SlideShare a Scribd company logo

Securing API data models

Download as PPTX, PDF
Jonathan LeBlanc
Jonathan LeBlanc

Security and Usability, two methodologies that have fought each other since the there was a login. As we have have progressed from a simple thought that even though something is painful developers will use it if it's secure, to an enlightened stage of good security and usability balance and judgement, we have seen the death of many specs and standards. Two open standards are leading the charge for this new auth age: OAuth 2 and OpenID Connect. In this talk we will explore the principles and standards behind API auth security, which will include: Using OAuth 2 and OpenID Connect as the entry point for secure API data auth - How those implementations have cannibalized previous standards to create something both secure and usable - How to practically use these standards.

Technology
1 of 16
Building on the Ashes of Past Standards Securing API Data Models Jonathan LeBlanc Head of Developer Evangelism (North America) Github: http://github.com/jcleblanc Slides: http://slideshare.net/jcleblanc Twitter: @jcleblanc
The Ultimate Decision Security Usability
The Insecure, Unmanageable Start
Very Secure, Long to Implement
Two Currently Widely Used Specs
Fetching a Code Prepare the Redirect URI Authorization Endpoint client_id response_type (code) scope redirect_uri nonce state Browser Redirect Redirect URI
Fetching the Access Token Fetch the Access Token Access Token Endpoint client_id code (query string) client_secret grant_type HTTP POST Access Token Endpoint
A few implementation differences Endpoints Scopes (dynamic / static) Using the Access Token in a request
How it’s Normally Used Access user details Push data through user social streams
But why? Access token as a control structure Improve Existing Products Our showcase: Seamless Checkout
A Few Code Links OAuth2 & OpenID Connect Samples https://github.com/jcleblanc/oauth https://github.com/paypal/paypal-access Log in with PayPal http://bit.ly/loginwithpaypal
http://bit.ly/securing_apis Thank You! Questions? Jonathan LeBlanc Head of Developer Evangelism (North America) Github: http://github.com/jcleblanc Slides: http://slideshare.net/jcleblanc Twitter: @jcleblanc

Recommended

Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software SecurityFuturice
 
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and DeliveryTLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and DeliveryAnna Royzman
 
Points.com fisheye crucible code reviews 2011
Points.com fisheye crucible code reviews 2011Points.com fisheye crucible code reviews 2011
Points.com fisheye crucible code reviews 2011pointstechgeeks
 
Codeigniter Introduction
Codeigniter IntroductionCodeigniter Introduction
Codeigniter IntroductionAshfan Ahamed
 
Mobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android AppMobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android AppAbhilash Venkata
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...Eric Shupps
 
Multi Team Architecture
Multi Team ArchitectureMulti Team Architecture
Multi Team ArchitectureSigma Software
 

Recommended

Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software SecurityFuturice
 
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and DeliveryTLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and DeliveryAnna Royzman
 
Points.com fisheye crucible code reviews 2011
Points.com fisheye crucible code reviews 2011Points.com fisheye crucible code reviews 2011
Points.com fisheye crucible code reviews 2011pointstechgeeks
 
Codeigniter Introduction
Codeigniter IntroductionCodeigniter Introduction
Codeigniter IntroductionAshfan Ahamed
 
Mobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android AppMobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android AppAbhilash Venkata
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...Eric Shupps
 
Multi Team Architecture
Multi Team ArchitectureMulti Team Architecture
Multi Team ArchitectureSigma Software
 
Crucible
CrucibleCrucible
CrucibleBrian Repko
 
What do you need to test API's?
What do you need to test API's? What do you need to test API's?
What do you need to test API's? Geraldo Massahud
 
WordPress for iOS - Under the Hood
WordPress for iOS - Under the HoodWordPress for iOS - Under the Hood
WordPress for iOS - Under the HoodAaron Douglas
 
Hypermedia API and how to document it effectively
Hypermedia API and how to document it effectivelyHypermedia API and how to document it effectively
Hypermedia API and how to document it effectivelySanjoy Kumar Roy
 
