- Paperback: 260 pages
- Publisher: Apress; 1st ed. edition (August 11, 2014)
- Language: English
- ISBN-10: 1430268182
- ISBN-13: 978-1430268185
- Product Dimensions: 7.5 x 0.6 x 9.2 inches
- Shipping Weight: 1.3 pounds (View shipping rates and policies)
- Average Customer Review: 6 customer reviews
- Amazon Best Sellers Rank: #149,512 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE 1st ed. Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
See the Best Books of 2018 So Far
Looking for something great to read? Browse our editors' picks for the best books of the year so far in fiction, nonfiction, mysteries, children's books, and much more.
"Looks like a really good book on API security" - John Musser, Founder, API Science and ProgrammableWeb, twitter.com/johnmusser/status/503990200708890626
"Mind Blowing..!" - Steve Degosserie, Co-Founder, mobile Inception, twitter.com/stiiifff/status/526872050473140224
"Fantastic book. Highly recommended!" - Paul Fremantle, CTO and Co-Founder, WSO2 Inc, twitter.com/pzfreo/status/534946965940084736
About the Author
Prabath Siriwardena is the Director of Security Architecture at WSO2 Inc., a company that produces a wide variety of open source software from data to screen. He is a member of OASIS Identity Metasystem Interoperability (IMI) TC,OASIS eXtensible Access Control Markup Language (XACML) TC, OASIS Security Services (SAML) TC, OASIS Identity in the Cloud TC and OASIS Cloud Authorization (CloudAuthZ) TC. Prabath is also a member of Apache Axis PMC and has spoken at numerous international conferences including OSCON, ApacheCon, WSO2Con, EIC, IDentity Next and OSDC. He has more than 10 years of industry experience and has worked with many Fortune 100 companies.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
I really wanted more current practical theory. For example, I ended the book without knowing the best theory for how to have non-repudiation in today's OAuth 2.0 / OpenID Connect world. I currently suspect one of 2-3 possibilities involving JWS or OAuth and MAC, etc, but really I didn't get any answers from the book. I only learned about attribute / properties potentially related to topics such as non-repudiation. That is just one example where the theory could have been more solid for the inquisitive mind.
Having said all that, it is obvious that Prabath knows his stuff. I am guessing he knows the answers to my questions. He knows the standards, without a doubt. There is value in the book. For instance, I would buy a whole book filled with the Pattern's and Practices of Chapter 14.
The organization of this book is amazing, which starts with the early standards used in API security and proceeds to explain the cutting edge standards and concludes with the details of very useful patterns designed to address different enterprise use cases surrounding API security. This enables the readers to get a very good understanding on how the API security standards have evolved over time and to design a quality solution for their enterprise security problem at hand, by avoiding potential pitfalls and anti-patterns.
Another excellent feature of this book is that each key concept of a particular standard is followed by a practical example illustrated using real world products and services which implement such standards, making this book equally useful for both architects and developers of enterprise API security solutions.
I learned all the important aspects of different standards used in API security within a short period of time by reading this book which otherwise I would have had to learn by reading very lengthy specifications of those standards.
I followed this book when I had to design and implement a secure solution in one of my projects and the book helped me immensely to advance with the project in a faster phase by providing both conceptual details as well as practical examples.
Therefore, I highly recommend this book as the go-to book on enterprise API security standards, technologies, patterns and practices.
OAuth, OpenID but he is also giving the reason why the standards are like they are, partially also from the historical
perspective. I do not found such a consideration in any of the available/similar book. To know such details is definitely
4 stars because of the Apache/Tomcat, etc. configurations. The paper in a book can be use better.
Definitely a must read for Architects working in the Identity and access management solution area and a permanent place in my book shelf for future reference. Great work!!