LEADER 04821nam 22006255 450 001 9910369901303321 005 20200705051644.0 010 $a1-4842-2050-1 024 7 $a10.1007/978-1-4842-2050-4 035 $a(CKB)5280000000190233 035 $a(MiAaPQ)EBC5997319 035 $a(DE-He213)978-1-4842-2050-4 035 $a(CaSebORM)9781484220504 035 $a(PPN)242820786 035 $a(EXLCZ)995280000000190233 100 $a20191216d2020 u| 0 101 0 $aeng 135 $aurcnu|||||||| 181 $ctxt$2rdacontent 182 $cc$2rdamedia 183 $acr$2rdacarrier 200 10$aAdvanced API Security$b[electronic resource] $eOAuth 2.0 and Beyond /$fby Prabath Siriwardena 205 $a2nd ed. 2020. 210 1$aBerkeley, CA :$cApress :$cImprint: Apress,$d2020. 215 $a1 online resource (xix, 449 pages) $cillustrations 225 0 $aBooks for professionals by professionals 300 $aIncludes index. 311 $a1-4842-2049-8 327 $a1. APIs Rule!.-2. Designing Security for APIs.-3. Securing APIs with Transport Layer Security (TLS).-4. OAuth 2.0 Fundamentals.-5. Edge Security with an API Gateway.-6. OpenID Connect (OIDC).-7. Message Level Security with JSON Web Signature.-8. Message Level Security with JSON Web Encryption.-9. OAuth 2.0 Profiles.-10. Accessing APIs via Native Mobile Apps.-11. OAuth 2.0 Token Binding.-12. Federating Access to APIs.-13. User Managed Access.-14. OAuth 2.0 Security -- 15. Patterns and Practices -- 16: A. The Evolution of Identity Delegation -- 17: B. OAuth 1.0 -- 18: C. How Transport Layer Security Works -- 19: D. UMA Evolution -- 20: E. Base64URL Encoding -- 21: F. Basic/Digest Authentication -- 22: G. OAuth 2.0 MAC Token Profile. 330 $aPrepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0. 606 $aData protection 606 $aSpecial purpose computers 606 $aComputer security 606 $aProgramming languages (Electronic computers) 606 $aSecurity$3https://scigraph.springernature.com/ontologies/product-market-codes/I28000 606 $aSpecial Purpose and Application-Based Systems$3https://scigraph.springernature.com/ontologies/product-market-codes/I13030 606 $aSystems and Data Security$3https://scigraph.springernature.com/ontologies/product-market-codes/I28060 606 $aProgramming Languages, Compilers, Interpreters$3https://scigraph.springernature.com/ontologies/product-market-codes/I14037 615 0$aData protection. 615 0$aSpecial purpose computers. 615 0$aComputer security. 615 0$aProgramming languages (Electronic computers). 615 14$aSecurity. 615 24$aSpecial Purpose and Application-Based Systems. 615 24$aSystems and Data Security. 615 24$aProgramming Languages, Compilers, Interpreters. 676 $a005.1068 700 $aSiriwardena$b Prabath$4aut$4http://id.loc.gov/vocabulary/relators/aut$0878625 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910369901303321 996 $aAdvanced API Security$91961607 997 $aUNINA