SlideShare una empresa de Scribd logo

Manage API Security with Common Patterns and Case Studies

CA API Management
CA API Management

Opening SaaS applications and cloud services to outside developers is becoming critical to achieve cloud-enterprise integrations, information sharing across affiliate Web sites and enabling mobile / tablet access to data. Controlling how API's get securely exposed to different consumers requires a simple, scalable way to manage API security, address versioning and meter consumption without burdening either application developers or application consumers. Join eBay's Chief Security Strategies Liam Lynch and Layer 7's CTO Scott Morrison for this informative presentation.

Tecnología
1 de 18
Descargar para leer sin conexión
Managing API Security  Liam Lynch a y c Chief Security Strategist, eBay Founder and Identity Strategist, CSA Feb 23, 2011
Web services security y  Large scale public services need scale but also granular security as well  Service fabrics such as Rest are valuable for agile development  Many consumer's of services can’t use SOAP or other forms of XML request response  Whatever the protocol there needs to be protection and dynamic service delivery
Service protection  Early on protection for service was SSL and access tokens  Typical use case was 3rd party iframe invocation in client browsers  REST was a step up in protection but the typical use case was still dangerous  Full SOAP/XML based services using standards (XML encryption and SAML) are better but elude the typical use case  Until…
Service abstraction  Service abstraction allows for denial of service protection  Abstraction allows older services to be upgraded without rewriting code  Abstraction allows for integrated service delivery  Abstraction allows for upgrading security and service standards  Abstraction allows for increased security by coordinating with… with
Service orchestration  Orchestration provides a capability to bring in service delivery components just in time  Security level orchestration leverages abstraction to enable evaluation at run time  The typical use case could be easily enabled by SAML browser tokens and orchestration of identity provider assertions  Policies for access can be orchestrated from a variety of sources ddepending on client access and other f t di li t d th factors such h as service authorization
Summary y  Service protection has a history of proprietary and troublesome interoperability issues  Service abstraction enables better service security by introducing a standards based layer in front of service platforms  Service orchestration enables better security by leveraging service abstraction and injecting standards based security and policy evaluation
Managing API Security Common Patterns and Case Studies  K. Scott Morrison CTO and Chief Architect, Layer 7 , y Feb 23, 2011
LargeCorporation.com Has A Problem… g p The API Internal Firewall-2 Hosts Firewall-1 The Internal Internet Data Center Partner DMZ How can LargeCorp Securely publish and manage their new API?
Cloud-based Security & Management Is Too Remote y g The API Internal Firewall-2 Hosts Firewall-1 Cloud Security Offering Internal The last 1000 miles… Data Center DMZ Hackers H k
Layer 7: The Enterprise Solution For Service Protection y p Keep Security and The API Mgmt. Close to the API Operator Internal Data Center Partner DMZ  Military-grade security for REST and SOAP APIs/Services  Complete visibility into use patterns y  Integration into existing infrastructure  Identity & Access Mgmt, Portals, Operations, billings, etc
Case Study: Publishing Web-based APIs y g  Problem: A leading European car portal wanted to securely expose auto and ecommerce information to third party developers  S l ti L Solution: Layer 7 authorizes/authenticates thi d party d th i / th ti t third t developers attaching t l tt hi to ecommerce APIs directly or via a Web portal; throttles backend traffic to maintain Quality of Service targets  Results: increased revenue by monetizing their APIs; increased traffic, exposure and brand through third-party Web sites, applications and services based on automobile- focused Web service APIs
But Now LargeCorporation.com Has A New Problem… g p Internal Firewall-2 Hosts Firewall-1 Lots of APIs Lots of Developers Internal Data Center DMZ How can L H LargeCorp scale API C l management?
The Enterprise Solution For Service Abstraction p Management of APIs Internal the way applications Hosts are managed Lots of Provider Developers View Internal Data Center Developer DMZ View Vi  Full policy life-cycle management  Policy versioning, roll-back, audit  Policy migration (dev-test-prod)  Clear separation of duties Cl ti f d ti  Role-based Access Control (RBAC)  APIs for integration with existing infrastructure and tools
Case Study: Publishing Information Service APIs y g  Problem: A leading global publisher needed to allow customers and partners to use Google Apps to access multiple, existing information services  Solution: CloudControl authorizes users and applies rate limiting; converts REST queries to SOAP, and provides API aggregation & orchestration “ Layer 7 offered us the closest fit to our business requirements in a single “ product. No other vendor was even d t N th d close. SOA Architect, World’s leading publisher of science and health information  Results: implemented business logic in policy (not code), decreasing maintenance costs; customers and partners can now obtain richer results to their queries from ; p q their platform of choice, simplifying and speeding information gathering
Finally, How Will LargeCorporation.com Automate? y g p Virtualization Infrastructure High Usage Internal Volumes Data Center DMZ How can LargeCorp react to rapid changes in scale?
The Enterprise Solution For Service Orchestration p Virtualization Secure and automated Farm co-ordination of all infrastructure to maintain Virtualization SLAs API Switches, Load Balancers, etc High Audit DB Usage Internal Volumes Data Center DMZ  Orchestration using GUI tools  Fully integrated into security context  Parallelized access  Connectors to HTTP, TCP, SSH, FTP, JMS, SNMP, SMTP, MQSeries, etc
Case Study: IaaS & PaaS API Security y y  Problem: A leading cloud Iaas and PaaS provider needed to allow customers to self- provision and self-manage private cloud resources without compromising the cloud p provider’s virtualized infrastructure  Solution: Layer 7 provides integration with and API management for this provider’s management and billing systems, EMC storage, and VMware vCloud Director; provides security/ threat protection, and ensures SLA/ QoS levels are met  Results: with Layer 7 in place, the provider’s customers can create and manage their own private cloud as if it were a true extension of their enterprise
For further information: K. Scott Morrison Chief Technology Officer & Chief Architect Layer 7 Technologies 1100 Melville St, Suite 405 Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 smorrison@layer7tech.com smorrison@layer7tech com http://www.layer7tech.com February 23, 2011

