16
Enterprise Security APIs DEVELOPMENT IN SUPPORT OF APPLICATION SECURITY

Enterprise Security APIs

Embed Size (px)

DESCRIPTION

Development in support of application security

Citation preview

Page 1: Enterprise Security APIs

Enterprise Security APIsDEVELOPMENT IN SUPPORT OF APPLICATION SECURITY

Page 2: Enterprise Security APIs

Enterprise Security APIsWe can further improve application security by developing reusable software that provides securitycentric functionality, makes it easier to develop secure software or both.

Page 3: Enterprise Security APIs

Vulnerability Management Lifecycle

Prevent

Detect

Remediate

PreventBest practices and testing

DetectDiscover, assess and rank

RemediateCatalog, prioritize and fix

Page 4: Enterprise Security APIs

Application Security

• Policy enforcement and trainingPrevent

• Monitor, scan and reviewDetect

• Management and resourcingRemediate

Page 5: Enterprise Security APIs

Development happens…AND SECURITY TOO

Page 6: Enterprise Security APIs

Authentication APILoosen coupling to the system

Enforce policy More control and granularity

Standardize across applicationsConsistent user experience

Page 7: Enterprise Security APIs

Cryptography APIEnsure that best practices are followedStandardize key managementStop storing secrets in configuration

Page 8: Enterprise Security APIs

CSRF Encrypted TokenDetect and remediate as a separated concern

Use the Cryptography API

Page 9: Enterprise Security APIs

API backed Application Security

•Security built-in by expertsPrevent

•Purpose built monitoringDetect

•The fix is the APIRemediate

Page 10: Enterprise Security APIs

Creating an API…THAT DEVELOPERS WANT TO USE (THAT ’S THE HARD PART)

Page 11: Enterprise Security APIs

Getting startedDerive from existing use-cases

Get input from the application developers

Start with simple but extensible (SOLID)

Beware of anti-patterns!Abstraction Inversion

Bullet-point engineering

http://en.wikipedia.org/wiki/Solid_(object-oriented_design)
Page 12: Enterprise Security APIs

MaintenanceRefactor for extensibility

Use Semantic Versioning

Support the developers who use itHelp developers proactively

Implement fixes and extensions quickly

Triage issues quickly

Page 13: Enterprise Security APIs

Other concernsUse a façade to abstract third-party componentsSimplify and constrain

Use open sourceModularity is key so choose and integrate carefully

Use OpenID Connect or SAML at the boundaries

http://openid.net/connect/
Page 14: Enterprise Security APIs

What’s importantEase of useDevelopers have to want to use it

So make the developer’s life easier

Modularity and portabilityLow barrier to integration

Page 15: Enterprise Security APIs

Remember to…Create APIs to address application security concerns

Make them easy for developers to use

Make them easy to integrate

Page 16: Enterprise Security APIs

Thanks!Adam Migus: www.migusgroup.com/adam

Email: [email protected]

Twitter: @amigus

Links:

http://en.wikipedia.org/wiki/Solid_(object-oriented_design)

http://semver.org/

http://openid.net/connect/

http://www.migusgroup.com/adam/
mailto:[email protected]
https://twitter.com/amigus
http://en.wikipedia.org/wiki/Solid_(object-oriented_design)
http://semver.org/
http://openid.net/connect/

Unified Security for Mobile, APIs and the Web

Unified Security for Mobile, APIs and the Web

Technology
Google Apis for Enterprise Mashups

Google Apis for Enterprise Mashups

Technology
APIs of Enterprise mBaaS Platforms

APIs of Enterprise mBaaS Platforms

Software
Build Enterprise APIs WIth Ease (And Scala)

Build Enterprise APIs WIth Ease (And Scala)

Internet
Secure APIs and Protocols to Connect Enterprise Applications to

Secure APIs and Protocols to Connect Enterprise Applications to

Documents
Google Apis for the Enterprise

Google Apis for the Enterprise

Technology
APIs Inside Enterprise - SOA Displacement?

APIs Inside Enterprise - SOA Displacement?

