Episode 383: Neil Madden On Securing Your API

Filed in Episodes by on October 10, 2019 0 Comments

Neil Madden, author of the API Security in Action book and Security Director of ForgeRock, discusses the key technical features of securing an API. Host Gavin Henry spoke with Madden about API versus Web App security, choice of authentication tokens, the various security models you can follow, NIST-800-92, ISO27001, STRIDE, CIA Triad, audit log best practices, mistakes that have been made, what to log, how to protect yourself from bad users, when to log something, the benefits of HTTPS, using Encrypted JWT, which is harder; API or Web App dev and the ongoing security battle of change.

Related Links

SE Radio theme music: “Broken Reality” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0

Facebooktwittergoogle_pluslinkedin

Tags: , , , , , , , , , , , , , , , , , ,