Recomendados

Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesPeter Coffee
 
Having the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CareHaving the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CarePeter Coffee
 
Enhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkEnhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkCisco Canada
 
Peter Coffee at share2010seattle
Peter Coffee at share2010seattlePeter Coffee at share2010seattle
Peter Coffee at share2010seattlePeter Coffee
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
API Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideAPI Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideCA API Management
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Sandro Pereira
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Marcin Kotlarski
 

Recomendados

Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesPeter Coffee
 
Having the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CareHaving the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CarePeter Coffee
 
Enhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkEnhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkCisco Canada
 
Peter Coffee at share2010seattle
Peter Coffee at share2010seattlePeter Coffee at share2010seattle
Peter Coffee at share2010seattlePeter Coffee
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
API Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideAPI Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideCA API Management
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Sandro Pereira
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Marcin Kotlarski
 
Magpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering OfferingMagpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering Offeringimpodgirl
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityCA API Management
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN OpportunityJuniper Networks
 
ClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software
 
Beyond SPML: Access Provisioning in a Services World
Beyond SPML: Access Provisioning in a Services WorldBeyond SPML: Access Provisioning in a Services World
Beyond SPML: Access Provisioning in a Services WorldNishant Kaushik
 
Timelytrendsin appdelivery
Timelytrendsin appdeliveryTimelytrendsin appdelivery
Timelytrendsin appdeliveryKelly Emo
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Nuno Godinho
Nuno GodinhoNuno Godinho
Nuno Godinhojoaogoncalves
 
Corporate overview 1.2
Corporate overview 1.2Corporate overview 1.2
Corporate overview 1.2Laxman Marpalle
 
Brochure of Luxoft telecom solutions by Luxoft software development
Brochure of Luxoft telecom solutions by Luxoft software developmentBrochure of Luxoft telecom solutions by Luxoft software development
Brochure of Luxoft telecom solutions by Luxoft software developmentLuxoft
 
