LEADER 06774nam 22007575 450 001 9910300476903321 005 20200701061441.0 010 $a9781430268178 010 $a1430268174 024 7 $a10.1007/978-1-4302-6817-8 035 $a(CKB)3710000000227321 035 $a(EBL)1964732 035 $a(OCoLC)891398189 035 $a(SSID)ssj0001338615 035 $a(PQKBManifestationID)11994241 035 $a(PQKBTitleCode)TC0001338615 035 $a(PQKBWorkID)11338222 035 $a(PQKB)10547422 035 $a(MiAaPQ)EBC1964732 035 $a(DE-He213)978-1-4302-6817-8 035 $a(CaSebORM)9781430268178 035 $a(PPN)180621424 035 $a(OCoLC)939555190 035 $a(OCoLC)ocn939555190 035 $a(EXLCZ)993710000000227321 100 $a20140828d2014 u| 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aAdvanced API Security $eSecuring APIs with OAuth 2.0, OpenID Connect, JWS, and JWE /$fby Prabath Siriwardena 205 $a1st ed. 2014. 210 1$aBerkeley, CA :$cApress :$cImprint: Apress,$d2014. 215 $a1 online resource (248 p.) 300 $aIncludes index. 311 08$a9781430268185 311 08$a1430268182 327 $a""Contents at a Glance""; ""Contents""; ""About the Author""; ""About the Technical Reviewer""; ""Acknowledgments""; ""Introduction""; ""Chapter 1: Managed APIs""; ""The API Evolution""; ""API vs. Managed API""; ""API vs. Service""; ""Discovering and Describing APIs""; ""Managed APIs in Practice""; ""Twitter API""; ""Salesforce API""; ""Summary""; ""Chapter 2: Security by Design""; ""Design Challenges""; ""User Comfort""; ""Performance""; ""Weakest Link""; ""Defense in Depth""; ""Insider Attacks""; ""Security by Obscurity""; ""Design Principles""; ""Least Privilege""; ""Fail-Safe Defaults"" 327 $a""Economy of Mechanism""""Complete Mediation""; ""Open Design""; ""Separation of Privilege""; ""Least Common Mechanism""; ""Psychological Acceptability""; ""Confidentiality, Integrity, Availability (CIA)""; ""Confidentiality""; ""Integrity""; ""Availability""; ""Security Controls""; ""Authentication""; ""Something You Know""; ""Something You Have""; ""Something You Are""; ""Authorization""; ""Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)""; ""Nonrepudiation""; ""Auditing""; ""Security Patterns""; ""Direct Authentication Pattern""; ""Managing Credentials"" 327 $a""Biometric Authentication""""Sealed Green Zone Pattern""; ""Least Common Mechanism Pattern""; ""Brokered Authentication Pattern""; ""Policy-Based Access Control Pattern""; ""Threat Modeling""; ""Summary""; ""Chapter 3: HTTP Basic/Digest Authentication""; ""HTTP Basic Authentication""; ""HTTP Digest Authentication""; ""Summary""; ""Chapter 4: Mutual Authentication with TLS""; ""Evolution of TLS""; ""How TLS Works""; ""TLS Handshake""; ""Application Data Transfer""; ""Summary""; ""Chapter 5: Identity Delegation""; ""Direct Delegation vs. Brokered Delegation"" 327 $a""Evolution of Identity Delegation""""Google ClientLogin""; ""Google AuthSub""; ""Flickr Authentication API""; ""Yahoo! Browser-Based Authentication (BBAuth)""; ""Summary""; ""Chapter 6: OAuth 1.0""; ""The Token Dance""; ""Temporary-Credential Request Phase""; ""Resource-Owner Authorization Phase""; ""Token-Credential Request Phase""; ""Invoking a Secured Business API with OAuth 1.0""; ""Demystifying oauth_signature""; ""Three-Legged OAuth vs. Two-Legged OAuth""; ""OAuth WRAP""; ""Summary""; ""Chapter 7: OAuth 2.0""; ""OAuth WRAP""; ""Client Account and Password Profile"" 327 $a""Assertion Profile""""Username and Password Profile""; ""Web App Profile""; ""Rich App Profile""; ""Accessing a WRAP-Protected API""; ""WRAP to OAuth 2.0""; ""OAuth 2.0 Grant Types""; ""Authorization Code Grant Type""; ""Implicit Grant Type""; ""Resource Owner Password Credentials Grant Type""; ""Client Credentials Grant Type""; ""OAuth 2.0 Token Types""; ""OAuth 2.0 Bearer Token Profile""; ""OAuth 2.0 Client Types""; ""OAuth 2.0 and Facebook""; ""OAuth 2.0 and LinkedIn""; ""OAuth 2.0 and Salesforce""; ""OAuth 2.0 and Google""; ""Authentication vs. Authorization""; ""Summary"" 327 $a""Chapter 8: OAuth 2.0 MAC Token Profile"" 330 $aAdvanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the ?coolest? way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. Build APIs with rock-solid security today with Advanced API Security. Takes you through the best practices in designing APIs for rock-solid security. Provides an in depth tutorial of most widely adopted security standards for API security. Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best. 606 $aData protection 606 $aSoftware engineering 606 $aComputers, Special purpose 606 $aSecurity$3https://scigraph.springernature.com/ontologies/product-market-codes/I28000 606 $aSoftware Engineering/Programming and Operating Systems$3https://scigraph.springernature.com/ontologies/product-market-codes/I14002 606 $aSpecial Purpose and Application-Based Systems$3https://scigraph.springernature.com/ontologies/product-market-codes/I13030 615 0$aData protection. 615 0$aSoftware engineering. 615 0$aComputers, Special purpose. 615 14$aSecurity. 615 24$aSoftware Engineering/Programming and Operating Systems. 615 24$aSpecial Purpose and Application-Based Systems. 676 $a004 676 $a004.6 700 $aSiriwardena$b Prabath$4aut$4http://id.loc.gov/vocabulary/relators/aut$0878625 801 0$bUMI 801 1$bUMI 906 $aBOOK 912 $a9910300476903321 996 $aAdvanced API Security$91961607 997 $aUNINA