SlideShare a Scribd company logo

Securing RESTful services with Spring HATEOAS & Hdiv

Hdiv Security
Hdiv Security

Securing your REST services with Spring HATEOAS and Hdiv, shown at Spring IO 16.

Software
1 of 48
Download to read offline
Securing RESTful services with Spring HATEOAS & Hdiv Roberto Velasco @hdivroberto
About me Spring I/O 2016 Roberto Velasco CEO at Hdiv Security Working as Java Software Architect since 2004
About me Spring I/O 2016 Involved in Software Security since 2001 Roberto Velasco CEO at Hdiv Security
About me Spring I/O 2016 Hdiv Security Framework founder in 2008 Roberto Velasco CEO at Hdiv Security
It’s not about Spring I/O 2016 Authentication Role Based Access Control Best Practices Security Automation Security by Design It’s about About this talk
Agenda APIs security overview Spring I/O 2016 1 2 3 4 Why The solution Spring HATEOAS & Hdiv
Spring I/O 2016 1 APIS SECURITY OVERVIEW
APIs everywhere Spring I/O 2016
Spring I/O 2016 The old new things What about security in this new scenario?
Spring I/O 2016 LET’S SEE A DEMO Spring HATEOAS & Android
Spring I/O 2016 The old new things The most important remains the same representedby OWASP Top 10 Client-side approach let us more exposed Controller inside the client More business logic in the client side
Spring I/O 2016 Spring  I/O  2016 86% of all websites tested had at least 1 serious vulnerability How big is the problem
Spring I/O 2016 WHY 2
Spring I/O 2016 Security issues Design FlawsBugs SQL Injection XSS etc. Forget authenticatean user. Non authorized access to a register. Easy to find and fix No tool to find and complex to fix
Spring I/O 2016 Design Flaws IEEE Cyber Security
Spring I/O 2016 Spring  I/O  2016 Why Current technology to develop services is insecure by default
Spring I/O 2016 Spring  I/O  2016 Why Don’t protect from bugs and design flaws
Spring I/O 2016 Spring  I/O  2016 Security depends on people Why
Spring I/O 2016 Security solutions Recommended for security bugs Detected issues must be solved by developers AST Application Security Testing
Spring I/O 2016 WAF Web Application Firewall Security solutions Try  to  protect from bugs  and security design flaws but…
Spring I/O 2016 WAF Web Application Firewall Security solutions False positives Costly implementation
Spring I/O 2016 Summary Foundational software providers Don’t protect from bugs neither security design flaws Security providers Bugs are well detected by AST Represents a significant fixing work from developers Design flaws not properly covered by WAFs
Spring I/O 2016 THE SOLUTION 3
The solution Different problems require different solutions Spring I/O 2016
The solution for… Design flaws Spring I/O 2016 Current approach Everything open, close manually
Spring I/O 2016 Proposed approach Security By Default The solution for… Design flaws Everything closedby default, open manually
Spring I/O 2016 The server defines what is allowed The solution for… Design flaws
Spring I/O 2016 The server defines what is allowed The solution for… Design flaws Hypermedia
Spring I/O 2016 The solution for… Design flaws The server rejects all the request that don’t respect the original contract
Spring I/O 2016 The solution for… Design flaws B O R N S E C U R E The server rejects all the request that don’t respect the original contract
Spring I/O 2016 Integrity validation for read-only data The solution for… Design flaws B O R N S E C U R E White & Black list validation for editable data (text fields)
Spring I/O 2016 We need a detection mechanism The solution for… Bugs
Spring I/O 2016 We need a detection mechanism The solution for… Bugs AST tools
Spring I/O 2016 We need to automate the protection of the detected issues The solution for… Bugs
Spring I/O 2016 We need to automate the protection of the detected issues The solution for… Bugs B O R N S E C U R E
Spring I/O 2016 Don’t do anything for read-only data The solution for… Bugs B O R N S E C U R E Strict white-list validation from vulnerable text fields Shows the error in the text field
Spring I/O 2016 SPRING HATEOAS & Hdiv 4
Spring HATEOAS Spring I/O 2016 The most important HATEOAS implementation in Java Includesa format for links Form complete definition not covered Based on HAL
Form support Pull Request Spring I/O 2016 Mike Amundsen Participants & Collaborators https://github.com/spring- projects/spring-hateoas/pull/447 B O R N S E C U R E Dietrich Schulten Oliver Gierke Supported hypermedia formats Forms: HAL-FORMS, Siren, HTML Links: HAL
Spring I/O 2016 Form Support in Action @RequestMapping(method = RequestMethod.GET) public ResourceSupport charge() { ResourceSupport resourceSupport = new ResourceSupport(); resourceSupport.add(linkTo(methodOn(TransferController.class).charge(new Charge())).build()); // code omitted here return resourceSupport; } public class Charge { private String fromAccount; private double amount; public Charge(@Select(options = CashAccountOptions.class) String fromAccount, @Input(editable = true, required = true) double amount) { // code omitted here } } Form definition example
Spring I/O 2016 { "_links":  { "self":  { "href":  "http://localhost:9000/hdiv-­‐ee-­‐bank-­‐services/api/transfer?rel=halforms:make-­‐transfer" }, "curies":  [ {"href":"{href}{?rel}",   "name" :  "halforms",  "templated":  true} ] }, "_templates":  { "default":  { "method":  "POST", "properties":  [ {"name":  "fromAccount",  "readOnly":  true,  "suggest":  [ {"value":"00948343154448310446",  "prompt":"Checking  Account"},   {"value":"91123204989505683033",  "prompt":"Individual  Retirement      Accounts  (IRAs)"} ]}, {"name":"toAccount",  "readOnly":false,  required":  true}, {"name":"description",  "readOnly":  false,  "required":  true}, {"name":"amount",  "readOnly":  false,  "value":  "0.0",  "required":  true}, {"name":"fee",   "readOnly":  true,  "value":  "5.0"}, ]} } } Several form formats are supported HAL-FORMS example
Spring I/O 2016 Spring  I/O  2016 Try it! hdivsecurity.com/try-it-springio B O R N S E C U R E
Summary Spring I/O 2016 Hypermedia offers an excelent foundation to cover security design
Summary Spring I/O 2016 Hypermedia helps to automate the protection against detected security bugs
Summary Spring I/O 2016 It is necessary hypermedia formats to cover 100% of interactions
Summary Spring I/O 2016 Spring HATEOAS and Hdiv make it possible to automate many security tasks
Spring I/O 2016 Questions & Answers
Spring I/O 2016 Roberto Velasco Hdiv Founder roberto@hdivsecurity.com Thanks!

