Prabath Siriwardena – författare

Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs.

API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential.

That''s where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it.

Build APIs with rock-solid security today with Advanced API Security.

Takes you through the best practices in designing APIs for rock-solid security.Provides an in depth tutorial of most widely adopted security standards for API security.Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best.

Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. What You Will LearnSecurely design, develop, and deploy enterprise APIsPick security standards and protocols to match business needsMitigate security exploits by understanding the OAuth 2.0 threat landscapeFederate identities to expand business APIs beyond the corporate firewallProtect microservices at the edge by securing their APIsDevelop native mobile applications to access APIs securelyIntegrate applications with SaaS APIs protected with OAuth 2.0Who This Book Is ForEnterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications.

Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. What You Will LearnSecurely design, develop, and deploy enterprise APIsPick security standards and protocols to match business needsMitigate security exploits by understanding the OAuth 2.0 threat landscapeFederate identities to expand business APIs beyond the corporate firewallProtect microservices at the edge by securing their APIsDevelop native mobile applications to access APIs securelyIntegrate applications with SaaS APIs protected with OAuth 2.0Who This Book Is ForEnterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications. 

Understand the key challenges and solutions around building microservices in the enterprise application environment. This book provides a comprehensive understanding of microservices architectural principles and how to use microservices in real-world scenarios.Architectural challenges using microservices with service integration and API management are presented and you learn how to eliminate the use of centralized integration products such as the enterprise service bus (ESB) through the use of composite/integration microservices. Concepts in the book are supported with use cases, and emphasis is put on the reality that most of you are implementing in a “brownfield” environment in which you must implement microservices alongside legacy applications with minimal disruption to your business. Microservices for the Enterprise covers state-of-the-art techniques around microservices messaging, service development and description, service discovery, governance, and data management technologies and guides you through the microservices design process. Also included is the importance of organizing services as core versus atomic, composite versus integration, and API versus edge, and how such organization helps to eliminate the use of a central ESB and expose services through an API gateway.What You'll LearnDesign and develop microservices architectures with confidencePut into practice the most modern techniques around messaging technologies Apply the Service Mesh pattern to overcome inter-service communication challengesApply battle-tested microservices security patterns to address real-world scenariosHandle API management, decentralized data management, and observabilityWho This Book Is ForDevelopers and DevOps engineers responsible for implementing applications around a microservices architecture, and architects and analysts who are designing such systems

Understand the key challenges and solutions around building microservices in the enterprise application environment. This book provides a comprehensive understanding of microservices architectural principles and how to use microservices in real-world scenarios.Architectural challenges using microservices with service integration and API management are presented and you learn how to eliminate the use of centralized integration products such as the enterprise service bus (ESB) through the use of composite/integration microservices. Concepts in the book are supported with use cases, and emphasis is put on the reality that most of you are implementing in a “brownfield” environment in which you must implement microservices alongside legacy applications with minimal disruption to your business. Microservices for the Enterprise covers state-of-the-art techniques around microservices messaging, service development and description, service discovery, governance, and data management technologies and guides you through the microservices design process. Also included is the importance of organizing services as core versus atomic, composite versus integration, and API versus edge, and how such organization helps to eliminate the use of a central ESB and expose services through an API gateway.What You''ll LearnDesign and develop microservices architectures with confidencePut into practice the most modern techniques around messaging technologies Apply the Service Mesh pattern to overcome inter-service communication challengesApply battle-tested microservices security patterns to address real-world scenariosHandle API management, decentralized data management, and observabilityWho This Book Is ForDevelopers and DevOps engineers responsible for implementing applications around a microservices architecture, and architects and analysts who are designing such systems

Microservices Security in Action teaches readers how to secure their microservices applications code and infrastructure.

 

After a straightforward introduction to the challenges of microservices security, the book covers fundamentals to secure both the application perimeter and service-to-service communication. Following a hands-on example, readers explore how to deploy and secure microservices behind an API gateway as well as how to access microservices accessed by a single-page application (SPA).

