As a former Pilates teacher and professional horse-rider, Layla changed careers and became a self-taught .NET developer. Microsoft technologies and the support of people using it became her new passion. Today, she’s based in London, organises the .Net meetup in Milton Keynes and helps developers all over the world as a Twilio developer evangelist.
Talk Overview: APIs Exposed
More and more developers are building APIs, whether that be for consumption by client-side applications, exposing endpoints directly to customers so they can use an alternative front-end or wrapping up services in containers.
Now that we have all these exposed endpoints, what are we doing to secure them? Previously, our monolith was self-contained with limited points of access making authentication and authorisation more straightforward – that’s no longer the case.
We’ll cover the potential risks we may face such as cross-site scripting and BruteForce attacks as well as a look at the possible options for securing API endpoints including OAuth, Access Tokens, JSON web tokens, IP whitelisting, rate limiting to name but a few.