Technology
Applying Security Controls on REST APIs

Applying Security Controls on REST APIs

Technology
Oracle Banking APIs Security Guide...Oracle Banking APIs Security Guide ii Security Guide December 2019 Oracle Financial Services Software Limited Oracle Park Off Western Express Highway

Oracle Banking APIs Security Guide...Oracle Banking APIs Security Guide ii Security Guide December 2019 Oracle Financial Services Software Limited Oracle Park Off Western Express Highway

Documents
Open payment transaction APIs without compromising security

Open payment transaction APIs without compromising security

Software
APIs in the Enterprise -Lessons Learned

APIs in the Enterprise -Lessons Learned

Software
The Business Value for Internal APIs in the Enterprise

The Business Value for Internal APIs in the Enterprise

Technology
APICon SF - Enterprise APIs With Ease

APICon SF - Enterprise APIs With Ease

Engineering
APIs in Enterprise

APIs in Enterprise

Data & Analytics
Enterprise Security The Changing Landscapecszsummerschool.co.zw/.../2018/11/Richard-Young-Enterprise-Securi… · Enterprise Security Management Enterprise security management is

Enterprise Security The Changing Landscapecszsummerschool.co.zw/.../2018/11/Richard-Young-Enterprise-Securi… · Enterprise Security Management Enterprise security management is

Documents
Security APIs for Mobile Devices

Security APIs for Mobile Devices

Documents
Databricks Enterprise Security Guidego.databricks.com/hubfs/docs/Security/Enterprise-Security-Guide.pdfDatabricks Enterprise Security Guide 2 ... comprehensive strategy spans technology,

Databricks Enterprise Security Guidego.databricks.com/hubfs/docs/Security/Enterprise-Security-Guide.pdfDatabricks Enterprise Security Guide 2 ... comprehensive strategy spans technology,

Documents
APIs: The New Security Layer

APIs: The New Security Layer

Technology
Oracle Banking APIs Security Guide Banking API… · Oracle Banking APIs Security Guide Release 19.1.0.0.0 Part No. F18559-01 May 2019

Oracle Banking APIs Security Guide Banking API… · Oracle Banking APIs Security Guide Release 19.1.0.0.0 Part No. F18559-01 May 2019

Documents
API360 – A How-To Guide for Enterprise APIs - Learn how to position your enterprise for long term success with APIs

API360 – A How-To Guide for Enterprise APIs - Learn how to position your enterprise for long term success with APIs

Technology
CIS14: Enterprise Identity APIs

CIS14: Enterprise Identity APIs

Technology
Re-Inventing Enterprise IT Around APIs & Apps

Re-Inventing Enterprise IT Around APIs & Apps

Technology
Enterprise Cloud Security option · Enterprise Cloud Security option ... waf

Enterprise Cloud Security option · Enterprise Cloud Security option ... waf

Documents
Creating Successful APIs in the Enterprise

Creating Successful APIs in the Enterprise

Technology
Update Firmware Using OpenManage Enterprise RESTful APIs · 2019-10-11 · Executive summary 4 Updating Firmware using OpenManage Enterprise APIs Executive summary This document shows

Update Firmware Using OpenManage Enterprise RESTful APIs · 2019-10-11 · Executive summary 4 Updating Firmware using OpenManage Enterprise APIs Executive summary This document shows

Documents
Enhancing your Security APIs

Enhancing your Security APIs

Technology
APIs are critical to security people - FIRST · 2019-03-05 · -Libraries-Operating systems-Remote APIs-Web APIs. Why do Security people need APIs-Cyber requires different sources

APIs are critical to security people - FIRST · 2019-03-05 · -Libraries-Operating systems-Remote APIs-Web APIs. Why do Security people need APIs-Cyber requires different sources

Documents
Enterprise Security Baseline for LAN, Wireless LAN, and ... · PDF filee ape page 1 Enterprise Security Baseline Enterprise Security Baseline The Enterprise Security Baseline for LAN,

Enterprise Security Baseline for LAN, Wireless LAN, and ... · PDF filee ape page 1 Enterprise Security Baseline Enterprise Security Baseline The Enterprise Security Baseline for LAN,

Documents
Building APIs for the Modern Enterprise

Building APIs for the Modern Enterprise

Software
Enterprise Security Solutions OVERVIEW - Zones, Incmedia.zones.com/.../solutions-overview...micro-enterprise-security.pdf · Enterprise Security Solutions OVERVIEW. ... Security has,

Enterprise Security Solutions OVERVIEW - Zones, Incmedia.zones.com/.../solutions-overview...micro-enterprise-security.pdf · Enterprise Security Solutions OVERVIEW. ... Security has,

Documents