Frenzy: The Implications and Planning for a Successful API Strategy
API Frenzy: The Implications and Planning for a Successful API Strategy
 
Api frenzy june 2013 v2
Api frenzy june 2013 v2Api frenzy june 2013 v2
Api frenzy june 2013 v2
 

More from Akana

The Latest in API Orchestration, Mediation, and Integration
The Latest in API Orchestration, Mediation, and IntegrationThe Latest in API Orchestration, Mediation, and Integration
The Latest in API Orchestration, Mediation, and Integration
Akana
 
Eat Your Microservices Elephant One Bite at a Time
Eat Your Microservices Elephant One Bite at a TimeEat Your Microservices Elephant One Bite at a Time
Eat Your Microservices Elephant One Bite at a Time
Akana
 
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAPI Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform Overview
Akana
 
API Economy - The Making of a Digital Business
API Economy - The Making of a Digital BusinessAPI Economy - The Making of a Digital Business
API Economy - The Making of a Digital Business
Akana
 
Extracting Insights from your API Programs
Extracting Insights from your API ProgramsExtracting Insights from your API Programs
Extracting Insights from your API Programs
Akana
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
Akana
 
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPowerRealizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPowerAkana
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaAkana
 
Digital Healthcare – Realizing Interoperability with APIs
Digital Healthcare – Realizing Interoperability with APIsDigital Healthcare – Realizing Interoperability with APIs
Digital Healthcare – Realizing Interoperability with APIs
Akana
 
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachDriving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design Approach
Akana
 
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3 Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Akana
 
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Akana
 
Microservices: Why Should Businesses Care?
Microservices: Why Should Businesses Care?Microservices: Why Should Businesses Care?
Microservices: Why Should Businesses Care?Akana
 
Using APIs
Using APIsUsing APIs
Using APIsAkana
 
Turbo-Charge DataPower to Reach Your SOA Goals
Turbo-Charge DataPower to Reach Your SOA GoalsTurbo-Charge DataPower to Reach Your SOA Goals
Turbo-Charge DataPower to Reach Your SOA GoalsAkana
 
The Science of APIs in a Mobile World:Security, Control and Quality
The Science of APIs in a Mobile World:Security, Control and QualityThe Science of APIs in a Mobile World:Security, Control and Quality
The Science of APIs in a Mobile World:Security, Control and QualityAkana
 
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT EnterpriseThe API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT EnterpriseAkana
 
Realizing SOA and API Convergence for IBM DataPower Customers
Realizing SOA and API Convergence for IBM DataPower CustomersRealizing SOA and API Convergence for IBM DataPower Customers
Realizing SOA and API Convergence for IBM DataPower CustomersAkana
 
Rapid Mobile App to API Integration
Rapid Mobile App to API IntegrationRapid Mobile App to API Integration
Rapid Mobile App to API IntegrationAkana
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital BusinessAkana
 

More from Akana (20)

The Latest in API Orchestration, Mediation, and Integration
The Latest in API Orchestration, Mediation, and IntegrationThe Latest in API Orchestration, Mediation, and Integration
The Latest in API Orchestration, Mediation, and Integration
 
Eat Your Microservices Elephant One Bite at a Time
Eat Your Microservices Elephant One Bite at a TimeEat Your Microservices Elephant One Bite at a Time
Eat Your Microservices Elephant One Bite at a Time
 
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform OverviewAPI Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform Overview
 
API Economy - The Making of a Digital Business
API Economy - The Making of a Digital BusinessAPI Economy - The Making of a Digital Business
API Economy - The Making of a Digital Business
 
Extracting Insights from your API Programs
Extracting Insights from your API ProgramsExtracting Insights from your API Programs
Extracting Insights from your API Programs
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
 
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPowerRealizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
 
Digital Healthcare – Realizing Interoperability with APIs
Digital Healthcare – Realizing Interoperability with APIsDigital Healthcare – Realizing Interoperability with APIs
Digital Healthcare – Realizing Interoperability with APIs
 
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachDriving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design Approach
 
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3 Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
 
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?
 
Microservices: Why Should Businesses Care?
Microservices: Why Should Businesses Care?Microservices: Why Should Businesses Care?
Microservices: Why Should Businesses Care?
 
Using APIs
Using APIsUsing APIs
Using APIs
 
Turbo-Charge DataPower to Reach Your SOA Goals
Turbo-Charge DataPower to Reach Your SOA GoalsTurbo-Charge DataPower to Reach Your SOA Goals
Turbo-Charge DataPower to Reach Your SOA Goals
 
The Science of APIs in a Mobile World:Security, Control and Quality
The Science of APIs in a Mobile World:Security, Control and QualityThe Science of APIs in a Mobile World:Security, Control and Quality
The Science of APIs in a Mobile World:Security, Control and Quality
 
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT EnterpriseThe API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
 
Realizing SOA and API Convergence for IBM DataPower Customers
Realizing SOA and API Convergence for IBM DataPower CustomersRealizing SOA and API Convergence for IBM DataPower Customers
Realizing SOA and API Convergence for IBM DataPower Customers
 
