Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface 1. Introducing API Security Concepts
1.1 Identity is at the Forefront of API Security 1.2 Neo-Security Stack 1.3 OAuth Basics 1.4 OpenID Connect 1.5 JSON Identity Suite 1.6 Neo-Security Stack Protocols Increase API Security 1.7 The Myth of API Keys 1.8 Access Management 1.9 IoT Security 1.10 Using Proven Standards
2. The 4 Defenses of The API Stronghold
2.1 Balancing Access and Permissions 2.2 Authentication: Identity 2.3 Authorization: Access 2.4 Federation: Reusing Credentials & Spreading Resources 2.5 Delegation: The Signet of (Limited) Power 2.6 Holistic Security vs. Singular Approach 2.7 Application For APIs
3. Equipping Your API With the Right Armor: 3 Approaches to Provisioning
3.1 Differences In API Approaches: Private, Public, & Partner APIs 3.2 Considerations and Caveats 3.3 So Where Is The Middle Ground? 3.4 Real-World Failure 3.5 Two Real-World Successes 3.6 Conclusion
4. Your API is Vulnerable: 4 Top Security Risks to Mitigate
4.1 Gauging Vulnerabilities 4.2 Black Hat vs. White Hat Hackers 4.3 Risk 1 - Security Relies on the Developer 4.4 Risk 2 - “Just Enough” Coding 4.5 Risk 3 - Misunderstanding Your Ecosystem 4.6 Risk 4 - Trusting the API Consumer With Too Much Control 4.7 Conclusion
5. Deep Dive into OAuth and OpenID Connect
5.1 OAuth and OpenID Connect in Context 5.2 Start with a Secure Foundation 5.3 Overview of OAuth 5.4 Actors in OAuth 5.5 Scopes 5.6 Kinds of Tokens 5.7 Passing Tokens 5.8 Profiles of Tokens 5.9 Types of Tokens 5.10 OAuth Flow 5.11 Improper and Proper Uses of OAuth 5.12 Building OpenID Connect Atop OAuth 5.13 Conclusion
6. Unique Authorization Applications of OpenID Connect
6.1 How OpenID Connect Enables Native SSO 6.2 How to Use OpenID Connect to Enable Mobile Information Management and BYOD 6.3 How OpenID Connect Enables the Internet of Things
7. How To Control User Identity Within Microservices
7.1 What Are Microservices, Again? 7.2 Great, So What’s The Problem? 7.3 The Solution: OAuth As A Delegation Protocol 7.4 The Simplified OAuth 2 Flow 7.5 The OpenID Connect Flow 7.6 Using JWT For OAuth Access Tokens 7.7 Let All Microservices Consume JWT 7.8 Why Do This?
8. Data Sharing in the IoT
8.1 A New Economy Based on Shared, Delegated Ownership 8.2 Connected Bike Lock Example IoT Device 8.3 How This Works 8.4 Option #1: Access Tables 8.5 Option #2: Delegated Tokens: OpenID Connect 8.6 Review:
9. Securing Your Data Stream with P2P Encryption
9.1 Why Encrypt Data? 9.2 Defining Terms 9.3 Variants of Key Encryption 9.4 Built-in Encryption Solutions 9.5 External Encryption Solutions 9.6 Use-Case Scenarios 9.7 Example Code Executions 9.8 Conclusion
10. Day Zero Flash Exploits and Versioning Techniques
10.1 Short History of Dependency-Centric Design Architecture 10.2 The Hotfix — Versioning 10.3 Dependency Implementation Steps: EIT 10.4 Lessons Learned 10.5 Conclusion
11. Fostering an Internal Culture of Security
11.1 Holistic Security — Whose Responsibility? 11.2 The Importance of CIA: Confidentiality, Integrity, Availability 11.3 4 Aspects of a Security Culture 11.4 Considering “Culture” 11.5 All Organizations Should Perpetuate an Internal Culture of Security
Resources
API Themed Events API Security Talks: Follow the Nordic APIs Blog More eBooks by Nordic APIs:
Endnotes
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion