Uploaded bykrishna2162
PPTX, PDF80 views

Mule security

This document discusses security components and modules in MuleSoft's Anypoint platform. It describes Mule Secure Token Service, OAuth 2.0 authorization, and security for REST APIs. It recommends securing APIs with HTTPS and OAuth 2.0 and discusses using authentication, authorization, and security managers at different layers - experience, process, and system connectivity - to apply fine-grained security. Basic authentication over HTTPS and using OAuth 2.0 to issue tokens in exchange for credentials are also covered.

Embed presentation

Download to read offline
MULE SECURITY VM - 1
MULESOFT –Anypoint platform security components  Anypoint Enterprise Security  API Security Manager  Virtual Private Cloud (VPC) 2
MULESOFT –Enterprise Security Modules Mule Secure Token Service (STS) OAuth 2.0a Provider (Its part of Enterprise edition) Security for REST service provider/consumer (for API which we developing using MULE API led connectivity) 3 Ensure that the API is properly protected by right authentication / authorization schemes Authorization & Authentication • SAML • Oath 2 • WS-Security • Ping federate
MULESOFT –Enterprise Security Modules Each layer has specific security requirements in API approach Experience: This layer needs to be protected by inbound security Process: In this layer, fine grain security is applied as to who has access to which process API System Connectivity: This layer need to be protected by outbound security 4
MULESOFT –Enterprise Security Modules 5 Process APIs Process Level Fine Grained Security Experience APIs Inbound Security (Authentication, Authorization and Data Security) API Manager Security policies System APIs Outbound Security (Authentication, Authorization and Data Security) WEB/Mobile/Desktop On premise /Cloud applications
Securing API in Anypoint platform Combination of HTTPS and OAuth 2.0 are best practice for Web API security Basic Authentication (HTTPS) Http-security-filter knows how to decipher the incoming Base64 encoded username and password before passing them to the security manager.. Failure to authenticate will result in a 403 sent back to the client. 6
Securing API in Anypoint platform OAuth 2.0 The oauth-provider config exposes a url over which it receives requests for a token in exchange for credentials (client id, secret, username and password). It also passes the username and password to the security- manager before proceeding to issue a token. 7

More Related Content

PPTX
API Security using Mulesoft
byPritam Prakash
 
PPTX
ISO 27001 SSDLC
byMouhammad Esayed
 
PPT
Mule fips 140-2 compliance support
byD.Rajesh Kumar
 
PDF
Sign- On Express- Data Sheet
byILANTUS Technologies
 
PPT
Mule fips
byD.Rajesh Kumar
 
PDF
Is live chat safe?
byShubhangi Swami
 
PPT
Mule security - jaas
bycharan teja R
 
PPT
MULE-JAAS
byD.Rajesh Kumar
 
API Security using Mulesoft
byPritam Prakash
 
ISO 27001 SSDLC
byMouhammad Esayed
 
Mule fips 140-2 compliance support
byD.Rajesh Kumar
 
Sign- On Express- Data Sheet
byILANTUS Technologies
 
Mule fips
byD.Rajesh Kumar
 
Is live chat safe?
byShubhangi Swami
 
Mule security - jaas
bycharan teja R
 
MULE-JAAS
byD.Rajesh Kumar
 

Similar to Mule security

ODP
Security in mulesoft
byakshay yeluru
 
PDF
API Security best practices Protect your APIs with Anypoint Platform
byMoumidBouabid
 
PPTX
How to Secure Mule API's With a Demo
byManjuKumara GH
 
PPTX
Best Practices for API Security
byMuleSoft
 
PPTX
Best Practices for API Security
byBui Kiet
 
PPTX
How Secure is Your API?
byMary Joy Sabal
 
ODP
Anypoint platform security components
byD.Rajesh Kumar
 
ODP
Mule security
byD.Rajesh Kumar
 
ODP
Security components in mule esb
byhimajareddys
 
PPT
Mule anypoint enterprise security
byD.Rajesh Kumar
 
ODP
Anypoint platform security components
byD.Rajesh Kumar
 
PPTX
Anypoint enterprise security overview
bydanishsm84
 
PPT
Mule security
byvishnukanthro45
 
PPT
Mule security
bycharan teja R
 
PPT
Mule security
byhimajareddys
 
PPTX
Anypoint enterprise security
byKrishna_in
 
PPTX
Securing mule
bySindhu VL
 
PPTX
Mule securing
bySindhu VL
 
PDF
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
PPT
Mule anypointenterprisesecurity
byhimajareddys
 
Security in mulesoft
byakshay yeluru
 
API Security best practices Protect your APIs with Anypoint Platform
byMoumidBouabid
 
