Securing your APIs using OAuth – Dan Moore – ASW #225
This segment will discuss options for protecting your APIs.
First, why protect them?
Second, what are the options and the tradeoffs.
Segment Resources:
- https://stackoverflow.blog/2022/04/11/the-complete-guide-to-protecting-your-apis-with-oauth2/
- https://fusionauth.io/learn/expert-advice/
- https://fusionauth.io/learn/expert-advice/oauth/modern-guide-to-oauth
- https://oauth.net/2/
- https://tools.ietf.org/html/rfc6749
- https://datatracker.ietf.org/doc/id/draft-ietf-oauth-v2-1-07.html
- https://paseto.io
- https://securityboulevard.com/2021/11/biggest-api-security-attacks-of-2021-so-far/
Announcements
Thank you for listening to or watching our podcasts! We want to ensure that we are creating the most relevant and useful content for our audience across our network! It is crucial to us that we are delivering to you more of what you want to hear and learn about. Please take a few minutes to complete our listener survey so that we can craft our content based on your needs. Visit https://securityweekly.com/survey to submit your feedback.
Guest
Dan Moore is a principal product engineer for FusionAuth, and currently helps build solutions and educate developers about auth and OAuth. He’s written, contributed to or edited 5 books, including “Letters To a New Developer” and “97 Things Every Cloud Engineer Should Know”. A former CTO, technical trainer, engineering manager and longtime developer, Dan has been writing software for (checks watch) over 25 years.
Hosts