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...Mundo Contact
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 
HTML5 Mobile Application Framework
HTML5 Mobile Application FrameworkHTML5 Mobile Application Framework
HTML5 Mobile Application FrameworkThanh Nguyen
 
EDI WS API ECGridOS Web Services
EDI WS API ECGridOS Web ServicesEDI WS API ECGridOS Web Services
EDI WS API ECGridOS Web Servicesbizquirk
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilitiesnickhutton
 
Dharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bDharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bSOA Symposium
 
Datacenter
DatacenterDatacenter
Datacenterjayconde
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCA API Management
 
Smart Clouds for Smart Companies
Smart Clouds for Smart CompaniesSmart Clouds for Smart Companies
Smart Clouds for Smart CompaniesPeter Coffee
 

Más contenido relacionado

La actualidad más candente

Magpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering OfferingMagpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering Offeringimpodgirl
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityCA API Management
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
ClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software
 
Beyond SPML: Access Provisioning in a Services World
Beyond SPML: Access Provisioning in a Services WorldBeyond SPML: Access Provisioning in a Services World
Beyond SPML: Access Provisioning in a Services WorldNishant Kaushik
 
Timelytrendsin appdelivery
Timelytrendsin appdeliveryTimelytrendsin appdelivery
Timelytrendsin appdeliveryKelly Emo
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Brochure of Luxoft telecom solutions by Luxoft software development
Brochure of Luxoft telecom solutions by Luxoft software developmentBrochure of Luxoft telecom solutions by Luxoft software development
Brochure of Luxoft telecom solutions by Luxoft software developmentLuxoft
 
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...Mundo Contact
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 
HTML5 Mobile Application Framework
HTML5 Mobile Application FrameworkHTML5 Mobile Application Framework
HTML5 Mobile Application FrameworkThanh Nguyen
 
EDI WS API ECGridOS Web Services
EDI WS API ECGridOS Web ServicesEDI WS API ECGridOS Web Services
EDI WS API ECGridOS Web Servicesbizquirk
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilitiesnickhutton
 
Dharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bDharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bSOA Symposium
 
Datacenter
DatacenterDatacenter
Datacenterjayconde
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 

La actualidad más candente (19)

Magpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering OfferingMagpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering Offering
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the Enterprise
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
 
ClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software buy vs. build
ClickPoint Software buy vs. build
 
Beyond SPML: Access Provisioning in a Services World
Beyond SPML: Access Provisioning in a Services WorldBeyond SPML: Access Provisioning in a Services World
Beyond SPML: Access Provisioning in a Services World
 
Timelytrendsin appdelivery
Timelytrendsin appdeliveryTimelytrendsin appdelivery
Timelytrendsin appdelivery
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011
 
Nuno Godinho
Nuno GodinhoNuno Godinho
Nuno Godinho
 
Corporate overview 1.2
Corporate overview 1.2Corporate overview 1.2
Corporate overview 1.2
 
Brochure of Luxoft telecom solutions by Luxoft software development
Brochure of Luxoft telecom solutions by Luxoft software developmentBrochure of Luxoft telecom solutions by Luxoft software development
Brochure of Luxoft telecom solutions by Luxoft software development
 
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
Comunicaciones Unificadas, Colaboración y Movilidad como Aplicaciones de un C...
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop
 
HTML5 Mobile Application Framework
HTML5 Mobile Application FrameworkHTML5 Mobile Application Framework
HTML5 Mobile Application Framework
 
EDI WS API ECGridOS Web Services
EDI WS API ECGridOS Web ServicesEDI WS API ECGridOS Web Services
EDI WS API ECGridOS Web Services
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilities
 
Dharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bDharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1b
 
Datacenter
DatacenterDatacenter
Datacenter
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
 

Similar a Manage API Security with Common Patterns and Case Studies

Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCA API Management
 
Smart Clouds for Smart Companies
Smart Clouds for Smart CompaniesSmart Clouds for Smart Companies
Smart Clouds for Smart CompaniesPeter Coffee
 