How to Secure Mule API's With a Demo
byManjuKumara GH
 
Best Practices for API Security
byMuleSoft
 
Best Practices for API Security
byBui Kiet
 
How Secure is Your API?
byMary Joy Sabal
 
Anypoint platform security components
byD.Rajesh Kumar
 
Mule security
byD.Rajesh Kumar
 
Security components in mule esb
byhimajareddys
 
Mule anypoint enterprise security
byD.Rajesh Kumar
 
Anypoint platform security components
byD.Rajesh Kumar
 
Anypoint enterprise security overview
bydanishsm84
 
Mule security
byvishnukanthro45
 
Mule security
bycharan teja R
 
Mule security
byhimajareddys
 
Anypoint enterprise security
byKrishna_in
 
Securing mule
bySindhu VL
 
Mule securing
bySindhu VL
 
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
Mule anypointenterprisesecurity
byhimajareddys
 

Recently uploaded

PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PDF
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
PDF
Latest Courier Management Software 2026 | Complete Courier & Logistics Solution
byCourier Softwares
 
PDF
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
PPTX
Introduction to Software Development and Modern Practices
byM Munim
 
PPTX
Project System Presentation details process presentation
bytejpratappandey4
 
PPTX
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
PPTX
ManageIQ - Sprint 278 Review - Slide Deck
byManageIQ
 
PDF
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
PDF
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
PDF
DSD-INT 2025 iMOD Parallel coupler development plan - Verkaik
byDeltares
 
PPTX
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
PDF
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
PPTX
Build Smarter with Google: A Workshop on MediaPipe, Firebase, Gemini and Anti...
byvanshikaprakash05
 
PDF
DSD-INT 2025 Groundwater table lowering due to surface water lowering - Reusen
byDeltares
 
PDF
Driving Finance Growth with Business Central ERP
byNavision India
 
PDF
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
PPTX
Lect 1 Number systems and base conversions. [Autosaved].pptx
byzainiman8511
 
PPTX
Best Way to Convert PST File to MBOX Format
bykyla142000
 
PDF
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
Latest Courier Management Software 2026 | Complete Courier & Logistics Solution
byCourier Softwares
 
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
Introduction to Software Development and Modern Practices
byM Munim
 
Project System Presentation details process presentation
bytejpratappandey4
 
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
ManageIQ - Sprint 278 Review - Slide Deck
byManageIQ
 
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
DSD-INT 2025 iMOD Parallel coupler development plan - Verkaik
byDeltares
 
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
Build Smarter with Google: A Workshop on MediaPipe, Firebase, Gemini and Anti...
byvanshikaprakash05
 
DSD-INT 2025 Groundwater table lowering due to surface water lowering - Reusen
byDeltares
 
Driving Finance Growth with Business Central ERP
byNavision India
 
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
Lect 1 Number systems and base conversions. [Autosaved].pptx
byzainiman8511
 
Best Way to Convert PST File to MBOX Format
bykyla142000
 
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 

Mule security

  • 1.
  • 2.
    MULESOFT –Anypoint platform securitycomponents  Anypoint Enterprise Security  API Security Manager  Virtual Private Cloud (VPC) 2
  • 3.
    MULESOFT –Enterprise Security Modules MuleSecure Token Service (STS) OAuth 2.0a Provider (Its part of Enterprise edition) Security for REST service provider/consumer (for API which we developing using MULE API led connectivity) 3 Ensure that the API is properly protected by right authentication / authorization schemes Authorization & Authentication • SAML • Oath 2 • WS-Security • Ping federate
  • 4.
    MULESOFT –Enterprise Security Modules Eachlayer has specific security requirements in API approach Experience: This layer needs to be protected by inbound security Process: In this layer, fine grain security is applied as to who has access to which process API System Connectivity: This layer need to be protected by outbound security 4
  • 5.
    MULESOFT –Enterprise Security Modules 5 ProcessAPIs Process Level Fine Grained Security Experience APIs Inbound Security (Authentication, Authorization and Data Security) API Manager Security policies System APIs Outbound Security (Authentication, Authorization and Data Security) WEB/Mobile/Desktop On premise /Cloud applications
  • 6.
    Securing API in Anypointplatform Combination of HTTPS and OAuth 2.0 are best practice for Web API security Basic Authentication (HTTPS) Http-security-filter knows how to decipher the incoming Base64 encoded username and password before passing them to the security manager.. Failure to authenticate will result in a 403 sent back to the client. 6
  • 7.
    Securing API in Anypointplatform OAuth 2.0 The oauth-provider config exposes a url over which it receives requests for a token in exchange for credentials (client id, secret, username and password). It also passes the username and password to the security- manager before proceeding to issue a token. 7