This book will prepare you to meet the next wave of challenges in enterprise security, guiding you through and sharing best practices for designing APIs for rock-solid security. It will explore different security standards and protocols, helping you choose the right option for your needs. Advanced API Security, Second Edition explains in depth how to secure APIs from traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. Keep your business thriving while keeping enemies away. Build APIs with rock-solid security. The book takes you through the best practices in designing APIs for rock-solid security, provides an in depth understanding of most widely adopted security standards for API security and teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs, the best. This new edition enhances all the topics discussed in its predecessor with the latest up to date information, and provides more focus on beginners to REST, JSON, Microservices and API security. Additionally, it covers how to secure APIs for the Internet of Things (IoT). Audience: The Advanced API Security 2nd Edition is for Enterprise Security Architects and Developers who are designing, building and managing APIs. The book will provide guidelines, best practices in designing APIs and threat mitigation techniques for Enterprise Security Architects while developers would be able to gain hands-on experience by developing API clients against Facebook, Twitter, Salesforce and many other cloud service providers. What you’ll learn • Build APIs with rock-solid security by understanding best practices and design guidelines.• Compare and contrast different security standards/protocols to find out what suits your business needs, the best.• Expand business APIs to partners and outsiders with Identity Federation.• Get hands-on experience in developing clients against Facebook, Twitter, and Salesforce APIs.• Understand and learn how to secure Internet of Things.
Providing background on the “when and why” of the topic, then diving into practical, instruction-based examples called “recipes”, where each recipe will explain how to address a given challenge in enterprise integration.If you are an architect or Java developer, keen on building solutions to solve enterprise integration problems, this is the book for you!You will need a good understanding of SOA design concepts, SOAP, REST, and related messaging systems. However, you are not expected to be an advanced user of WSO2 ESB
If you are working with Java or Java EE projects and you want to take full advantage of Maven in designing, executing, and maintaining your build system for optimal developer productivity, then this book is ideal for you. You should be well versed with Maven and its basic functionality if you wish to get the most out of the book.
Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. Build APIs with rock-solid security today with Advanced API Security. Takes you through the best practices in designing APIs for rock-solid security. Provides an in depth tutorial of most widely adopted security standards for API security. Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best.
Get started with the essentials of Apache Maven and get your build automation system up and running quickly About This Book Explore the essentials of Apache Maven essentials to arm yourself with all the ingredients needed to develop a comprehensive build automation system Identify the extension points in Apache Maven and learn more about them in-depth Improve developer productivity by optimizing the build process with best practices in Maven using this compact guide Who This Book Is For The book is ideal for for experienced developers who are already familiar with build automation, but want to learn how to use Maven and apply its concepts to the most difficult scenarios in build automation. What You Will Learn Comprehend the key concepts in Apache Maven Build your own custom plugins and get to know how Maven extension points are used Troubleshoot build issues with greater confidence Optimize Maven's configuration settings Write custom lifecycles and extensions Get hands-on and create a Maven assembly Explore the best practices to design a build system that improves developer productivity In Detail Maven is the #1 build tool used by developers and it has been around for more than a decade. Maven stands out among other build tools due to its extremely extensible architecture, which is built on of the concept of convention over configuration. It's widely used by many open source Java projects under Apache Software Foundation, Sourceforge, Google Code, and more. Maven Essentials is a fast-paced guide to show you the key concepts in Maven and build automation. We get started by introducing you to Maven and exploring its core concepts and architecture. Next, you will learn about and write a Project Object Model (POM) while creating your own Maven project. You will also find out how to create custom archetypes and plugins to establish the most common goals in build automation. After this, you'll get to know how to design the build to prevent any maintenance nightmares, with proper dependency management. We then explore Maven build lifecycles and Maven assemblies. Finally, you will discover how to apply the best practices when designing a build system to improve developer productivity. Style and approach This book is a practical and compact guide that will show you how to use Apache Maven in an optimal way to address enterprise build requirements. It provides technical guidance to get you started with Maven and build automation.
