O'Reilly logo

Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by Prabath Siriwardena

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 2

image

Security by Design

Security isn’t an afterthought. It has to be an integral part of any development project and also for APIs. It starts with requirements gathering and proceeds through the Design, Development, Testing, Deployment, and Monitoring phases.

Design Challenges

Security brings a plethora of challenges into system design. It’s hard to build a 100% secured system, at least in theory. The only thing you can do is to make the attacker’s job harder.

User Comfort

The most challenging thing in any security design is to find and maintain the right balance between security and the user comfort. Say you have the most complex password ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required