Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Akana by Perforce © 2019 Perforce Software, Inc.
Improve the security of your APIs
by securing the API lifecycle
OLAF VAN ...
akana.com2 | Akana by Perforce © 2019 Perforce Software, Inc.
Olaf van Gorp, Solution consultant, Akana by Perforce
Olaf v...
akana.com3 | Akana by Perforce © 2019 Perforce Software, Inc.
Akana for API Management
akana.com4 | Akana by Perforce © 2019 Perforce Software, Inc.
Overview
What we’ll address today:
- How to create secure AP...
akana.com5 | Akana by Perforce © 2019 Perforce Software, Inc.
API Security at runtime
How to ensure that the API that I pu...
akana.com6 | Akana by Perforce © 2019 Perforce Software, Inc.
A sample scenario (sample illustration of API dev and deploy...
akana.com7 | Akana by Perforce © 2019 Perforce Software, Inc.
• “When I create the first iteration of my API product, I wa...
akana.com8 | Akana by Perforce © 2019 Perforce Software, Inc.
A demo example Initial configuration based
on given metadata...
akana.com9 | Akana by Perforce © 2019 Perforce Software, Inc.
New API product (what details the pipeline should provide)
akana.com10 | Akana by Perforce © 2019 Perforce Software, Inc.
• Meta-data determine initial API Product configuration (wh...
akana.com11 | Akana by Perforce © 2019 Perforce Software, Inc.
Your APIs are secure, but what about the lifecycle?
Checks ...
Q&A
Nächste SlideShare
Wird geladen in …5
×

APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Lifecycle by Olaf van Gorp, kana by Perforce

487 Aufrufe

Veröffentlicht am

Improve the Security of Your APIs by Securing the API Lifecycle
Olaf van Gorp, Technical Sales (EMEA) and Solutions Consultant at Akana by Perforce

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

APIdays Paris 2019 - Improve the Security of Your APIs by Securing the API Lifecycle by Olaf van Gorp, kana by Perforce

  1. 1. Akana by Perforce © 2019 Perforce Software, Inc. Improve the security of your APIs by securing the API lifecycle OLAF VAN GORP – API DAYS PARIS, 2019 WORKSHOP
  2. 2. akana.com2 | Akana by Perforce © 2019 Perforce Software, Inc. Olaf van Gorp, Solution consultant, Akana by Perforce Olaf van Gorp is an expert on API management. He has been working with API management solutions for close to a decade, the last five of which he dedicated to the Akana API Management Platform. As an Akana specialist, Olaf seeks to help customers that are looking for ways to effectively manage their APIs, in particular from an API security and lifecycle perspective. Security being among his foremost interests, it is not surprising that Olaf shows a keen interest in Open Banking and the role APIs play in that domain. He has published a number of blog articles on the subject and intends to write many more. Also, Olaf participates in webinars and regularly acts as a speaker on international events.
  3. 3. akana.com3 | Akana by Perforce © 2019 Perforce Software, Inc. Akana for API Management
  4. 4. akana.com4 | Akana by Perforce © 2019 Perforce Software, Inc. Overview What we’ll address today: - How to create secure APIs from a Full Lifecycle API Management perspective - How to relate it to your CI/CD practice 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey API security does not only apply to your ‘runtime API product’. Comprehensive security means: to manage it across the full API lifecycle. 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey
  5. 5. akana.com5 | Akana by Perforce © 2019 Perforce Software, Inc. API Security at runtime How to ensure that the API that I publish in production is actually secured as I expect it to be? - Delegation - Automation Client API Gateway Resource server policies
  6. 6. akana.com6 | Akana by Perforce © 2019 Perforce Software, Inc. A sample scenario (sample illustration of API dev and deploy) Initial API product configuration based on given metadata values. API Product/Implementation versus back-end resource/service implementation
  7. 7. akana.com7 | Akana by Perforce © 2019 Perforce Software, Inc. • “When I create the first iteration of my API product, I want critical features to become part of the configuration automatically”. Examples: what critical security policies, what initial deployment zone (dev/test back-end), etc. allow metadata-driven API product creation • “I want to see my API product interface to maintain or, if required, adjust its critical features across environments”. Examples: from Dev to Test, with endpoints being automatically updated, policies adjusted, etc. automated (managed) API promotion • “I want to be able to influence the API product deployment process”. Example: APIs meant for internal consumption versus external consumption (different policies, different portal, etc.) Some topics to discuss
  8. 8. akana.com8 | Akana by Perforce © 2019 Perforce Software, Inc. A demo example Initial configuration based on given metadata values.
  9. 9. akana.com9 | Akana by Perforce © 2019 Perforce Software, Inc. New API product (what details the pipeline should provide)
  10. 10. akana.com10 | Akana by Perforce © 2019 Perforce Software, Inc. • Meta-data determine initial API Product configuration (which policies, which deployment zones, additional settings); • Meta-data determine the result of API Product promotion (which policies, which OAuth provider, which deployment zone or zones); • API gets promoted across environments with endpoints being adjusted automatically, OAuth domain adjusted automatically; • Production API is published in Internal or External Portal (or both); In summary
  11. 11. akana.com11 | Akana by Perforce © 2019 Perforce Software, Inc. Your APIs are secure, but what about the lifecycle? Checks and balances? Talk to experts about a security-first API strategy and get a free API Management Strategy Assessment! Is Your API Lifecycle Secure? Stop by Booth ‘Akana’
  12. 12. Q&A

×