How to Implement Zero Trust and API Security

Presented by

Judith Kahrer and Gary Archer, Product Marketing Engineers at Curity

About this talk

APIs and microservices are exposed to multiple threats, including unauthorized access and escalation of privilege. Using a Zero Trust approach with its principle “Trust no one” effectively addresses these threats and secures systems. To implement a Zero Trust approach for APIs, you should apply authentication and authorization to every API request from clients, both inside and outside the network. A secure token design is also needed so that web and mobile clients receive confidential API credentials. OAuth 2.0 enables you to meet all of these requirements with only simple code. The token-based design is scalable to many microservices and has a high-performance potential. Join us in this talk to learn how to: Write secure API code, which validates JWTs, then uses claims-based authorization Ensure privacy by issuing confidential tokens to internet clients Keep API code simple by using your API gateway to deliver JWTs to APIs Enable business authorization by issuing custom claims Develop and test productively with user-level access tokens
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (13)
Subscribers (636)
Curity is a leading provider of IAM and API security technology that enables user authentication and authorization for a wide range of digital services. The Curity Identity Server is highly scalable, and handles the complexities of the leading identity standards, making them easier to use, customize and deploy. Today, the Curity Identity Server is the most complete OAuth and OpenID Connect server, and we enjoy the trust of large organizations in most industries, including financial services, telecom, retail, gaming, energy, and government services across many countries.