Recommended

Londonguide microsoft app
Londonguide microsoft appLondonguide microsoft app
Londonguide microsoft appdhekanenandkishor
 
Seguridad web mediante Spring MVC y HDIV
Seguridad web mediante Spring MVC y HDIVSeguridad web mediante Spring MVC y HDIV
Seguridad web mediante Spring MVC y HDIVHdiv Security
 
API-driven Legacy Migration: Results from Project Winterfell
API-driven Legacy Migration: Results from Project WinterfellAPI-driven Legacy Migration: Results from Project Winterfell
API-driven Legacy Migration: Results from Project WinterfellKeith McFarlane
 
API Services: Building Apps That Stand Out
API Services: Building Apps That Stand OutAPI Services: Building Apps That Stand Out
API Services: Building Apps That Stand OutApigee | Google Cloud
 
REST и HATEOAS
REST и HATEOASREST и HATEOAS
REST и HATEOASArtem Bey
 
Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...
Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...
Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...VMware Tanzu
 
Hypermedia api (HATEOAS)
Hypermedia api (HATEOAS)Hypermedia api (HATEOAS)
Hypermedia api (HATEOAS)MitinPavel
 
HCLT Whitepaper: Legacy Modernization
HCLT Whitepaper: Legacy Modernization HCLT Whitepaper: Legacy Modernization
HCLT Whitepaper: Legacy Modernization HCL Technologies
 

Recommended

Londonguide microsoft app
Londonguide microsoft appLondonguide microsoft app
Londonguide microsoft appdhekanenandkishor
 
Seguridad web mediante Spring MVC y HDIV
Seguridad web mediante Spring MVC y HDIVSeguridad web mediante Spring MVC y HDIV
Seguridad web mediante Spring MVC y HDIVHdiv Security
 
API-driven Legacy Migration: Results from Project Winterfell
API-driven Legacy Migration: Results from Project WinterfellAPI-driven Legacy Migration: Results from Project Winterfell
API-driven Legacy Migration: Results from Project WinterfellKeith McFarlane
 
API Services: Building Apps That Stand Out
API Services: Building Apps That Stand OutAPI Services: Building Apps That Stand Out
API Services: Building Apps That Stand OutApigee | Google Cloud
 
REST и HATEOAS
REST и HATEOASREST и HATEOAS
REST и HATEOASArtem Bey
 
Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...
Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...
Modernizing the Legacy - How Dish is Adapting its SOA Services for a Cloud Fi...VMware Tanzu
 
