As a security expert and consultant, Wim Remes (@WimRemes), was fed up with clients using security products that had lacking API security themselves. But he knew that it was a multi-faceted problem that couldn't be addressed in one place. So, he developed a maturity model for security APIs that could serve as a check list for clients evaluating products, procurement teams involved in purchasing security products, and security vendors building the products. As it turns out, it's a pretty good checklist for any developer building APIs.
Wim sat down with Dormain Drewitz (@DormainDrewitz) and Brian McClain (@BrianMMcClain) to talk through the model, which includes factors for documentation, authentication, and design and implementation. Wim described what a "zero" or "one" versus a "five" looked like for some of these factors. How do your APIs measure up?
Next steps:
- Follow Wim's API Maturity Model GitHub repo.
- Read Brian McClain's post, "Slaying the Hydra: The Multi-Headed Beast that is API Security."
- Download the API product design and development white paper.
- Read the OWASP REST Security cheatsheet.
- Watch Ian Coldwater's keynote from BSides NoVA 2019.
- Download this episode from Soundcloud.
- Subscribe to the Pivotal Conversations on iTunes.
- Send feedback to podcasts@pivotal.io.
About the Author
Follow on Twitter Visit Website More Content by Dormain Drewitz