Enviar pesquisa
Carregar
Securing your API Portfolio with API Management
•
2 gostaram
•
1,663 visualizações
CA Technologies
Seguir
Securing your API Portfolio with API Management
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 26
Baixar agora
Baixar para ler offline
Recomendados
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
API Management architect presentation
API Management architect presentation
sflynn073
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
Amazon Web Services
API Governance
API Governance
Sunil Kuchipudi
Api management best practices with wso2 api manager
Api management best practices with wso2 api manager
Chanaka Fernando
IBM API Connect - overview
IBM API Connect - overview
Ramy Bassem
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
SlideTeam
API Strategy Introduction
API Strategy Introduction
Doug Gregory
Recomendados
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
API Management architect presentation
API Management architect presentation
sflynn073
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
Amazon Web Services
API Governance
API Governance
Sunil Kuchipudi
Api management best practices with wso2 api manager
Api management best practices with wso2 api manager
Chanaka Fernando
IBM API Connect - overview
IBM API Connect - overview
Ramy Bassem
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
SlideTeam
API Strategy Introduction
API Strategy Introduction
Doug Gregory
Apigee Products Overview
Apigee Products Overview
Apigee | Google Cloud
API Management
API Management
Prolifics
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
API Management
API Management
atSistemas
APIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
Implementing Governance as Code
Implementing Governance as Code
Amazon Web Services
API Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
How to Execute a Successful API Strategy
How to Execute a Successful API Strategy
Matt McLarty
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge Architecture
Apigee | Google Cloud
Headless Architecture
Headless Architecture
Amandeep Singh
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
Amazon Web Services
Bringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered Backends
Apigee | Google Cloud
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
Software as a service
Software as a service
Divya korrapati
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
Apigee | Google Cloud
Mastering System Resiliency with AIOps
Mastering System Resiliency with AIOps
Peterson Technology Partners
AWS WAF
AWS WAF
Amazon Web Services
API Management
API Management
Roger van de Kimmenade
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
CA Technologies
Tech Talk: CA API Gateway: Deploying Docker Container Gateways
Tech Talk: CA API Gateway: Deploying Docker Container Gateways
CA Technologies
Mais conteúdo relacionado
Mais procurados
Apigee Products Overview
Apigee Products Overview
Apigee | Google Cloud
API Management
API Management
Prolifics
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
API Management
API Management
atSistemas
APIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
Implementing Governance as Code
Implementing Governance as Code
Amazon Web Services
API Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
How to Execute a Successful API Strategy
How to Execute a Successful API Strategy
Matt McLarty
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge Architecture
Apigee | Google Cloud
Headless Architecture
Headless Architecture
Amandeep Singh
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
Amazon Web Services
Bringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered Backends
Apigee | Google Cloud
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
Software as a service
Software as a service
Divya korrapati
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
Apigee | Google Cloud
Mastering System Resiliency with AIOps
Mastering System Resiliency with AIOps
Peterson Technology Partners
AWS WAF
AWS WAF
Amazon Web Services
API Management
API Management
Roger van de Kimmenade
Mais procurados
(20)
Apigee Products Overview
Apigee Products Overview
API Management
API Management
Introduction to AWS Security
Introduction to AWS Security
API Management
API Management
APIs in a Microservice Architecture
APIs in a Microservice Architecture
Implementing Governance as Code
Implementing Governance as Code
API Governance in the Enterprise
API Governance in the Enterprise
How to Execute a Successful API Strategy
How to Execute a Successful API Strategy
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge Architecture
Headless Architecture
Headless Architecture
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
Bringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered Backends
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
How Secure Are Your APIs?
How Secure Are Your APIs?
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
Software as a service
Software as a service
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
Mastering System Resiliency with AIOps
Mastering System Resiliency with AIOps
AWS WAF
AWS WAF
API Management
API Management
Destaque
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
CA Technologies
Tech Talk: CA API Gateway: Deploying Docker Container Gateways
Tech Talk: CA API Gateway: Deploying Docker Container Gateways
CA Technologies
Microservices Built for Digital Consumption
Microservices Built for Digital Consumption
CA Technologies
Api architectures for the modern enterprise
Api architectures for the modern enterprise
CA API Management
Case Study: Dell - APIs and Microservices for Cloud-Native Application Archit...
