Offline
Advanced API Security: OAuth 2.0 and Beyond by Prabath Siriwardena
English | December 17, 2019 | ISBN: 1484220498 | 468 pages | MOBI | 10 Mb
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs.
Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation.This book teaches you about using OAuth 2.0 and related profiles to access APIs securely with web applications, single-page applications, native mobile applications and browser-less applications. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits.
Security must be an integral part of any development project. This book shares best practices in designing APIs for better security. API security has evolved since the first edition of this book, and the growth of standards related API security has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for these standards. This book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitations and attacks.
What You Will LearnSecurely design, develop, and deploy enterprise APIsPick security standards and protocols to match business needsMitigate security exploits by understanding the OAuth 2.0 threat landscapeFederate identities to expand business APIs beyond the corporate firewallProtect microservices at the edge by securing their APIsDevelop native mobile applications to access APIs securelyIntegrate applications with SaaS APIs protected with OAuth 2.0Who This Book Is For
Enterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications.
Links are Interchangeable - No Password - Single Extraction