Hypermedia api (HATEOAS)
Hypermedia api (HATEOAS)Hypermedia api (HATEOAS)
Hypermedia api (HATEOAS)MitinPavel
 
HCLT Whitepaper: Legacy Modernization
HCLT Whitepaper: Legacy Modernization HCLT Whitepaper: Legacy Modernization
HCLT Whitepaper: Legacy Modernization HCL Technologies
 
BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud Alexander SAMARIN
 
How to become a Product Samurai - Chris Lukassen
How to become a Product Samurai - Chris LukassenHow to become a Product Samurai - Chris Lukassen
How to become a Product Samurai - Chris LukassenAvisi B.V.
 
Apiworld
ApiworldApiworld
ApiworldOwen Rubel
 
Legacy to industry leader: a modernization case study
Legacy to industry leader: a modernization case studyLegacy to industry leader: a modernization case study
Legacy to industry leader: a modernization case studyOSSCube
 
Twilio Signal 2016 API Architecture
Twilio Signal 2016 API ArchitectureTwilio Signal 2016 API Architecture
Twilio Signal 2016 API ArchitectureTwilio Inc
 
LeaseWeb API Architecture @ APINL Meetup
LeaseWeb API Architecture @ APINL MeetupLeaseWeb API Architecture @ APINL Meetup
LeaseWeb API Architecture @ APINL MeetupRolph Haspers
 
SOA Pattern : Legacy Wrappers
SOA Pattern : Legacy Wrappers SOA Pattern : Legacy Wrappers
SOA Pattern : Legacy Wrappers WSO2
 
Updating Legacy Systems: Making the Financial Case for a Modernization Project
Updating Legacy Systems: Making the Financial Case for a Modernization Project Updating Legacy Systems: Making the Financial Case for a Modernization Project
Updating Legacy Systems: Making the Financial Case for a Modernization Project ILM Professional Services
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API ArchitectureOwen Rubel
 
Api Abstraction & Api Chaining
Api Abstraction & Api ChainingApi Abstraction & Api Chaining
Api Abstraction & Api ChainingOwen Rubel
 
Legacy modernization, cloud orchestration, api publishing
Legacy modernization, cloud orchestration, api publishingLegacy modernization, cloud orchestration, api publishing
Legacy modernization, cloud orchestration, api publishingkumar gaurav
 
Building a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsBuilding a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsC4Media
 
Building an API Platform for Digital Transformation
Building an API Platform for Digital TransformationBuilding an API Platform for Digital Transformation
Building an API Platform for Digital TransformationWSO2
 
ITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationColin Bell
 
Dc meetup-pure-api-led-connectivity-16x9
Dc meetup-pure-api-led-connectivity-16x9Dc meetup-pure-api-led-connectivity-16x9
Dc meetup-pure-api-led-connectivity-16x9Bruce Schonk -PMP, MBA
 
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...Renaud Visage
 
API Architecture
API ArchitectureAPI Architecture
API ArchitectureRyan Kolak
 
The 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesThe 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesLightbend
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for ResearchersFatemeh Khast Khoda
 
What Makes a Great Open API?
What Makes a Great Open API?What Makes a Great Open API?
What Makes a Great Open API?Salesforce Developers
 
Trivadis TechEvent 2016 How to transform a complex web application into a mob...
Trivadis TechEvent 2016 How to transform a complex web application into a mob...Trivadis TechEvent 2016 How to transform a complex web application into a mob...
Trivadis TechEvent 2016 How to transform a complex web application into a mob...Trivadis
 
Documenting RESTful APIs with Spring REST Docs
Documenting RESTful APIs with Spring REST Docs Documenting RESTful APIs with Spring REST Docs
Documenting RESTful APIs with Spring REST Docs VMware Tanzu
 

More Related Content

Viewers also liked

BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud Alexander SAMARIN
 
How to become a Product Samurai - Chris Lukassen
How to become a Product Samurai - Chris LukassenHow to become a Product Samurai - Chris Lukassen
How to become a Product Samurai - Chris LukassenAvisi B.V.
 