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and MobileGovernance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and MobileCA API Management
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.Peter Coffee
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseMike K
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
Managing a public cloud
Managing a public cloudManaging a public cloud
Managing a public cloudInterop
 
Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationLeigh Williamson
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudPeter Coffee
 
How to Build a Successful API Program: Best Practices For the Carrier
How to Build a Successful API Program: Best Practices For the CarrierHow to Build a Successful API Program: Best Practices For the Carrier
How to Build a Successful API Program: Best Practices For the CarrierCA API Management
 
AWS Customer Presentation - Alcatel Lucent
AWS Customer Presentation - Alcatel LucentAWS Customer Presentation - Alcatel Lucent
AWS Customer Presentation - Alcatel LucentAmazon Web Services
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For VirtualizationPatricio Campos
 
Peter Coffee CIO Forum 20100406
Peter Coffee CIO Forum 20100406Peter Coffee CIO Forum 20100406
Peter Coffee CIO Forum 20100406Peter Coffee
 

Similar a Manage API Security with Common Patterns and Case Studies (20)

Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San Francisco
 
Smart Clouds for Smart Companies
Smart Clouds for Smart CompaniesSmart Clouds for Smart Companies
Smart Clouds for Smart Companies
 
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and MobileGovernance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell Groupwise
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
 
Managing a public cloud
Managing a public cloudManaging a public cloud
Managing a public cloud
 
Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentation
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the Cloud
 
How to Build a Successful API Program: Best Practices For the Carrier
How to Build a Successful API Program: Best Practices For the CarrierHow to Build a Successful API Program: Best Practices For the Carrier
How to Build a Successful API Program: Best Practices For the Carrier
 
AWS Customer Presentation - Alcatel Lucent
AWS Customer Presentation - Alcatel LucentAWS Customer Presentation - Alcatel Lucent
AWS Customer Presentation - Alcatel Lucent
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - Chandna
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For Virtualization
 
Peter Coffee CIO Forum 20100406
Peter Coffee CIO Forum 20100406Peter Coffee CIO Forum 20100406
Peter Coffee CIO Forum 20100406
 

Más de CA API Management

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 

Más de CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Último

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Manage API Security with Common Patterns and Case Studies

