RESTful Security at Work
You’ve been working with RESTful Web Services for a few years now, and you’d like to know if your services are secure. Maybe you're new to REST on your project. In any case, you have questions:
- How do I design a secure service?
- Are there any guidelines and best practices?
- What is OWASP and how does it help?
- What is OAuth and how do I use it?
- How does RESTful Security tie to existing infrastructure?
In this presentation, we’ll cover:
RESTful Web Service Security Best Practices
OWASP
Controlling Access – Authentication / Authorization
Securing the Payload – Confidentiality & Integrity
Protecting sensitive data
Securing the URI
Whitelisting Methods and Response Types
Content ValidationOAuth
Overview
Flow and Concepts
Security and Common RESTful APIs
- Twilio
- Groupon
- Tumblr
Security and Common Infrastructure
- LDAP
- SSO (Single Sign-On)
- Open AM
We will look at a single business problem to secure a RESTful Web Service. Along the way, we'll walk through several well-known RESTful Web Service APIs and Java-based code examples. Attendees will gain a solid foundation in RESTful Web Service security.
About Tom Marrs
Tom Marrs is a Technical Architect at Perficient, where he specializes in RESTful Web Services and Service-Oriented Architecture (SOA). He designs and implements mission-critical web and business applications using the latest SOA, Ruby on Rails, JSON, HTML5, JavaScript, Java/EE, and Open Source technologies.
Tom is the author of the JSON Refcard for DZone, and the upcoming book, JSON at Work for O’Reilly. Tom is also a speaker at the Great Indian Developer Summit (GIDS) conference.
An active participant in the local technical community, Tom helps emcee at the HTML5 Denver User Group, helped found the Denver Open Source User Group (DOSUG), has served as President of the Denver Java Users Group (DJUG), and speaks at other local user groups.
More About Tom »