Legacy to industry leader: a modernization case study
Legacy to industry leader: a modernization case studyLegacy to industry leader: a modernization case study
Legacy to industry leader: a modernization case studyOSSCube
 
Twilio Signal 2016 API Architecture
Twilio Signal 2016 API ArchitectureTwilio Signal 2016 API Architecture
Twilio Signal 2016 API ArchitectureTwilio Inc
 
LeaseWeb API Architecture @ APINL Meetup
LeaseWeb API Architecture @ APINL MeetupLeaseWeb API Architecture @ APINL Meetup
LeaseWeb API Architecture @ APINL MeetupRolph Haspers
 
SOA Pattern : Legacy Wrappers
SOA Pattern : Legacy Wrappers SOA Pattern : Legacy Wrappers
SOA Pattern : Legacy Wrappers WSO2
 
Updating Legacy Systems: Making the Financial Case for a Modernization Project
Updating Legacy Systems: Making the Financial Case for a Modernization Project Updating Legacy Systems: Making the Financial Case for a Modernization Project
Updating Legacy Systems: Making the Financial Case for a Modernization Project ILM Professional Services
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API ArchitectureOwen Rubel
 
Api Abstraction & Api Chaining
Api Abstraction & Api ChainingApi Abstraction & Api Chaining
Api Abstraction & Api ChainingOwen Rubel
 
Legacy modernization, cloud orchestration, api publishing
Legacy modernization, cloud orchestration, api publishingLegacy modernization, cloud orchestration, api publishing
Legacy modernization, cloud orchestration, api publishingkumar gaurav
 
Building a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsBuilding a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsC4Media
 
Building an API Platform for Digital Transformation
Building an API Platform for Digital TransformationBuilding an API Platform for Digital Transformation
Building an API Platform for Digital TransformationWSO2
 
ITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationColin Bell
 
Dc meetup-pure-api-led-connectivity-16x9
Dc meetup-pure-api-led-connectivity-16x9Dc meetup-pure-api-led-connectivity-16x9
Dc meetup-pure-api-led-connectivity-16x9Bruce Schonk -PMP, MBA
 
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...Renaud Visage
 
API Architecture
API ArchitectureAPI Architecture
API ArchitectureRyan Kolak
 
The 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesThe 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesLightbend
 

Viewers also liked (18)

BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud
 
How to become a Product Samurai - Chris Lukassen
How to become a Product Samurai - Chris LukassenHow to become a Product Samurai - Chris Lukassen
How to become a Product Samurai - Chris Lukassen
 
Apiworld
ApiworldApiworld
Apiworld
 
Legacy to industry leader: a modernization case study
Legacy to industry leader: a modernization case studyLegacy to industry leader: a modernization case study
Legacy to industry leader: a modernization case study
 
Twilio Signal 2016 API Architecture
Twilio Signal 2016 API ArchitectureTwilio Signal 2016 API Architecture
Twilio Signal 2016 API Architecture
 
LeaseWeb API Architecture @ APINL Meetup
LeaseWeb API Architecture @ APINL MeetupLeaseWeb API Architecture @ APINL Meetup
LeaseWeb API Architecture @ APINL Meetup
 
SOA Pattern : Legacy Wrappers
SOA Pattern : Legacy Wrappers SOA Pattern : Legacy Wrappers
SOA Pattern : Legacy Wrappers
 
Updating Legacy Systems: Making the Financial Case for a Modernization Project
Updating Legacy Systems: Making the Financial Case for a Modernization Project Updating Legacy Systems: Making the Financial Case for a Modernization Project
Updating Legacy Systems: Making the Financial Case for a Modernization Project
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API Architecture
 
Api Abstraction & Api Chaining
Api Abstraction & Api ChainingApi Abstraction & Api Chaining
Api Abstraction & Api Chaining
 
Legacy modernization, cloud orchestration, api publishing
Legacy modernization, cloud orchestration, api publishingLegacy modernization, cloud orchestration, api publishing
Legacy modernization, cloud orchestration, api publishing
 
Building a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsBuilding a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The Essentials
 
Building an API Platform for Digital Transformation
Building an API Platform for Digital TransformationBuilding an API Platform for Digital Transformation
Building an API Platform for Digital Transformation
 
ITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and Implementation
 
Dc meetup-pure-api-led-connectivity-16x9
Dc meetup-pure-api-led-connectivity-16x9Dc meetup-pure-api-led-connectivity-16x9
Dc meetup-pure-api-led-connectivity-16x9
 
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
 
API Architecture
API ArchitectureAPI Architecture
API Architecture
 
The 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesThe 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
The 6 Rules for Modernizing Your Legacy Java Monolith with Microservices
 

Similar to Securing RESTful services with Spring HATEOAS & Hdiv

Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for ResearchersFatemeh Khast Khoda
 
Trivadis TechEvent 2016 How to transform a complex web application into a mob...
Trivadis TechEvent 2016 How to transform a complex web application into a mob...Trivadis TechEvent 2016 How to transform a complex web application into a mob...
Trivadis TechEvent 2016 How to transform a complex web application into a mob...Trivadis
 
