Advanced API Security: OAuth 2. 0 and Beyond
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a...
Saved in:
| Main Author: | |
|---|---|
| Format: | Electronic eBook |
| Language: | English |
| Published: |
Berkeley, CA
Apress L.P.
2020
|
| Edition: | 2nd ed. |
| Subjects: | |
| Links: | https://learning.oreilly.com/library/view/-/9781484220504/?ar |
| Summary: | Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0. |
| Item Description: | JWT Claims Set. - Print version record |
| Physical Description: | 1 Online-Ressource (455 Seiten) |
| ISBN: | 9781484220504 1484220501 |
Staff View
MARC
| LEADER | 00000cam a22000002c 4500 | ||
|---|---|---|---|
| 001 | ZDB-30-ORH-049352490 | ||
| 003 | DE-627-1 | ||
| 005 | 20240228120938.0 | ||
| 007 | cr uuu---uuuuu | ||
| 008 | 200120s2020 xx |||||o 00| ||eng c | ||
| 020 | |a 9781484220504 |c electronic bk. |9 978-1-4842-2050-4 | ||
| 020 | |a 1484220501 |c electronic bk. |9 1-4842-2050-1 | ||
| 035 | |a (DE-627-1)049352490 | ||
| 035 | |a (DE-599)KEP049352490 | ||
| 035 | |a (ORHE)9781484220504 | ||
| 035 | |a (DE-627-1)049352490 | ||
| 040 | |a DE-627 |b ger |c DE-627 |e rda | ||
| 041 | |a eng | ||
| 082 | 0 | |a 005.3 |2 23 | |
| 100 | 1 | |a Siriwardena, Prabath |e VerfasserIn |4 aut | |
| 245 | 1 | 0 | |a Advanced API Security |b OAuth 2. 0 and Beyond |c Prabath Siriwardena |
| 250 | |a 2nd ed. | ||
| 264 | 1 | |a Berkeley, CA |b Apress L.P. |c 2020 | |
| 300 | |a 1 Online-Ressource (455 Seiten) | ||
| 336 | |a Text |b txt |2 rdacontent | ||
| 337 | |a Computermedien |b c |2 rdamedia | ||
| 338 | |a Online-Ressource |b cr |2 rdacarrier | ||
| 500 | |a JWT Claims Set. - Print version record | ||
| 520 | |a Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0. | ||
| 650 | 0 | |a Application software |x Security measures | |
| 650 | 4 | |a Logiciels d'application ; Sécurité ; Mesures | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Computers, Special purpose | |
| 650 | 4 | |a Data protection | |
| 650 | 4 | |a Programming languages (Electronic computers) | |
| 776 | 1 | |z 9781484220498 | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |z 9781484220498 |
| 966 | 4 | 0 | |l DE-91 |p ZDB-30-ORH |q TUM_PDA_ORH |u https://learning.oreilly.com/library/view/-/9781484220504/?ar |m X:ORHE |x Aggregator |z lizenzpflichtig |3 Volltext |
| 912 | |a ZDB-30-ORH | ||
| 912 | |a ZDB-30-ORH | ||
| 951 | |a BO | ||
| 912 | |a ZDB-30-ORH | ||
| 049 | |a DE-91 | ||
Record in the Search Index
| DE-BY-TUM_katkey | ZDB-30-ORH-049352490 |
|---|---|
| _version_ | 1831287063446552577 |
| adam_text | |
| any_adam_object | |
| author | Siriwardena, Prabath |
| author_facet | Siriwardena, Prabath |
| author_role | aut |
| author_sort | Siriwardena, Prabath |
| author_variant | p s ps |
| building | Verbundindex |
| bvnumber | localTUM |
| collection | ZDB-30-ORH |
| ctrlnum | (DE-627-1)049352490 (DE-599)KEP049352490 (ORHE)9781484220504 |
| dewey-full | 005.3 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.3 |
| dewey-search | 005.3 |
| dewey-sort | 15.3 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| edition | 2nd ed. |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>03297cam a22004572c 4500</leader><controlfield tag="001">ZDB-30-ORH-049352490</controlfield><controlfield tag="003">DE-627-1</controlfield><controlfield tag="005">20240228120938.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">200120s2020 xx |||||o 00| ||eng c</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781484220504</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">978-1-4842-2050-4</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1484220501</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">1-4842-2050-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)049352490</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KEP049352490</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ORHE)9781484220504</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)049352490</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.3</subfield><subfield code="2">23</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Siriwardena, Prabath</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Advanced API Security</subfield><subfield code="b">OAuth 2. 