相關主題
商品描述
Secure your RESTful APIs with confidence and efficiency. This straightforward guide outlines the essential strategies and best practices for protecting sensitive data when developing RESTful APIs for your applications.
Inside, you'll explore the fundamental functionalities to implement industry-standard authentication authorization mechanisms for Java applications. With chapters covering key security concerns, data protection, and designing and testing secure APIs, this book provides a hands-on approach to protecting user data, validating inputs, and implementing security mechanisms such as JSON Web Tokens (JWT) and OAuth2 authentication.
This book offers a focused introduction without unnecessary complexity. Whether you are a beginner or busy professional, this is the only book designed to help you secure your RESTful APIs in no time.
What You Will Learn
- Understand the fundamentals of RESTful APIs and why it is critical to secure them
- Identify common security risks concerning RESTful APIs and explore effective protection techniques
- Know how to design and test RESTful APIs, including with input and response data validation
- Review examples of how to secure JSON Web Token (JWT) and OAuth3 with RestFUL APIs
Who This Book is For
Web developer beginners who want to learn how to develop Security RESTful APIs applications
商品描述(中文翻譯)
確保您的 RESTful API 安全且高效。本指南簡明扼要地概述了在為您的應用程式開發 RESTful API 時,保護敏感數據的基本策略和最佳實踐。
在本書中,您將探索實現行業標準身份驗證和授權機制的基本功能,特別針對 Java 應用程式。章節涵蓋關鍵的安全問題、數據保護,以及設計和測試安全 API,提供了一種實用的方法來保護用戶數據、驗證輸入,並實施如 JSON Web Tokens (JWT) 和 OAuth2 身份驗證等安全機制。
本書提供了一個專注的介紹,沒有不必要的複雜性。無論您是初學者還是忙碌的專業人士,這是唯一一本旨在幫助您迅速保護 RESTful API 的書籍。
您將學到的內容:
- 理解 RESTful API 的基本原理以及為何確保其安全至關重要
- 確認與 RESTful API 相關的常見安全風險並探索有效的保護技術
- 知道如何設計和測試 RESTful API,包括輸入和響應數據的驗證
- 審查如何使用 RESTful API 來保護 JSON Web Token (JWT) 和 OAuth2 的範例
本書適合對象:
希望學習如何開發安全 RESTful API 應用程式的網頁開發初學者。
作者簡介
Massimo Nardone has more than 29 years of experience in information and cybersecurity for IT/OT/IoT/IIoT, web/mobile development, cloud, and IT architecture. His true IT passions are security and Android. He holds an MSc degree in computing science from the University of Salerno, Italy. Throughout his working career, he has held various positions, starting as a programming developer, and then security teacher, PCI QSA, auditor, assessor, lead IT/OT/SCADA/SCADA/cloud architect, CISO, BISO, executive, program director, OT/IoT/IIoT security competence leader, VP OT security, etc. In his last working engagement, he worked as a seasoned cyber and information security executive, CISO and OT, IoT and IIoT security competence leader helping many clients to develop and implement cyber, information, OT, IoT security activities. He is currently working as Vice President of OT Security for SSH Communications Security. He is an Apress co-author of numerous books, including Pro Spring Security, Pro JPA 2 in Java EE 8, Pro Android Games, and has reviewed more than 70 titles.
作者簡介(中文翻譯)
Massimo Nardone 擁有超過 29 年的資訊與網路安全經驗,涵蓋 IT/OT/IoT/IIoT、網頁/行動開發、雲端及 IT 架構。他對 IT 的真正熱情在於安全性和 Android。他持有義大利薩萊諾大學的計算科學碩士學位。在他的職業生涯中,他擔任過多個職位,從程式開發人員開始,然後是安全教師、PCI QSA、審核員、評估員、IT/OT/SCADA/cloud 架構師、CISO、BISO、高級主管、計畫總監、OT/IoT/IIoT 安全能力領導者、副總裁 OT 安全等。在他最近的工作中,他擔任資深的網路與資訊安全高管、CISO 及 OT、IoT 和 IIoT 安全能力領導者,幫助許多客戶開發和實施網路、資訊、OT 和 IoT 安全活動。他目前擔任 SSH Communications Security 的 OT 安全副總裁。他是 Apress 多本書籍的共同作者,包括 Pro Spring Security、Pro JPA 2 in Java EE 8、Pro Android Games,並且已審閱超過 70 本書籍。