Documenting RESTful APIs with Spring REST Docs
Documenting RESTful APIs with Spring REST Docs Documenting RESTful APIs with Spring REST Docs
Documenting RESTful APIs with Spring REST Docs VMware Tanzu
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1Telefónica
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)Deepam Kanjani
 
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxgerardkortney
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
SpringOnePlatform2017 recap
SpringOnePlatform2017 recapSpringOnePlatform2017 recap
SpringOnePlatform2017 recapminseok kim
 
Architect's Guide to Building an API Program
Architect's Guide to Building an API ProgramArchitect's Guide to Building an API Program
Architect's Guide to Building an API Programclatimer
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017gmaran23
 
Ian Margetts - ASOS’ Journey to Continuous Deployment
Ian Margetts - ASOS’ Journey to Continuous DeploymentIan Margetts - ASOS’ Journey to Continuous Deployment
Ian Margetts - ASOS’ Journey to Continuous DeploymentWinOps Conf
 
Confessions of-a-gadget-holic
Confessions of-a-gadget-holicConfessions of-a-gadget-holic
Confessions of-a-gadget-holicTyrell Perera
 
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entitySpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entityjordigilnieto
 
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entitySpring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entityToni Jara
 
Share Upgrading and Migrating to SharePoint 2016 Like a Pro
Share Upgrading and Migrating to SharePoint 2016 Like a ProShare Upgrading and Migrating to SharePoint 2016 Like a Pro
Share Upgrading and Migrating to SharePoint 2016 Like a ProBrian Culver
 
What Makes a Great Open API?
What Makes a Great Open API?What Makes a Great Open API?
What Makes a Great Open API?John Musser
 
Spring Tools 4 - Eclipse and Beyond
Spring Tools 4 - Eclipse and BeyondSpring Tools 4 - Eclipse and Beyond
Spring Tools 4 - Eclipse and BeyondVMware Tanzu
 

Similar to Securing RESTful services with Spring HATEOAS & Hdiv (20)

Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for Researchers
 
What Makes a Great Open API?
What Makes a Great Open API?What Makes a Great Open API?
What Makes a Great Open API?
 
Trivadis TechEvent 2016 How to transform a complex web application into a mob...
Trivadis TechEvent 2016 How to transform a complex web application into a mob...Trivadis TechEvent 2016 How to transform a complex web application into a mob...
Trivadis TechEvent 2016 How to transform a complex web application into a mob...
 
Documenting RESTful APIs with Spring REST Docs
Documenting RESTful APIs with Spring REST Docs Documenting RESTful APIs with Spring REST Docs
Documenting RESTful APIs with Spring REST Docs
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
 
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)
 
Api manager preconference
Api manager preconferenceApi manager preconference
Api manager preconference
 
SpringOnePlatform2017 recap
SpringOnePlatform2017 recapSpringOnePlatform2017 recap
SpringOnePlatform2017 recap
 
Architect's Guide to Building an API Program
Architect's Guide to Building an API ProgramArchitect's Guide to Building an API Program
Architect's Guide to Building an API Program
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017
 
Ian Margetts - ASOS’ Journey to Continuous Deployment
Ian Margetts - ASOS’ Journey to Continuous DeploymentIan Margetts - ASOS’ Journey to Continuous Deployment
Ian Margetts - ASOS’ Journey to Continuous Deployment
 
Surviving the Hadoop Revolution
Surviving the Hadoop RevolutionSurviving the Hadoop Revolution
Surviving the Hadoop Revolution
 
Confessions of-a-gadget-holic
Confessions of-a-gadget-holicConfessions of-a-gadget-holic
Confessions of-a-gadget-holic
 
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entitySpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
 
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entitySpring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
 
Share Upgrading and Migrating to SharePoint 2016 Like a Pro
Share Upgrading and Migrating to SharePoint 2016 Like a ProShare Upgrading and Migrating to SharePoint 2016 Like a Pro
Share Upgrading and Migrating to SharePoint 2016 Like a Pro
 
What Makes a Great Open API?
What Makes a Great Open API?What Makes a Great Open API?
What Makes a Great Open API?
 
Spring Tools 4 - Eclipse and Beyond
Spring Tools 4 - Eclipse and BeyondSpring Tools 4 - Eclipse and Beyond
Spring Tools 4 - Eclipse and Beyond
 

Recently uploaded

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Recently uploaded (20)

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

Securing RESTful services with Spring HATEOAS & Hdiv