”A complete guide to the challenges and solutions in securing microservices architectures.” —Massimo Siani, FinDynamic Key Features Secure microservices infrastructure and code Monitoring, access control, and microservice-to-microservice communications Deploy securely using Kubernetes, Docker, and the Istio service mesh. Hands-on examples and exercises using Java and Spring Boot Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot. About The Book Design and implement security into your microservices from the start. Microservices Security in Action teaches you to assess and address security challenges at every level of a Microservices application, from APIs to infrastructure. You’ll find effective solutions to common security problems, including throttling and monitoring, access control at the API gateway, and microservice-to-microservice communication. Detailed Java code samples, exercises, and real-world business use cases ensure you can put what you’ve learned into action immediately. What You Will Learn Microservice security concepts Edge services with an API gateway Deployments with Docker, Kubernetes, and Istio Security testing at the code level Communications with HTTP, gRPC, and Kafka This Book Is Written For For experienced microservices developers with intermediate Java skills. About The Author Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies. Table of Contents PART 1 OVERVIEW 1 Microservices security landscape 2 First steps in securing microservices PART 2 EDGE SECURITY 3 Securing north/south traffic with an API gateway 4 Accessing a secured microservice via a single-page application 5 Engaging throttling, monitoring, and access control PART 3 SERVICE-TO-SERVICE COMMUNICATIONS 6 Securing east/west traffic with certificates 7 Securing east/west traffic with JWT 8 Securing east/west traffic over gRPC 9 Securing reactive microservices PART 4 SECURE DEPLOYMENT 10 Conquering container security with Docker 11 Securing microservices on Kubernetes 12 Securing microservices with Istio service mesh PART 5 SECURE DEVELOPMENT 13 Secure coding practices and automation
Understand the key challenges and solutions around building microservices in the enterprise application environment. This book provides a comprehensive understanding of microservices architectural principles and how to use microservices in real-world scenarios. Architectural challenges using microservices with service integration and API management are presented and you learn how to eliminate the use of centralized integration products such as the enterprise service bus (ESB) through the use of composite/integration microservices. Concepts in the book are supported with use cases, and emphasis is put on the reality that most of you are implementing in a “brownfield” environment in which you must implement microservices alongside legacy applications with minimal disruption to your business. Microservices for the Enterprise covers state-of-the-art techniques around microservices messaging, service development and description, service discovery, governance, and data management technologies and guides you through the microservices design process. Also included is the importance of organizing services as core versus atomic, composite versus integration, and API versus edge, and how such organization helps to eliminate the use of a central ESB and expose services through an API gateway. What You'll LearnDesign and develop microservices architectures with confidence Put into practice the most modern techniques around messaging technologies Apply the Service Mesh pattern to overcome inter-service communication challenges Apply battle-tested microservices security patterns to address real-world scenarios Handle API management, decentralized data management, and observability Who This Book Is For Developers and DevOps engineers responsible for implementing applications around a microservices architecture, and architects and analysts who are designing such systems
An example-driven guide to securing access to your applications with OpenID Connect, the OAuth-based identity layer that keeps billions of user interactions safe every day. Login security is a complex problem with a simple solution: OpenID Connect. OpenID Connect in Action takes you under the hood of this reliable identity layer, showing you how to integrate OpenID Connect into a server-side web application, a single-page application (SPA), a native mobile application, APIs, and more. OpenID Connect in Action teaches you to deploy OpenID Connect to secure access to your apps. Ten-year access management veteran Prabath Siriwardena takes you in-depth with the widely adopted technology, showing you how to optimize OpenID Connect for your application’s specific use cases. You’ll work to secure end-to-end example applications created with React and React Native, and even develop solutions for Smart TVs and APIs. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. Build APIs with rock-solid security today with Advanced API Security. Takes you through the best practices in designing APIs for rock-solid security. Provides an in depth tutorial of most widely adopted security standards for API security. Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best.
If you are working with Java or Java EE projects and you want to take full advantage of Maven in designing, executing, and maintaining your build system for optimal developer productivity, then this book is ideal for you. You should be well versed with Maven and its basic functionality if you wish to get the most out of the book.
Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot. Summary Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data—and your company’s reputation—safe! About the book Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you’ve learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You’ll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you’re finished reading, you’ll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they’re secure! What's inside Microservice security concepts Edge services with an API gateway Deployments with Docker, Kubernetes, and Istio Security testing at the code level Communications with HTTP, gRPC, and Kafka About the reader For experienced microservices developers with intermediate Java skills. About the author Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies. Table of Contents PART 1 OVERVIEW 1 Microservices security landscape 2 First steps in securing microservices PART 2 EDGE SECURITY 3 Securing north/south traffic with an API gateway 4 Accessing a secured microservice via a single-page application 5 Engaging throttling, monitoring, and access control PART 3 SERVICE-TO-SERVICE COMMUNICATIONS 6 Securing east/west traffic with certificates 7 Securing east/west traffic with JWT 8 Securing east/west traffic over gRPC 9 Securing reactive microservices PART 4 SECURE DEPLOYMENT 10 Conquering container security with Docker 11 Securing microservices on Kubernetes 12 Securing microservices with Istio service mesh PART 5 SECURE DEVELOPMENT 13 Secure coding practices and automation
Understand the key challenges and solutions around building microservices in the enterprise application environment. This book provides a comprehensive understanding of microservices architectural principles and how to use microservices in real-world scenarios. Architectural challenges using microservices with service integration and API management are presented and you learn how to eliminate the use of centralized integration products such as the enterprise service bus (ESB) through the use of composite/integration microservices. Concepts in the book are supported with use cases, and emphasis is put on the reality that most of you are implementing in a “brownfield” environment in which you must implement microservices alongside legacy applications with minimal disruption to your business. Microservices for the Enterprise covers state-of-the-art techniques around microservices messaging, service development and description, service discovery, governance, and data management technologies and guides you through the microservices design process. Also included is the importance of organizing services as core versus atomic, composite versus integration, and API versus edge, and how such organization helps to eliminate the use of a central ESB and expose services through an API gateway. What You'll LearnDesign and develop microservices architectures with confidence Put into practice the most modern techniques around messaging technologies Apply the Service Mesh pattern to overcome inter-service communication challenges Apply battle-tested microservices security patterns to address real-world scenarios Handle API management, decentralized data management, and observability Who This Book Is For Developers and DevOps engineers responsible for implementing applications around a microservices architecture, and architects and analysts who are designing such systems
Thank you for visiting our website. Would you like to provide feedback on how we could improve your experience?
This site does not use any third party cookies with one exception — it uses cookies from Google to deliver its services and to analyze traffic.Learn More.