國立虎尾科技大學 |

Advanced API Security = OAuth 2.0 and Beyond /

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Advanced API Security/ by Prabath Siriwardena.
Reminder of title:	OAuth 2.0 and Beyond /
Author:	Siriwardena, Prabath.
Description:	XIX, 449 p. 96 illus.online resource. :
Contained By:	Springer Nature eBook
Subject:	Data protection. -
Online resource:	https://doi.org/10.1007/978-1-4842-2050-4
ISBN:	9781484220504

Advanced API Security = OAuth 2.0 and Beyond /
Siriwardena, Prabath.

Advanced API SecurityOAuth 2.0 and Beyond /[electronic resource] :by Prabath Siriwardena. - 2nd ed. 2020. - XIX, 449 p. 96 illus.online resource.

1. APIs Rule!.-2. Designing Security for APIs.-3. Securing APIs with Transport Layer Security (TLS).-4. OAuth 2.0 Fundamentals.-5. Edge Security with an API Gateway.-6. OpenID Connect (OIDC).-7. Message Level Security with JSON Web Signature.-8. Message Level Security with JSON Web Encryption.-9. OAuth 2.0 Profiles.-10. Accessing APIs via Native Mobile Apps.-11. OAuth 2.0 Token Binding.-12. Federating Access to APIs.-13. User Managed Access.-14. OAuth 2.0 Security -- 15. Patterns and Practices -- 16: A. The Evolution of Identity Delegation -- 17: B. OAuth 1.0 -- 18: C. How Transport Layer Security Works -- 19: D. UMA Evolution -- 20: E. Base64URL Encoding -- 21: F. Basic/Digest Authentication -- 22: G. OAuth 2.0 MAC Token Profile.

Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0.

ISBN: 9781484220504

Standard No.: 10.1007/978-1-4842-2050-4doiSubjects--Topical Terms:

557764
Data protection.

LC Class. No.: QA76.9.A25

Dewey Class. No.: 005.8

Advanced API Security = OAuth 2.0 and Beyond /
LDR:03753nam a22003855i 4500 001 1025509
003 DE-He213
005 20200705051644.0
007 cr nn 008mamaa
008 210318s2020 xxu| s |||| 0|eng d
020 $a 9781484220504 $9 978-1-4842-2050-4
024 7 $a 10.1007/978-1-4842-2050-4 $2 doi
035 $a 978-1-4842-2050-4
050 4 $a QA76.9.A25
072 7 $a UR $2 bicssc
072 7 $a COM053000 $2 bisacsh
072 7 $a UR $2 thema
082 0 4 $a 005.8 $2 23
100 1 $a Siriwardena, Prabath. $4 aut $4 http://id.loc.gov/vocabulary/relators/aut $3 1211418
245 1 0 $a Advanced API Security $h [electronic resource] : $b OAuth 2.0 and Beyond / $c by Prabath Siriwardena.
250 $a 2nd ed. 2020.
264 1 $a Berkeley, CA : $b Apress : $b Imprint: Apress, $c 2020.
300 $a XIX, 449 p. 96 illus. $b online resource.
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
347 $a text file $b PDF $2 rda
505 0 $a 1. APIs Rule!.-2. Designing Security for APIs.-3. Securing APIs with Transport Layer Security (TLS).-4. OAuth 2.0 Fundamentals.-5. Edge Security with an API Gateway.-6. OpenID Connect (OIDC).-7. Message Level Security with JSON Web Signature.-8. Message Level Security with JSON Web Encryption.-9. OAuth 2.0 Profiles.-10. Accessing APIs via Native Mobile Apps.-11. OAuth 2.0 Token Binding.-12. Federating Access to APIs.-13. User Managed Access.-14. OAuth 2.0 Security -- 15. Patterns and Practices -- 16: A. The Evolution of Identity Delegation -- 17: B. OAuth 1.0 -- 18: C. How Transport Layer Security Works -- 19: D. UMA Evolution -- 20: E. Base64URL Encoding -- 21: F. Basic/Digest Authentication -- 22: G. OAuth 2.0 MAC Token Profile.
520 $a Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. You will: Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0.
650 0 $a Data protection. $3 557764
650 0 $a Special purpose computers. $3 1204562
650 0 $a Computer security. $3 557122
650 0 $a Programming languages (Electronic computers). $3 1127615
650 1 4 $a Security. $3 1114130
650 2 4 $a Special Purpose and Application-Based Systems. $3 669833
650 2 4 $a Systems and Data Security. $3 677062
650 2 4 $a Programming Languages, Compilers, Interpreters. $3 669782
710 2 $a SpringerLink (Online service) $3 593884
773 0 $t Springer Nature eBook
776 0 8 $i Printed edition: $z 9781484220498
776 0 8 $i Printed edition: $z 9781484220511
856 4 0 $u https://doi.org/10.1007/978-1-4842-2050-4
912 $a ZDB-2-CWD
912 $a ZDB-2-SXPC
950 $a Professional and Applied Computing (SpringerNature-12059)
950 $a Professional and Applied Computing (R0) (SpringerNature-43716)