RESTful Security at Work

You’ve been working with RESTful Web Services for a few years now, and you’d like to know if your services are secure. Maybe you're new to REST on your project. In any case, you have questions:

• How do I design a secure service?
• Are there any guidelines and best practices?
• What is OWASP and how does it help?
• What is OAuth and how do I use it?
• How does RESTful Security tie to existing infrastructure?

In this presentation, we’ll cover:

RESTful Web Service Security Best Practices

• OWASP
  Controlling Access – Authentication / Authorization
  Securing the Payload – Confidentiality & Integrity
  Protecting sensitive data
  Securing the URI
  Whitelisting Methods and Response Types
  Content Validation

• OAuth
  Overview
  Flow and Concepts

Security and Common RESTful APIs

• Twitter
• LinkedIn
• Twilio
• Groupon
• Tumblr

Security and Common Infrastructure

• LDAP
• SSO (Single Sign-On)
• Open AM

We will look at a single business problem to secure a RESTful Web Service. Along the way, we'll walk through several well-known RESTful Web Service APIs and Java-based code examples. Attendees will gain a solid foundation in RESTful Web Service security.

About Tom Marrs

Tom Marrs is a Technical Architect at Perficient, where he specializes in RESTful Web Services and Service-Oriented Architecture (SOA). He designs and implements mission-critical web and business applications using the latest SOA, Ruby on Rails, JSON, HTML5, JavaScript, Java/EE, and Open Source technologies.

Tom is the author of the JSON Refcard for DZone, and the upcoming book, JSON at Work for O’Reilly. Tom is also a speaker at the Great Indian Developer Summit (GIDS) conference.

An active participant in the local technical community, Tom helps emcee at the HTML5 Denver User Group, helped found the Denver Open Source User Group (DOSUG), has served as President of the Denver Java Users Group (DJUG), and speaks at other local user groups.

More About Tom »