Case Study: Dell - APIs and Microservices for Cloud-Native Application Archit...
CA Technologies
Secure the Open Enterprise with CA API Management
Secure the Open Enterprise with CA API Management
CA Technologies
Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce ...
Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce ...
CA Technologies
Build Your Own Virtual API
Build Your Own Virtual API
CA Technologies
Application Development with API Manager
Application Development with API Manager
WSO2
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
CA Technologies
DevOps for a 10-Year-Old (Codebase)
DevOps for a 10-Year-Old (Codebase)
CA Technologies
Api security
Api security
teodorcotruta
Mediating Mature Services, ESBs and APIs: Lessons Learned from Five Years of ...
Mediating Mature Services, ESBs and APIs: Lessons Learned from Five Years of ...
CA Technologies
Pre-Con Ed: CA Live API Creator: How to Integrate Enterprise Data for Mobile ...
Pre-Con Ed: CA Live API Creator: How to Integrate Enterprise Data for Mobile ...
CA Technologies
Pre-Con Ed: CA Live API Creator: How to Create, Deploy, Secure and Scale an E...
Pre-Con Ed: CA Live API Creator: How to Create, Deploy, Secure and Scale an E...
CA Technologies
Pre-Con Education: Shift-Left Performance Testing for Shift-Forward Quality
Pre-Con Education: Shift-Left Performance Testing for Shift-Forward Quality
CA Technologies
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
CA Technologies
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
Nat Sakimura
Panel: Target and Bell Canada Leverage the Latest CA Innovations to Advance M...
Panel: Target and Bell Canada Leverage the Latest CA Innovations to Advance M...
CA Technologies
Case Study: Bespin Global Builds Hybrid Cloud Management Service With CA Unif...
Case Study: Bespin Global Builds Hybrid Cloud Management Service With CA Unif...
CA Technologies
Destaque
(20)
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
Tech Talk: CA API Gateway: Deploying Docker Container Gateways
Tech Talk: CA API Gateway: Deploying Docker Container Gateways
Microservices Built for Digital Consumption
Microservices Built for Digital Consumption
Api architectures for the modern enterprise
Api architectures for the modern enterprise
Case Study: Dell - APIs and Microservices for Cloud-Native Application Archit...
Case Study: Dell - APIs and Microservices for Cloud-Native Application Archit...
Secure the Open Enterprise with CA API Management
Secure the Open Enterprise with CA API Management
Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce ...
Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce ...
Build Your Own Virtual API
Build Your Own Virtual API
Application Development with API Manager
Application Development with API Manager
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
DevOps for a 10-Year-Old (Codebase)
DevOps for a 10-Year-Old (Codebase)
Api security
Api security
Mediating Mature Services, ESBs and APIs: Lessons Learned from Five Years of ...
Mediating Mature Services, ESBs and APIs: Lessons Learned from Five Years of ...
Pre-Con Ed: CA Live API Creator: How to Integrate Enterprise Data for Mobile ...
Pre-Con Ed: CA Live API Creator: How to Integrate Enterprise Data for Mobile ...
Pre-Con Ed: CA Live API Creator: How to Create, Deploy, Secure and Scale an E...
Pre-Con Ed: CA Live API Creator: How to Create, Deploy, Secure and Scale an E...
Pre-Con Education: Shift-Left Performance Testing for Shift-Forward Quality
Pre-Con Education: Shift-Left Performance Testing for Shift-Forward Quality
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
Panel: Target and Bell Canada Leverage the Latest CA Innovations to Advance M...
Panel: Target and Bell Canada Leverage the Latest CA Innovations to Advance M...
Case Study: Bespin Global Builds Hybrid Cloud Management Service With CA Unif...