  • 1. Managing API Security  Liam Lynch a y c Chief Security Strategist, eBay Founder and Identity Strategist, CSA Feb 23, 2011
  • 2. Web services security y  Large scale public services need scale but also granular security as well  Service fabrics such as Rest are valuable for agile development  Many consumer's of services can’t use SOAP or other forms of XML request response  Whatever the protocol there needs to be protection and dynamic service delivery
  • 3. Service protection  Early on protection for service was SSL and access tokens  Typical use case was 3rd party iframe invocation in client browsers  REST was a step up in protection but the typical use case was still dangerous  Full SOAP/XML based services using standards (XML encryption and SAML) are better but elude the typical use case  Until…
  • 4. Service abstraction  Service abstraction allows for denial of service protection  Abstraction allows older services to be upgraded without rewriting code  Abstraction allows for integrated service delivery  Abstraction allows for upgrading security and service standards  Abstraction allows for increased security by coordinating with… with
  • 5. Service orchestration  Orchestration provides a capability to bring in service delivery components just in time  Security level orchestration leverages abstraction to enable evaluation at run time  The typical use case could be easily enabled by SAML browser tokens and orchestration of identity provider assertions  Policies for access can be orchestrated from a variety of sources ddepending on client access and other f t di li t d th factors such h as service authorization
  • 6. Summary y  Service protection has a history of proprietary and troublesome interoperability issues  Service abstraction enables better service security by introducing a standards based layer in front of service platforms  Service orchestration enables better security by leveraging service abstraction and injecting standards based security and policy evaluation
  • 7. Managing API Security Common Patterns and Case Studies  K. Scott Morrison CTO and Chief Architect, Layer 7 , y Feb 23, 2011
  • 8. LargeCorporation.com Has A Problem… g p The API Internal Firewall-2 Hosts Firewall-1 The Internal Internet Data Center Partner DMZ How can LargeCorp Securely publish and manage their new API?
  • 9. Cloud-based Security & Management Is Too Remote y g The API Internal Firewall-2 Hosts Firewall-1 Cloud Security Offering Internal The last 1000 miles… Data Center DMZ Hackers H k
  • 10. Layer 7: The Enterprise Solution For Service Protection y p Keep Security and The API Mgmt. Close to the API Operator Internal Data Center Partner DMZ  Military-grade security for REST and SOAP APIs/Services  Complete visibility into use patterns y  Integration into existing infrastructure  Identity & Access Mgmt, Portals, Operations, billings, etc
  • 11. Case Study: Publishing Web-based APIs y g  Problem: A leading European car portal wanted to securely expose auto and ecommerce information to third party developers  S l ti L Solution: Layer 7 authorizes/authenticates thi d party d th i / th ti t third t developers attaching t l tt hi to ecommerce APIs directly or via a Web portal; throttles backend traffic to maintain Quality of Service targets  Results: increased revenue by monetizing their APIs; increased traffic, exposure and brand through third-party Web sites, applications and services based on automobile- focused Web service APIs
  • 12. But Now LargeCorporation.com Has A New Problem… g p Internal Firewall-2 Hosts Firewall-1 Lots of APIs Lots of Developers Internal Data Center DMZ How can L H LargeCorp scale API C l management?
  • 13. The Enterprise Solution For Service Abstraction p Management of APIs Internal the way applications Hosts are managed Lots of Provider Developers View Internal Data Center Developer DMZ View Vi  Full policy life-cycle management  Policy versioning, roll-back, audit  Policy migration (dev-test-prod)  Clear separation of duties Cl ti f d ti  Role-based Access Control (RBAC)  APIs for integration with existing infrastructure and tools
  • 14. Case Study: Publishing Information Service APIs y g  Problem: A leading global publisher needed to allow customers and partners to use Google Apps to access multiple, existing information services  Solution: CloudControl authorizes users and applies rate limiting; converts REST queries to SOAP, and provides API aggregation & orchestration “ Layer 7 offered us the closest fit to our business requirements in a single “ product. No other vendor was even d t N th d close. SOA Architect, World’s leading publisher of science and health information  Results: implemented business logic in policy (not code), decreasing maintenance costs; customers and partners can now obtain richer results to their queries from ; p q their platform of choice, simplifying and speeding information gathering
  • 15. Finally, How Will LargeCorporation.com Automate? y g p Virtualization Infrastructure High Usage Internal Volumes Data Center DMZ How can LargeCorp react to rapid changes in scale?
  • 16. The Enterprise Solution For Service Orchestration p Virtualization Secure and automated Farm co-ordination of all infrastructure to maintain Virtualization SLAs API Switches, Load Balancers, etc High Audit DB Usage Internal Volumes Data Center DMZ  Orchestration using GUI tools  Fully integrated into security context  Parallelized access  Connectors to HTTP, TCP, SSH, FTP, JMS, SNMP, SMTP, MQSeries, etc
  • 17. Case Study: IaaS & PaaS API Security y y  Problem: A leading cloud Iaas and PaaS provider needed to allow customers to self- provision and self-manage private cloud resources without compromising the cloud p provider’s virtualized infrastructure  Solution: Layer 7 provides integration with and API management for this provider’s management and billing systems, EMC storage, and VMware vCloud Director; provides security/ threat protection, and ensures SLA/ QoS levels are met  Results: with Layer 7 in place, the provider’s customers can create and manage their own private cloud as if it were a true extension of their enterprise
  • 18. For further information: K. Scott Morrison Chief Technology Officer & Chief Architect Layer 7 Technologies 1100 Melville St, Suite 405 Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 smorrison@layer7tech.com smorrison@layer7tech com http://www.layer7tech.com February 23, 2011