關於本電子書
"A comprehensive guide to designing and implementing secure services. A must-read book for all API practitioners who manage security." - Gilberto Taccari, Penta
API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography.
A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
APIs control data sharing in every service, server, data store, and web client. Modern data-centric designs—including microservices and cloud-native applications—demand a comprehensive, multi-layered approach to security for both private and public-facing APIs.
About the book
API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. When you’re done, you’ll be able to create APIs that stand up to complex threat models and hostile environments.
What's inside
Authentication
Authorization
Audit logging
Rate limiting
Encryption
About the reader
For developers with experience building RESTful APIs. Examples are in Java.
About the author
Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science.
Table of Contents
PART 1 - FOUNDATIONS
1 What is API security?
2 Secure API development
3 Securing the Natter API
PART 2 - TOKEN-BASED AUTHENTICATION
4 Session cookie authentication
5 Modern token-based authentication
6 Self-contained tokens and JWTs
PART 3 - AUTHORIZATION
7 OAuth2 and OpenID Connect
8 Identity-based access control
9 Capability-based security and macaroons
PART 4 - MICROSERVICE APIs IN KUBERNETES
10 Microservice APIs in Kubernetes
11 Securing service-to-service APIs
PART 5 - APIs FOR THE INTERNET OF THINGS
12 Securing IoT communications
13 Securing IoT APIs
API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography.
A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
APIs control data sharing in every service, server, data store, and web client. Modern data-centric designs—including microservices and cloud-native applications—demand a comprehensive, multi-layered approach to security for both private and public-facing APIs.
About the book
API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. When you’re done, you’ll be able to create APIs that stand up to complex threat models and hostile environments.
What's inside
Authentication
Authorization
Audit logging
Rate limiting
Encryption
About the reader
For developers with experience building RESTful APIs. Examples are in Java.
About the author
Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science.
Table of Contents
PART 1 - FOUNDATIONS
1 What is API security?
2 Secure API development
3 Securing the Natter API
PART 2 - TOKEN-BASED AUTHENTICATION
4 Session cookie authentication
5 Modern token-based authentication
6 Self-contained tokens and JWTs
PART 3 - AUTHORIZATION
7 OAuth2 and OpenID Connect
8 Identity-based access control
9 Capability-based security and macaroons
PART 4 - MICROSERVICE APIs IN KUBERNETES
10 Microservice APIs in Kubernetes
11 Securing service-to-service APIs
PART 5 - APIs FOR THE INTERNET OF THINGS
12 Securing IoT communications
13 Securing IoT APIs
評分和評論
4.0
2則評論
關於作者
Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science.
為這本電子書評分
歡迎提供意見。
閱讀資訊
智慧型手機與平板電腦
筆記型電腦和電腦
你可以使用電腦的網路瀏覽器聆聽你在 Google Play 購買的有聲書。
電子書閱讀器與其他裝置
如要在 Kobo 電子閱讀器這類電子書裝置上閱覽書籍,必須將檔案下載並傳輸到該裝置上。請按照說明中心的詳細操作說明,將檔案傳輸到支援的電子閱讀器上。
