| |
|
|
|
|
|
|
|
|
1. |
Record Nr. |
UNINA9910300476903321 |
|
|
Autore |
Siriwardena Prabath |
|
|
Titolo |
Advanced API Security : Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE / / by Prabath Siriwardena |
|
|
|
|
|
|
|
Pubbl/distr/stampa |
|
|
Berkeley, CA : , : Apress : , : Imprint : Apress, , 2014 |
|
|
|
|
|
|
|
ISBN |
|
|
|
|
|
|
|
|
Edizione |
[1st ed. 2014.] |
|
|
|
|
|
Descrizione fisica |
|
1 online resource (248 p.) |
|
|
|
|
|
|
Disciplina |
|
|
|
|
|
|
|
|
Soggetti |
|
Data protection |
Software engineering |
Computers, Special purpose |
Security |
Software Engineering/Programming and Operating Systems |
Special Purpose and Application-Based Systems |
|
|
|
|
|
|
|
|
Lingua di pubblicazione |
|
|
|
|
|
|
Formato |
Materiale a stampa |
|
|
|
|
|
Livello bibliografico |
Monografia |
|
|
|
|
|
Note generali |
|
|
|
|
|
|
Nota di contenuto |
|
""Contents at a Glance""; ""Contents""; ""About the Author""; ""About the Technical Reviewer""; ""Acknowledgments""; ""Introduction""; ""Chapter 1: Managed APIs""; ""The API Evolution""; ""API vs. Managed API""; ""API vs. Service""; ""Discovering and Describing APIs""; ""Managed APIs in Practice""; ""Twitter API""; ""Salesforce API""; ""Summary""; ""Chapter 2: Security by Design""; ""Design Challenges""; ""User Comfort""; ""Performance""; ""Weakest Link""; ""Defense in Depth""; ""Insider Attacks""; ""Security by Obscurity""; ""Design Principles""; ""Least Privilege""; ""Fail-Safe Defaults"" |
""Economy of Mechanism""""Complete Mediation""; ""Open Design""; ""Separation of Privilege""; ""Least Common Mechanism""; ""Psychological Acceptability""; ""Confidentiality, Integrity, Availability (CIA)""; ""Confidentiality""; ""Integrity""; ""Availability""; ""Security Controls""; ""Authentication""; ""Something You Know""; ""Something You Have""; ""Something You Are""; ""Authorization""; ""Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)""; |
|
|
|
|
|
|
|
|
|
|
|
""Nonrepudiation""; ""Auditing""; ""Security Patterns""; ""Direct Authentication Pattern""; ""Managing Credentials"" |
""Biometric Authentication""""Sealed Green Zone Pattern""; ""Least Common Mechanism Pattern""; ""Brokered Authentication Pattern""; ""Policy-Based Access Control Pattern""; ""Threat Modeling""; ""Summary""; ""Chapter 3: HTTP Basic/Digest Authentication""; ""HTTP Basic Authentication""; ""HTTP Digest Authentication""; ""Summary""; ""Chapter 4: Mutual Authentication with TLS""; ""Evolution of TLS""; ""How TLS Works""; ""TLS Handshake""; ""Application Data Transfer""; ""Summary""; ""Chapter 5: Identity Delegation""; ""Direct Delegation vs. Brokered Delegation"" |
""Evolution of Identity Delegation""""Google ClientLogin""; ""Google AuthSub""; ""Flickr Authentication API""; ""Yahoo! Browser-Based Authentication (BBAuth)""; ""Summary""; ""Chapter 6: OAuth 1.0""; ""The Token Dance""; ""Temporary-Credential Request Phase""; ""Resource-Owner Authorization Phase""; ""Token-Credential Request Phase""; ""Invoking a Secured Business API with OAuth 1.0""; ""Demystifying oauth_signature""; ""Three-Legged OAuth vs. Two-Legged OAuth""; ""OAuth WRAP""; ""Summary""; ""Chapter 7: OAuth 2.0""; ""OAuth WRAP""; ""Client Account and Password Profile"" |
""Assertion Profile""""Username and Password Profile""; ""Web App Profile""; ""Rich App Profile""; ""Accessing a WRAP-Protected API""; ""WRAP to OAuth 2.0""; ""OAuth 2.0 Grant Types""; ""Authorization Code Grant Type""; ""Implicit Grant Type""; ""Resource Owner Password Credentials Grant Type""; ""Client Credentials Grant Type""; ""OAuth 2.0 Token Types""; ""OAuth 2.0 Bearer Token Profile""; ""OAuth 2.0 Client Types""; ""OAuth 2.0 and Facebook""; ""OAuth 2.0 and LinkedIn""; ""OAuth 2.0 and Salesforce""; ""OAuth 2.0 and Google""; ""Authentication vs. Authorization""; ""Summary"" |
""Chapter 8: OAuth 2.0 MAC Token Profile"" |
|
|
|
|
|
|
Sommario/riassunto |
|
Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. Build APIs with rock-solid security today with Advanced API Security. Takes you through the best practices in designing APIs for rock-solid security. Provides an in depth tutorial of most widely adopted security standards for API security. Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best. |
|
|
|
|
|
|
|
| |