PHP Frameworks & Introduction to CodeIgniter
PHP Frameworks & Introduction to CodeIgniterPHP Frameworks & Introduction to CodeIgniter
PHP Frameworks & Introduction to CodeIgniterJamshid Hashimi
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
How to build custom connectors in MuleSOft
How to build custom connectors in MuleSOftHow to build custom connectors in MuleSOft
How to build custom connectors in MuleSOftSanthosh Ramagiri
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
Rest assured
Rest assuredRest assured
Rest assuredVarun Deshpande
 
ATD11_WebAPISecurity
ATD11_WebAPISecurityATD11_WebAPISecurity
ATD11_WebAPISecurityIvan Marković
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UIEmerasoft, solutions to collaborate
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
Android security testing
Android security testingAndroid security testing
Android security testingVodqaBLR
 
Introduction to API Design: REST and Java
Introduction to API Design: REST and JavaIntroduction to API Design: REST and Java
Introduction to API Design: REST and JavaPhilip Johnson
 
API Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsAPI Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsSmartBear
 
Custom connectorsinmule
Custom connectorsinmuleCustom connectorsinmule
Custom connectorsinmuleAjay Rana
 
Apiworld
ApiworldApiworld
ApiworldOwen Rubel
 
ColdSpring the basics
ColdSpring the basicsColdSpring the basics
ColdSpring the basicsTed Steinmann
 
Sql injection
Sql injectionSql injection
Sql injectionTech Bikram
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionBert Wagner
 
WordPress Visual Editor Mastery
WordPress Visual Editor MasteryWordPress Visual Editor Mastery
WordPress Visual Editor MasteryAnthony Hortin
 
Comprehensive Support for Self Management of Medications by a Networked Robot...
Comprehensive Support for Self Management of Medications by a Networked Robot...Comprehensive Support for Self Management of Medications by a Networked Robot...
Comprehensive Support for Self Management of Medications by a Networked Robot...Health Informatics New Zealand
 

More Related Content

What's hot

What do you need to test API's?
What do you need to test API's? What do you need to test API's?
What do you need to test API's? Geraldo Massahud
 
WordPress for iOS - Under the Hood
WordPress for iOS - Under the HoodWordPress for iOS - Under the Hood
WordPress for iOS - Under the HoodAaron Douglas
 
Hypermedia API and how to document it effectively
Hypermedia API and how to document it effectivelyHypermedia API and how to document it effectively
Hypermedia API and how to document it effectivelySanjoy Kumar Roy
 
PHP Frameworks & Introduction to CodeIgniter
PHP Frameworks & Introduction to CodeIgniterPHP Frameworks & Introduction to CodeIgniter
PHP Frameworks & Introduction to CodeIgniterJamshid Hashimi
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
How to build custom connectors in MuleSOft
How to build custom connectors in MuleSOftHow to build custom connectors in MuleSOft
How to build custom connectors in MuleSOftSanthosh Ramagiri
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
Android security testing
Android security testingAndroid security testing
Android security testingVodqaBLR
 
Introduction to API Design: REST and Java
Introduction to API Design: REST and JavaIntroduction to API Design: REST and Java
Introduction to API Design: REST and JavaPhilip Johnson
 
API Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsAPI Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsSmartBear
 
Custom connectorsinmule
Custom connectorsinmuleCustom connectorsinmule
Custom connectorsinmuleAjay Rana
 
ColdSpring the basics
ColdSpring the basicsColdSpring the basics
ColdSpring the basicsTed Steinmann
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionBert Wagner
 

What's hot (20)

Crucible
CrucibleCrucible
Crucible
 
What do you need to test API's?
What do you need to test API's? What do you need to test API's?
What do you need to test API's?
 