Rapid Mobile App to API Integration
Rapid Mobile App to API IntegrationRapid Mobile App to API Integration
Rapid Mobile App to API Integration
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital Business
 

Recently uploaded

Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 

Recently uploaded (20)

Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 

API Security: Securing Digital Channels and Mobile Apps Against Hacks

  • 1. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API Security: Securing Digital Channels and Mobile Apps Against Hacks Sachin Agarwal VP, Product Marketing
  • 2. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API and SOA Resources • Resource Center – http://resource.soa.com/ • Webinar Recording – http://resource.soa.com/resource/webinars • Follow us on: www.facebook.com/soasoftware www.linkedin.com/company/soasoftware @soasoftwareinc
  • 3. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. What is an API? Your ApplicationYour APIYour Customers
  • 4. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. APIs – Extend the Reach of your Business
  • 5. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. EVOLUTION OF DIGITAL CHANNELS
  • 6. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Client-Server/ Web Applications • No Programmatic Access • Security through network isolation • Limited Users Access locations and variability of operations were limited
  • 7. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Web Services The enterprise opened slightly with Web Services/SOAP • SSL/TLS, Certificate based, PKI, WS-Trust • Some B2B and Partners applications • Complex, but quite secure and flexible
  • 8. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. And then came APIs Disrupting how and where information is accessed • Mobile and Social Apps don’t’ understand PKI, WS-Security, etc. • Focus on human readability, developer adoption
  • 9. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Realizing End-to-End Security Managing the User Experience Securing the App - PII, PHI Enabling Easy Developer Access Securing the Channel Securing the Backend
  • 10. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Understanding the Security Landscape • Protocol specific threats • Key Management • OAuth • Monitoring • Licensing • Security Token Mediation API Specific Security Single Sign On MDM ATP, Firewall, VPN etc.
  • 11. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. UNDERSTANDING API SECURITY
  • 12. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. The API Lifecycle Transform & Secure Publish Monetize Dev. Adoption API SOAP to REST Mobile- Optimization OAuth Mediation Analytics API Documentation Applications and Services Apps API Producers API Consumers
  • 13. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API Security 1 Authentication & Authorization 2 App Key Validation/ Licensing 3 Message Security 4 Threat Protection 5 Content Filtering 6 Rate Limiting Developers
  • 14. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Authentication/Authorization/SSO Control and restrict access to your APIs Make it easy yet secure
  • 15. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Understanding OAuth OAuth lets a person delegate constrained access from one app to another User Resource Owner Client App Resource Server
  • 16. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. OAuth Flow
  • 17. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. OAuth – You need • OAuth Clients • Provisioning • Approval Flow • OAuth Server • Identity Integration • Token Validation • Token Issue/refresh • Token Mediation (SAML, LDAP etc) • QoS, Monitoring • Policy Management • API Proxying • Reporting • Analytics OAuth is hard and complicated
  • 18. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Licensing Package your APIs in different ways Use API keys to restrict what the App can access The licenses control: – OAuth Authorization Scopes – Document visibility – Quota policies
  • 19. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Message and Parameter Security HTTP Parameter • http://apis.foo.com/resources/sample/foo?app_id=myid&app_key=mykey • Protect API Keys with HMAC – Hash-based Message Authentication Code Message Security • Implement HTTPS • For XML payloads encrypt specific parts of the message
  • 20. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Threat Protection • Denial of Service • Injection Attacks – Detect and prevent SQL, JavaScript or XPath/XQuery injection attacks • Cross Site Scripting • Network address and range blacklists/whitelists • HTTP Parameter Stuffing
  • 21. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Content Filtering • Provide a content firewall, protecting against malicious content • Validate message content including message headers, form and query parameters, XML and JSON data structures. • Policies for XML and JSON DoS • Protection against viruses in attachments and other binary content via ICAP integration with leading anti-virus engines
  • 22. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Quota Management/Rate Limiting Restrict the number of calls an App can make Apply controls based on context, affinity, segmentation etc.
  • 23. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. SOA Software API Gateway Gateway Security Authentication Protection IAM Integration Encryption Mediation Quality of Service Paging/Caching Orchestration Scripting
  • 24. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. The SOA Software API Platform Analytics Developer Engagement Gateway Services Service Integration Lifecycle Management
  • 25. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Flexible Deployment Model
  • 26. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. SOA Software API Platform Capabilities Platform Licensing Quota Mgmt. Partner Mgmt. PCI Compliance Provisioning Policy Mgmt. Monitoring OAuth Federation Analytics Lifecycle API/Services Application User Compliance Integrations Gateway Security Authentication Protection IAM Integration Encryption Mediation Quality of Service Paging/Caching Orchestration Scripting API Portal Search Documentation Groups Social
  • 27. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. Questions
  • 28. Copyright © 2001-2013 SOA Software, Inc. All Rights Reserved. API and SOA Resources • Resource Center – http://resource.soa.com/ • Webinar Recording – http://resource.soa.com/resource/webinars • Follow us on: www.facebook.com/soasoftware www.linkedin.com/company/soasoftware @soasoftwareinc