Case Study: Bespin Global Builds Hybrid Cloud Management Service With CA Unif...
Semelhante a Securing your API Portfolio with API Management
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
CA Technologies
Pre-Con Ed: CA Live API Creator: Build and Deploy Enterprise-class APIs With...
Pre-Con Ed: CA Live API Creator: Build and Deploy Enterprise-class APIs With...
CA Technologies
Microservice Lifecycle Demo Presentation
Microservice Lifecycle Demo Presentation
Matt McLarty
Tech Tak: Threat Analytics for Privileged Access Management
Tech Tak: Threat Analytics for Privileged Access Management
CA Technologies
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
CA Technologies
Tech Talk: In the Voice of a Mainframe Millennial: How Can Mainframe Security...
Tech Talk: In the Voice of a Mainframe Millennial: How Can Mainframe Security...
CA Technologies
Tech Talk: Federate to an SAML-Enabled App in Minutes
Tech Talk: Federate to an SAML-Enabled App in Minutes
CA Technologies
Open Server Summit 2016 : AppliedMicro Slides
Open Server Summit 2016 : AppliedMicro Slides
Michael Major
Strategies for DevOps in the API and Microservices World
Strategies for DevOps in the API and Microservices World
CA Technologies
Pre-Con Ed: Monitor Your Cloud Infrastructure With CA Unified Infrastructure ...
Pre-Con Ed: Monitor Your Cloud Infrastructure With CA Unified Infrastructure ...
CA Technologies
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.
Isabelle Mauny
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
Miguel Angel Falcón Muñoz
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
CA Technologies
Securely Enabling the Digital Age
Securely Enabling the Digital Age
CA Technologies
Enabling a Hybrid Enterprise Application Launch Pad
Enabling a Hybrid Enterprise Application Launch Pad
CA Technologies
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
CA Technologies
Commercial Drones: Current State of the Industry
Commercial Drones: Current State of the Industry
Colin Snow
Enterprise Developers, Linux and z Systems - What you Need to Know
Enterprise Developers, Linux and z Systems - What you Need to Know
CA Technologies
Pre-Con Ed: Who's minding the SSO store?
Pre-Con Ed: Who's minding the SSO store?
CA Technologies
Gaps in Your Defense: Hacking the Mainframe
Gaps in Your Defense: Hacking the Mainframe
CA Technologies
Semelhante a Securing your API Portfolio with API Management
(20)
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
Pre-Con Ed: CA Live API Creator: Build and Deploy Enterprise-class APIs With...
Pre-Con Ed: CA Live API Creator: Build and Deploy Enterprise-class APIs With...
Microservice Lifecycle Demo Presentation
Microservice Lifecycle Demo Presentation
Tech Tak: Threat Analytics for Privileged Access Management
Tech Tak: Threat Analytics for Privileged Access Management
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Tech Talk: In the Voice of a Mainframe Millennial: How Can Mainframe Security...
Tech Talk: In the Voice of a Mainframe Millennial: How Can Mainframe Security...
Tech Talk: Federate to an SAML-Enabled App in Minutes
Tech Talk: Federate to an SAML-Enabled App in Minutes
Open Server Summit 2016 : AppliedMicro Slides
Open Server Summit 2016 : AppliedMicro Slides
Strategies for DevOps in the API and Microservices World
Strategies for DevOps in the API and Microservices World
Pre-Con Ed: Monitor Your Cloud Infrastructure With CA Unified Infrastructure ...
Pre-Con Ed: Monitor Your Cloud Infrastructure With CA Unified Infrastructure ...
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Securely Enabling the Digital Age
Securely Enabling the Digital Age
Enabling a Hybrid Enterprise Application Launch Pad
Enabling a Hybrid Enterprise Application Launch Pad
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
Commercial Drones: Current State of the Industry
Commercial Drones: Current State of the Industry
Enterprise Developers, Linux and z Systems - What you Need to Know
Enterprise Developers, Linux and z Systems - What you Need to Know
Pre-Con Ed: Who's minding the SSO store?
