Advanced API Security : OAuth 2. 0 and Beyond /: OAuth 2. 0 and Beyond. (2020)
- Record Type:
- Book
- Title:
- Advanced API Security : OAuth 2. 0 and Beyond /: OAuth 2. 0 and Beyond. (2020)
- Main Title:
- Advanced API Security : OAuth 2. 0 and Beyond
- Further Information:
- Note: Prabath Siriwardena.
- Other Names:
- Siriwardena, Prabath
- Contents:
- Intro -- Table of Contents -- About the Author -- Acknowledgments -- Introduction -- Chapter 1: APIs Rule! -- API Economy -- Amazon -- Salesforce -- Uber -- Facebook -- Netflix -- Walgreens -- Governments -- IBM Watson -- Open Banking -- Healthcare -- Wearables -- Business Models -- The API Evolution -- API Management -- The Role of APIs in Microservices -- Summary -- Chapter 2: Designing Security for APIs -- Trinity of Trouble -- Design Challenges -- User Experience -- Performance -- Weakest Link -- Defense in Depth -- Insider Attacks -- Security by Obscurity -- Design Principles Least Privilege -- Fail-Safe Defaults -- Economy of Mechanism -- Complete Mediation -- Open Design -- Separation of Privilege -- Least Common Mechanism -- Psychological Acceptability -- Security Triad -- Confidentiality -- Integrity -- Availability -- Security Control -- Authentication -- Something You Know -- Something You Have -- Something You Are -- Authorization -- Nonrepudiation -- Auditing -- Summary -- Chapter 3: Securing APIs with Transport Layer Security (TLS) -- Setting Up the Environment -- Deploying Order API -- Securing Order API with Transport Layer Security (TLS) Protecting Order API with Mutual TLS -- Running OpenSSL on Docker -- Summary -- Chapter 4: OAuth 2.0 Fundamentals -- Understanding OAuth 2.0 -- OAuth 2.0 Actors -- Grant Types -- Authorization Code Grant Type -- Implicit Grant Type -- Resource Owner Password Credentials Grant Type -- Client Credentials Grant Type -- RefreshIntro -- Table of Contents -- About the Author -- Acknowledgments -- Introduction -- Chapter 1: APIs Rule! -- API Economy -- Amazon -- Salesforce -- Uber -- Facebook -- Netflix -- Walgreens -- Governments -- IBM Watson -- Open Banking -- Healthcare -- Wearables -- Business Models -- The API Evolution -- API Management -- The Role of APIs in Microservices -- Summary -- Chapter 2: Designing Security for APIs -- Trinity of Trouble -- Design Challenges -- User Experience -- Performance -- Weakest Link -- Defense in Depth -- Insider Attacks -- Security by Obscurity -- Design Principles Least Privilege -- Fail-Safe Defaults -- Economy of Mechanism -- Complete Mediation -- Open Design -- Separation of Privilege -- Least Common Mechanism -- Psychological Acceptability -- Security Triad -- Confidentiality -- Integrity -- Availability -- Security Control -- Authentication -- Something You Know -- Something You Have -- Something You Are -- Authorization -- Nonrepudiation -- Auditing -- Summary -- Chapter 3: Securing APIs with Transport Layer Security (TLS) -- Setting Up the Environment -- Deploying Order API -- Securing Order API with Transport Layer Security (TLS) Protecting Order API with Mutual TLS -- Running OpenSSL on Docker -- Summary -- Chapter 4: OAuth 2.0 Fundamentals -- Understanding OAuth 2.0 -- OAuth 2.0 Actors -- Grant Types -- Authorization Code Grant Type -- Implicit Grant Type -- Resource Owner Password Credentials Grant Type -- Client Credentials Grant Type -- Refresh Grant Type -- How to Pick the Right Grant Type? -- OAuth 2.0 Token Types -- OAuth 2.0 Bearer Token Profile -- OAuth 2.0 Client Types -- JWT Secured Authorization Request (JAR) -- Pushed Authorization Requests (PAR) -- Summary -- Chapter 5: Edge Security with an API Gateway Setting Up Zuul API Gateway -- Running the Order API -- Running the Zuul API Gateway -- What Happens Underneath? -- Enabling TLS for the Zuul API Gateway -- Enforcing OAuth 2.0 Token Validation at the Zuul API Gateway -- Setting Up an OAuth 2.0 Security Token Service (STS) -- Testing OAuth 2.0 Security Token Service (STS) -- Setting Up Zuul API Gateway for OAuth 2.0 Token Validation -- Enabling Mutual TLS Between Zuul API Gateway and Order Service -- Securing Order API with Self-Contained Access Tokens -- Setting Up an Authorization Server to Issue JWT -- Protecting Zuul API Gateway with JWT The Role of a Web Application Firewall (WAF) -- Summary -- Chapter 6: OpenID Connect (OIDC) -- From OpenID to OIDC -- Amazon Still Uses OpenID 2.0 -- Understanding OpenID Connect -- Anatomy of the ID Token -- OpenID Connect Request -- Requesting User Attributes -- OpenID Connect Flows -- Requesting Custom User Attributes -- OpenID Connect Discovery -- OpenID Connect Identity Provider Metadata -- Dynamic Client Registration -- OpenID Connect for Securing APIs -- Summary -- Chapter 7: Message-Level Security with JSON Web Signature -- Understanding JSON Web Token (JWT) -- JOSE Header … (more)
- Edition:
- 2nd ed
- Publisher Details:
- Berkeley, CA : Apress L.P
- Publication Date:
- 2020
- Extent:
- 1 online resource (455 pages)
- Subjects:
- 005.3
Application software -- Security measures
Computer security
Computers, Special purpose
Data protection
Programming languages (Electronic computers)
Electronic books - Languages:
- English
- ISBNs:
- 9781484220504
1484220501 - Related ISBNs:
- 9781484220498
- Notes:
- Note: Print version record.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.480001
- Ingest File:
- 03_030.xml