0 and Beyond</subfield><subfield code="c">Prabath Siriwardena</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">2nd ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Berkeley, CA</subfield><subfield code="b">Apress L.P.</subfield><subfield code="c">2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (455 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">JWT Claims Set. - Print version record</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Application software</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Logiciels d'application ; Sécurité ; Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computers, Special purpose</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Programming languages (Electronic computers)</subfield></datafield><datafield tag="776" ind1="1" ind2=" "><subfield code="z">9781484220498</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">9781484220498</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-ORH</subfield><subfield code="q">TUM_PDA_ORH</subfield><subfield code="u">https://learning.oreilly.com/library/view/-/9781484220504/?ar</subfield><subfield code="m">X:ORHE</subfield><subfield code="x">Aggregator</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">BO</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield></record></collection> |
| id | ZDB-30-ORH-049352490 |
| illustrated | Not Illustrated |
| indexdate | 2025-05-05T13:23:58Z |
| institution | BVB |
| isbn | 9781484220504 1484220501 |
| language | English |
| open_access_boolean | |
| owner | DE-91 DE-BY-TUM |
| owner_facet | DE-91 DE-BY-TUM |
| physical | 1 Online-Ressource (455 Seiten) |
| psigel | ZDB-30-ORH TUM_PDA_ORH ZDB-30-ORH |
| publishDate | 2020 |
| publishDateSearch | 2020 |
| publishDateSort | 2020 |
| publisher | Apress L.P. |
| record_format | marc |
| spelling | Siriwardena, Prabath VerfasserIn aut Advanced API Security OAuth 2. 0 and Beyond Prabath Siriwardena 2nd ed. Berkeley, CA Apress L.P. 2020 1 Online-Ressource (455 Seiten) Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier JWT Claims Set. - Print version record Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0. Application software Security measures Logiciels d'application ; Sécurité ; Mesures Computer security Computers, Special purpose Data protection Programming languages (Electronic computers) 9781484220498 Erscheint auch als Druck-Ausgabe 9781484220498 |
| spellingShingle | Siriwardena, Prabath Advanced API Security OAuth 2. 0 and Beyond Application software Security measures Logiciels d'application ; Sécurité ; Mesures Computer security Computers, Special purpose Data protection Programming languages (Electronic computers) |
| title | Advanced API Security OAuth 2. 0 and Beyond |
| title_auth | Advanced API Security OAuth 2. 0 and Beyond |
| title_exact_search | Advanced API Security OAuth 2. 0 and Beyond |
| title_full | Advanced API Security OAuth 2. 0 and Beyond Prabath Siriwardena |
| title_fullStr | Advanced API Security OAuth 2. 0 and Beyond Prabath Siriwardena |
| title_full_unstemmed | Advanced API Security OAuth 2. 0 and Beyond Prabath Siriwardena |
| title_short | Advanced API Security |
| title_sort | advanced api security oauth 2 0 and beyond |
| title_sub | OAuth 2. 0 and Beyond |
| topic | Application software Security measures Logiciels d'application ; Sécurité ; Mesures Computer security Computers, Special purpose Data protection Programming languages (Electronic computers) |
| topic_facet | Application software Security measures Logiciels d'application ; Sécurité ; Mesures Computer security Computers, Special purpose Data protection Programming languages (Electronic computers) |
| work_keys_str_mv | AT siriwardenaprabath advancedapisecurityoauth20andbeyond |