Pre-Con Ed: Who's minding the SSO store?
Gaps in Your Defense: Hacking the Mainframe
Gaps in Your Defense: Hacking the Mainframe
Mais de CA Technologies
CA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
CA Technologies
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
CA Technologies
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
CA Technologies
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
CA Technologies
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
CA Technologies
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
CA Technologies
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
CA Technologies
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
CA Technologies
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
CA Technologies
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
CA Technologies
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
CA Technologies
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
CA Technologies
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
CA Technologies
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
CA Technologies
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
CA Technologies
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
Mais de CA Technologies
(20)
CA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
Último
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
panagenda
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
ThousandEyes
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Scott Andery
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
panagenda
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Mydbops
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
Último
(20)
A Framework for Development in the AI Age
A Framework for Development in the AI Age
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
2024 April Patch Tuesday
2024 April Patch Tuesday
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
Securing your API Portfolio with API Management
1.
World® ’16 Securing Your API Portfolio With API Management Jeffrey Nibler - Vice President, API Management Division -
Acclaim Consulting DO3X18S DEVOPS
2.
2 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD © 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of warranty.
The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
3.
3 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Abstract This presentation by Acclaim Consulting covers all aspects of securing APIs and how an APIM solution offers the best flexibility and chance to meet all possible security use cases. The discussion will cover the differences between an APIM solution and typical WAM solutions, special security considerations around mobile security (including device registration with two-factor authentication) and Single- Page Web Application security, along with an overview of OpenID Connect, OAuth2, WS-Security and JWTs. Lastly, a brief case study will be presented on how Verizon and Duke Energy leverage the security features of CA API Management to protect their businesses. Jeffrey Nibler Acclaim Consulting VP, API Management
4.
4 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Agenda THE IMPORTANCE OF FLEXIBILITY APIM VS WAM SECURING APIS
FOR MOBILE, IOT, AND SPA JWT OPENID CONNECT VS OAUTH JOSE – “WS-SECURITY” FOR REST APIS 1 2 3 4 5 6 REAL-WORLD API SECURITY USE-CASES7
5.
5 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Importance of Flexibility Yes, but…….. Should API Publishers Dictate API Security?
6.
6 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Importance of Flexibility Yes, but…….. Should API Publishers Dictate API Security?
7.
7 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Importance of Flexibility Yes, but…….. Rules are written to be broken, by: § Customers §
Systems (3rd party applications) § Internal departments § Clients § Timelines Should API Publishers Dictate API Security?
8.
8 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Importance of Flexibility You need a centralized system to handle API security for all APIs, that is flexible and easy to implement & change. You need something to mask the authentication mechanisms of your back-end, to your front-end You want to remove security logic from your APIs This is where an API Gateway comes in Should API Publishers Dictate API Security? Simple/Light: JWT/Oauth More complex Gateway Internal Network User Agent
9.
9 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD APIM vs WAM Why do I need APIM if I have WAM? § WAM –
Designed for WEB Access Management § APIM – Designed specifically for API Management and API Security APIM WAM
10.
10 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD APIM vs WAM Why Do I Need APIM if I Have WAM? OVERLAP § Identity and Authentication –
User, Group § Access Management – Resource-Based – Cookies/Sessions § SSO/Federation – SAML, OAUTH, Kerberos
11.
11 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD APIM vs WAM Why Do I Need APIM if I Have WAM? SOME COMMON DIFFERENTIATORS § Identity and Authentication –
APIM’s can leverage Enterprise Active Directories or internal Identity Providers § Access Management – Better support for non-cookie based identification schemes – Access control by application instead of User – APIM provides fine-grain access control for SOAP and RESTful services – API Plans – Rate limiting, quotas, commoditizing § Message Payload Security – Remove sensitive elements from message responses based on user/role/app – Threat detection § Mobile & IoT Use Cases – Mobile Device Registration – Programmatic certification/CSR management – Mobile SDK Gateway WAM Mobile App Directory WAM: System of Record APIM: Point of Enforcement
12.