 

Key Features

Key microservices security fundamentals Securing service-to-service communication with mTLS and JWT Deploying and securing microservices with Docker Using Kubernetes security Securing event-driven microservices Using the Istio Service Mesh

 

For developers well-versed in microservices design principles who have a basic familiarity with Java.

 

About the technology

As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk.

 

Prabath Siriwardena is the vice president of security architecture at WSO2, a company that produces open source software, and has more than 12 years of experience in the identity management and security domain.

 

Nuwan Dias is the director of API architecture at WSO2 and has worked in the software industry for more than 7 years, most of which he spent focusing on the API management domain. Both have helped build security designs for Fortune 500 companies including Boeing, Verizon, Nissan, HP, and GE.

An example-driven guide to securing access to your applications with OpenID Connect, the OAuth-based identity layer that keeps billions of user interactions safe every day. In  OpenID Connect in Action you will: Build client applications that integrate OpenID Connect adhering to best practices Create single-page applications secured with OpenID Connect Integrate OpenID connect with native mobile and server-side web applications Federate access to APIs/microservices from a client application Use OpenID Connect to secure access to smart TV applications Explore common login security pitfalls and how to avoid them Take a deep-dive into the internals of OpenID Connect Login security is a complex problem with a simple solution: OpenID Connect.  OpenID Connect in Action takes you under the hood of this reliable identity layer, showing you how to integrate OpenID Connect into a server-side web application, a single-page application (SPA), a native mobile application, APIs, and more. about the technology

OpenID Connect is an easy-to-implement identity layer built on top of OAuth 2. OpenID Connect helps secure billions of user interactions on the internet daily. Because it uses the JSON standard, OpenID Connect is more lightweight than legacy alternatives and flexible enough to meet the ID federation requirements for all types of modern applications. about the book

OpenID Connect in Action teaches you to deploy OpenID Connect to secure access to your apps. Ten-year access management veteran Prabath Siriwardena takes you in-depth with the widely adopted technology, showing you how to optimize OpenID Connect for your application's specific use cases. You'll work to secure end-to-end example applications created with React and React Native, and even develop solutions for Smart TVs and APIs.

”A complete guide to the challenges and solutions in securing microservices architectures.” —Massimo Siani, FinDynamic Key Features Secure microservices infrastructure and code Monitoring, access control, and microservice-to-microservice communications Deploy securely using Kubernetes, Docker, and the Istio service mesh. Hands-on examples and exercises using Java and Spring Boot Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.  About The Book Design and implement security into your microservices from the start. Microservices Security in Action teaches you to assess and address security challenges at every level of a Microservices application, from APIs to infrastructure.  You’ll find effective solutions to common security problems, including throttling and monitoring, access control at the API gateway, and microservice-to-microservice communication. Detailed Java code samples, exercises, and real-world business use cases ensure you can put what you’ve learned into action immediately. What You Will Learn Microservice security concepts Edge services with an API gateway Deployments with Docker, Kubernetes, and Istio Security testing at the code level Communications with HTTP, gRPC, and Kafka This Book Is Written For For experienced microservices developers with intermediate Java skills. About The Author Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies. Table of Contents PART 1 OVERVIEW 1 Microservices security landscape 2 First steps in securing microservices PART 2 EDGE SECURITY 3 Securing north/south traffic with an API gateway 4 Accessing a secured microservice via a single-page application 5 Engaging throttling, monitoring, and access control PART 3 SERVICE-TO-SERVICE COMMUNICATIONS 6 Securing east/west traffic with certificates 7 Securing east/west traffic with JWT 8 Securing east/west traffic over gRPC 9 Securing reactive microservices PART 4 SECURE DEPLOYMENT 10 Conquering container security with Docker 11 Securing microservices on Kubernetes 12 Securing microservices with Istio service mesh PART 5 SECURE DEVELOPMENT 13 Secure coding practices and automation  

If you are working with Java or Java EE projects and you want to take full advantage of Maven in designing, executing, and maintaining your build system for optimal developer productivity, then this book is ideal for you. You should be well versed with Maven and its basic functionality if you wish to get the most out of the book.