WordPress for iOS - Under the Hood
WordPress for iOS - Under the HoodWordPress for iOS - Under the Hood
WordPress for iOS - Under the Hood
 
Hypermedia API and how to document it effectively
Hypermedia API and how to document it effectivelyHypermedia API and how to document it effectively
Hypermedia API and how to document it effectively
 
PHP Frameworks & Introduction to CodeIgniter
PHP Frameworks & Introduction to CodeIgniterPHP Frameworks & Introduction to CodeIgniter
PHP Frameworks & Introduction to CodeIgniter
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
 
How to build custom connectors in MuleSOft
How to build custom connectors in MuleSOftHow to build custom connectors in MuleSOft
How to build custom connectors in MuleSOft
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
Rest assured
Rest assuredRest assured
Rest assured
 
ATD11_WebAPISecurity
ATD11_WebAPISecurityATD11_WebAPISecurity
ATD11_WebAPISecurity
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UI
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion Prevention
 
Android security testing
Android security testingAndroid security testing
Android security testing
 
Introduction to API Design: REST and Java
Introduction to API Design: REST and JavaIntroduction to API Design: REST and Java
Introduction to API Design: REST and Java
 
API Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsAPI Virtualization: Mocking on Steroids
API Virtualization: Mocking on Steroids
 
Custom connectorsinmule
Custom connectorsinmuleCustom connectorsinmule
Custom connectorsinmule
 
Apiworld
ApiworldApiworld
Apiworld
 
ColdSpring the basics
ColdSpring the basicsColdSpring the basics
ColdSpring the basics
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET Edition
 

Viewers also liked

WordPress Visual Editor Mastery
WordPress Visual Editor MasteryWordPress Visual Editor Mastery
WordPress Visual Editor MasteryAnthony Hortin
 
Comprehensive Support for Self Management of Medications by a Networked Robot...
Comprehensive Support for Self Management of Medications by a Networked Robot...Comprehensive Support for Self Management of Medications by a Networked Robot...
Comprehensive Support for Self Management of Medications by a Networked Robot...Health Informatics New Zealand
 
101 Ways to Elevate Yourself and Demand Higher Fees
101 Ways to Elevate Yourself and Demand Higher Fees101 Ways to Elevate Yourself and Demand Higher Fees
101 Ways to Elevate Yourself and Demand Higher FeesTroy Dean
 
PayPal on iOS + 9 great free app ideas
PayPal on iOS + 9 great free app ideasPayPal on iOS + 9 great free app ideas
PayPal on iOS + 9 great free app ideasCristiano Betta
 
Have you been vaccinated
Have you been vaccinatedHave you been vaccinated
Have you been vaccinatedoakke01
 
The Future of Identification
The Future of IdentificationThe Future of Identification
The Future of IdentificationJonathan LeBlanc
 
FinalPresentation_FINAL
FinalPresentation_FINALFinalPresentation_FINAL
FinalPresentation_FINALJames McKenna
 
Building a Dream Team
Building a Dream TeamBuilding a Dream Team
Building a Dream TeamMike Aparicio
 
Have you been vaccinated
Have you been vaccinatedHave you been vaccinated
Have you been vaccinatedoakke01
 
Direct Purposeful Experience
Direct Purposeful ExperienceDirect Purposeful Experience
Direct Purposeful ExperienceRenalyn Advincola
 
IoT Commerce using Ruby, PHP and Arduino
IoT Commerce using Ruby, PHP and Arduino IoT Commerce using Ruby, PHP and Arduino
IoT Commerce using Ruby, PHP and Arduino Steven Cooper
 
Internet of Things With PHP
Internet of Things With PHPInternet of Things With PHP
Internet of Things With PHPAdam Englander
 
Rapyuta a cloud robotics platform
Rapyuta a cloud robotics platformRapyuta a cloud robotics platform
Rapyuta a cloud robotics platformieeepondy
 
Teaching with Visual Symbols
Teaching with Visual SymbolsTeaching with Visual Symbols
Teaching with Visual SymbolsRenalyn Advincola
 
Building the future as a full stack dev
Building the future as a full stack devBuilding the future as a full stack dev
Building the future as a full stack devSteven Cooper
 

Viewers also liked (20)

WordPress Visual Editor Mastery
WordPress Visual Editor MasteryWordPress Visual Editor Mastery
WordPress Visual Editor Mastery
 
Comprehensive Support for Self Management of Medications by a Networked Robot...
Comprehensive Support for Self Management of Medications by a Networked Robot...Comprehensive Support for Self Management of Medications by a Networked Robot...
Comprehensive Support for Self Management of Medications by a Networked Robot...
 