12 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD JWT JSON Web Token – Pronounced “JOT” What Are they? §
Compact, URL-safe mechanism for representing claims transferred between two parties – Can contain pre-defined reserved and public claims, as well as private claims § JSON-formatted, standardized tokens – Smaller and easier to implement than SAML/XML/SOAP – Easy for mobile applications to work with § Safe – Can’t be modified by client app – Uses JWS or JWE to sign or encrypt, symmetric or asymmetric § Self-contained - contents are readable – Ideal for microservices – High performing – No additional DB or API calls to validate or fetch data § Small, and very API-friendly – Ideal for enabling state in cross- application scenarios
13.
13 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD OpenID Connect Vs OAUTH What’s the Difference? OAUTH § Delegated Authorization Protocol §
For use in a three or four party model: – User – Website/Application (user agent) – Authorization Server – Protected Resource (most often in same domain as the authorization server) § NOT about Authentication OPENID CONNECT § Interoperable Authentication Protocol § Allows client application developers to outsource identity management to third parties (such as Facebook or Google) § Used to Authenticate and assert identity of a user § OpenID Connect Token is human-readable (JWT) and all required claims are included within, saving additional calls to DBs or APIs to retrieve this data § Token can be restricted to an audience § Stateless
14.
14 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD OpenID Connect Vs OAUTH When/Where Do I Use them? OAUTH § When you want to allow a third party application to view your Facebook Friends §
When you want to allow a third party website to make twitter posts on your behalf § If you are the Resource Provider and you want to allow your users to delegate access to their information to third party applications and user-agents OPENID CONNECT § When you want to authenticate a user – Via your own IDP – Via third party IDP § When you want a readable (if not encrypted), application-agnostic, JSON formatted authentication token that can easily be passed back and forth in API calls § When you do not want to pass login credentials with each API call
15.
15 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD OpenID Connect Vs OAUTH Why Shouldn’t I Use OAUTH for Authentication? § OAUTH tokens are generally long-lived §
OAUTH tokens contain no readable information, claims, or expiry – not even a User ID § When OAUTH is used for Authentication, client applications have implicit trust that the holder of the Access Token is the resource owner (the user), when a malicious site could hold the token – Once an Access Token is obtained, a malicious user or site could use the token to impersonate the user on any website that uses OAUTH Access Tokens as proof of authentication (using the client-flow). § Facebook and Google have implemented some proprietary work-arounds for some of these issues but OpenID Connect is a secure standard
16.
16 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD JOSE: “WS-Security” for REST APIs A Framework Intended to Provide a Method to Securely Transfer Claims Between Parties § WS-Security is part of the SOAP specification that describes structures for cryptographic keys, and defines cryptographic algorithms to be used for message signing and message encryption §
JOSE provides the same, but in JSON format making it ideal for REST services
17.
17 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Power of Two-Way SSL Hang Up! § Hackers try to penetrate systems through discovery –
What APIs do you have? – What is their endpoint? – What data elements do they contain? – Do they require authentication? – Are they vulnerable to injection, overflow, etc? § If a hacker doesn’t have a valid client-certificate, they are stopped at the connection level, before having the ability to attack
18.
18 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Two-Way SSL for Mobile Applications CA Mobile API Gateway § Web browsers and mobile devices are not well-suited for Two-Way SSL due to the manual processes involved in keypair management, CSR generation, certificate signing, establishing trust between two parties, and managing certificate expiry §
CA Mobile API Gateway solves this – Programmatically sign and establish trust for client certs Mobile API Gateway MOBILE API GATEWAY
19.
