What do you think?
Rate this book
Advanced API Security: OAuth 2.0 and Beyond
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs.
Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits.
Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack.
What You Will Learn
Who This Book Is For
Enterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications.
Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits.
Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack.
What You Will Learn
Who This Book Is For
Enterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications.
- GenresTechnology
607 pages, Kindle Edition
Published December 16, 2019
20 people are currently reading
50 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
July 15, 2021
An excellent book, no doubts. Everything is explained in a clear and concise way. Step by step of the different processes (encryption, serialization, ...) makes it even easier to understand and recap. Plenty of nice examples, in Java, that go beyond Hello World. Topics are up to date for 2021. Really an excellent but still user friendly book for anyone interested in APIs, Security, Microservices and JSON.
May 21, 2023
Ótimo overview sobre o assunto, passando por princípios básicos de segurança de APIs até os mais diversos fundamentos do OAuth 2.0.
Talvez pelo tipo do conteúdo e, até porque não estamos aplicando no dia-a-dia todos os cenários apresentados, é um livro que pode ser bem maçante de ser lido de ponta-a-ponta.
Talvez pelo tipo do conteúdo e, até porque não estamos aplicando no dia-a-dia todos os cenários apresentados, é um livro que pode ser bem maçante de ser lido de ponta-a-ponta.
Displaying 1 - 2 of 2 reviews