101 Ways to Elevate Yourself and Demand Higher Fees
101 Ways to Elevate Yourself and Demand Higher Fees101 Ways to Elevate Yourself and Demand Higher Fees
101 Ways to Elevate Yourself and Demand Higher Fees
 
PayPal on iOS + 9 great free app ideas
PayPal on iOS + 9 great free app ideasPayPal on iOS + 9 great free app ideas
PayPal on iOS + 9 great free app ideas
 
Unihack2016 closing
Unihack2016 closingUnihack2016 closing
Unihack2016 closing
 
Have you been vaccinated
Have you been vaccinatedHave you been vaccinated
Have you been vaccinated
 
The Future of Identification
The Future of IdentificationThe Future of Identification
The Future of Identification
 
FinalPresentation_FINAL
FinalPresentation_FINALFinalPresentation_FINAL
FinalPresentation_FINAL
 
IoTMelb
IoTMelbIoTMelb
IoTMelb
 
Container Days
Container DaysContainer Days
Container Days
 
Building a Dream Team
Building a Dream TeamBuilding a Dream Team
Building a Dream Team
 
Have you been vaccinated
Have you been vaccinatedHave you been vaccinated
Have you been vaccinated
 
Direct Purposeful Experience
Direct Purposeful ExperienceDirect Purposeful Experience
Direct Purposeful Experience
 
IoT Commerce using Ruby, PHP and Arduino
IoT Commerce using Ruby, PHP and Arduino IoT Commerce using Ruby, PHP and Arduino
IoT Commerce using Ruby, PHP and Arduino
 
Internet of Things With PHP
Internet of Things With PHPInternet of Things With PHP
Internet of Things With PHP
 
Rapyuta a cloud robotics platform
Rapyuta a cloud robotics platformRapyuta a cloud robotics platform
Rapyuta a cloud robotics platform
 
Teaching with Visual Symbols
Teaching with Visual SymbolsTeaching with Visual Symbols
Teaching with Visual Symbols
 
Holiday in romania
Holiday in romaniaHoliday in romania
Holiday in romania
 
Building the future as a full stack dev
Building the future as a full stack devBuilding the future as a full stack dev
Building the future as a full stack dev
 
ARTICLE
ARTICLEARTICLE
ARTICLE
 

Similar to Securing API data models

Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf HechtThe Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf HechtAsaf Hecht
 
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudGetting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudRevelation Technologies
 
JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Abdelmonaim Remani
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Dejan Glozic
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2Kallex
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point SARCCOM
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulatorPrachi Singhal
 

Similar to Securing API data models (20)

Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf HechtThe Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudGetting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
 
JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
JavaCro'15 - Web UI best practice integration with Java EE 7 - Peter Lehto
JavaCro'15 - Web UI best practice integration with Java EE 7 - Peter LehtoJavaCro'15 - Web UI best practice integration with Java EE 7 - Peter Lehto
JavaCro'15 - Web UI best practice integration with Java EE 7 - Peter Lehto
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Designing JavaScript APIs
Designing JavaScript APIsDesigning JavaScript APIs
Designing JavaScript APIs
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
Security testing
Security testingSecurity testing
Security testing
 
The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
A Case Study of Using Selenium IDE and WebDriver_Word Doc
A Case Study of Using Selenium IDE and WebDriver_Word DocA Case Study of Using Selenium IDE and WebDriver_Word Doc
A Case Study of Using Selenium IDE and WebDriver_Word Doc
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulator
 

More from Jonathan LeBlanc

Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessJonathan LeBlanc
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer WorkshopJonathan LeBlanc
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security PracticesJonathan LeBlanc
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI ElementsJonathan LeBlanc
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingJonathan LeBlanc
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyJonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensJonathan LeBlanc
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchJonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityJonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data SecurityJonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityJonathan LeBlanc
 

More from Jonathan LeBlanc (20)

Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
 
Box Platform Overview
Box Platform OverviewBox Platform Overview
Box Platform Overview
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
 
Kill All Passwords
Kill All PasswordsKill All Passwords
Kill All Passwords
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Securing API data models

Editor's Notes

  1. This is where REST and OAuth 2 come in