19 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Two-Way SSL for Mobile Applications CA Mobile API Gateway with 2-Factor Authentication Mobile API GatewayMobile Device Enterprise Directory User ID & PW Authentication API Call Validate with LDAP Return Success Auth
Token & Masked User Phone Numbers CRM Obtain User Phone Numbers Submit Request for Registration Code, with Masked Phone Number & Auth Token GW Maps Masked Phone to Actual Phone, Submits to CRM CRM Generates Registration Code and sends SMS to user Mobile Device Generates RSA 2048 Key Pair, using User’s ID + Device ID as CN, then CSR, Base-64 encoding CSR, submit API call to GW with Auth Token and Registration Code GW Validates Reg Code with CRM & on Success, Signs the CSR With it’s Key Pair, and Adds the Key Pair to the GW’s Trust Store GW Returns Signed CSR, Base64 Encoded to Mobile Device Which Stores it All Subsequent Calls to APIs made over mSSL GW Validates Cert and Allows Access To Protected APIs
20.
20 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD API Security Best-Practices Cheat-Sheet Best-Practices in General • Use TLS for Everything •
If Unable to Leverage Transport Layer Encryption • Message Signing if Message Contents are “public” (JWS) • Message Encryption if Message Contents are “private” (JWE) • Authorization Delegation • OAUTH2 • Persistence across APIs • OpenID Connect / JWT • Authentication (AuthN) • API-Based • OpenID Connect • Existing Enterprise Directory through the Gateway • Access Control (AuthZ) • Leverage existing Enterprise WAM system through the GW, or use the GW alone • Continuous Authentication • Patterns – IP change, geolocation, multiple connections, different applications • Threat Prevention • Throttling/Rate Limiting
21.
21 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD API Security Best-Practices Cheat-Sheet Best-Practices by Use-Case Mobile & IoT Apps Mutual SSL Two-factor Auth
+ OpenID Connect Single Page Apps OpenID Connect with API-Based login exposed by the gateway, leveraging an IDP All API calls from SPA route through API Gateway B2B: Mutual SSL Better than just an API key or shared secret - API key must be sent with each request and can be easily stolen
22.
22 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Duke Energy is the largest electric power holding company in the United States, supplying and delivering energy to approximately 7.3 million U.S. customers ACCELERATED IT: • API GW solution allowed mobile application to be quickly put into use in the field TRANSFORMED IT: •
Eliminated help desk, manual paper work-order process, and multiple sign-ons. Enabled internal AND external field workers to use electronic work orders SECURED IT: • Secured services with Mutual SSL. • Utilized tokens with Kerberos tickets for SSO to Maximo and ArcGIS § API Gateway, Mobile API Gateway, Developer Portal § Mobile Device Registration § Utilized API GW to provide SSO to non- linked multiple back- end systems via token § Field workers must login to three separate systems while in the field to view work orders § Third-party field workers may not access VPN so a costly, manual paper work- order process is utilized § New mobile application will result in the external exposure of APIs which must be highly secured CHALLENGE SOLUTION RESULTS
23.
23 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Verizon Telematics is a leading telematics provider providing services to the Hum by Verizon product, Network Fleet, Mercedes Benz Mbrace, VW Car-Net, and Nissan Connected Car ACCELERATED IT: • Two-phase roll-out allowed multiple clients to adopt new security within their ideal project timeline TRANSFORMED IT: •
Provided a single point of entry into all business services while leveraging existing enterprise Access Management and Authorization systems. SECURED IT: • All APIs have tracked sessions, threat detection, Mutual SSL, and fine-grain access control § API Gateway, Mobile API Gateway, Developer Portal § Mobile Device Registration with Two- Factor Authentication and Mutual SSL § Method-Level Access Control for SOAP services § Large rapidly expanding/evolving API Portfolio with a mix of SOAP and RESTful services § Many security components embedded in the business logic of the services or within the mobile applications CHALLENGE SOLUTION RESULTS
24.
24 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Questions?
25.
25 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Stay connected at communities.ca.com Thank you.
26.
@CAWORLD #CAWORLD © 2016 CA. All RIGHTS RESERVED.26 @CAWORLD #CAWORLD DevOps –
API Management and Application Development For more information on DevOps – API Management and Application Development, please visit: http://cainc.to/DL8ozQ
Baixar agora