We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Zero Trust APIs with Python

00:00
subtitles
off
playback rate
1
quality
1080p
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
1080p
720p
480p
360p
240p
4
 Cite
 Share
 Related Material
 Download Purchase
Logo of EuroPythonEuroPython
 Peralta, Jose Haro

Formal Metadata

Title
Zero Trust APIs with Python
Title of Series
Number of Parts
131
Author
Contributors
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
What does it take to deliver a properly secured API? When we think about API security, we first think of authentication and authorization. But there’s more to it. API security also includes protecting against SQL Injection attacks, Mass Assignment, Excessive Data Exposure, Server-Side Request Forgery (SSRS), and more. APIs are now the main attack vector on the Internet, and we gotta do something about it. Thankfully, Python boasts excellent libraries for API development, like FastAPI, the Django REST Framework, APIFlask, and more. When used properly, these libraries help us deliver secure APIs. In this talk, I’ll present a model of Zero Trust Security for APIs that applies robust data validation and sanitization across all data flows to help us deliver secure APIs. You’ll learn how your API design and implementation choices impact API security and how to discover and tackle vulnerabilities. We’ll walk through practical examples of SQL injection, mass assignment, big payload attacks, pagination attacks, and more. We’ll see how URL parameters and request payloads can become attack vectors when they’re not properly configured. You’ll also learn how to use tools like schemathesis and Spectral to automate and scale the process of detecting vulnerabilities in your APIs. By the end of this talk, you’ll be aware of the most important threats to our APIs and you’ll know how to discover and address them effectively. You’ll also get familiar with the concepts of API Security by Design, Shift-Left API Security, and Zero Trust APIs.
00:00
Storage area networkAngle of attackGoodness of fitNumberAmerican Physical SocietyInformation securityBuildingContext awarenessEndliche ModelltheorieVulnerability (computing)Arithmetic progressionComputer animationLecture/ConferenceMeeting/Interview
00:57
CodeDiscounts and allowancesTwitterNewsletterEmail2 (number)Information securityRoute of administrationUniform resource nameVector graphicsServer (computing)Default (computer science)Product (business)Order (biology)Electronic mailing listWeb pageParameter (computer programming)Query languageDependent and independent variablesState of matterDataflowDiscounts and allowancesInformation securityFreewareDifferent (Kate Ryan album)Context awarenessOcean currentBitVulnerability (computing)DiagramTwitterProcess (computing)MereologyDatabaseEndliche ModelltheoriePresentation of a groupCodeStrategy gameHuman migrationMultiplication signForm (programming)Message passingWeb pageConnected spacePoint (geometry)Category of beingCodeLatent heatInterface (computing)Machine codeToken ringSequelSpacetimeFunctional (mathematics)QR codeThread (computing)Software developerEnterprise architectureForestEmailComputing platformPhysical systemExploit (computer security)FlagElectronic mailing listSoftwareRun time (program lifecycle phase)Dependent and independent variablesSensitivity analysisService (economics)Slide ruleParameter (computer programming)YouTubeView (database)Source codeCartesian coordinate systemArithmetic progressionMedical imagingComplex (psychology)Cursor (computers)InternetworkingGoodness of fitWebsiteRight angleMetropolitan area networkSoftware testingINTEGRALAuthorizationShape (magazine)Point cloudInjektivitätStatisticsUniform resource locatorBit rateSurfaceVector spaceComputer fileAmerican Physical SocietyLoginFeedbackComputer animation
10:30
Server (computing)Dependent and independent variablesCodeEmailAerodynamicsQuery languageWeb pageProduct (business)Error messageCone penetration testParameter (computer programming)Default (computer science)Electronic mailing listCausalityMultiplication signPressureDatabaseServer (computing)Axiom of choiceCASE <Informatik>Right angleFeedbackError messageOrder (biology)Service (economics)Game controllerComputer animation
11:29
Product (business)Electronic mailing listDependent and independent variablesQuery languageTouch typingSystems engineeringFAQDatabaseData modelCategory of beingEnumerated typeComputer animationLecture/Conference
11:57
Dependent and independent variablesServer (computing)CodeWeb pageQuery languagePseudodifferentialoperatorProduct (business)View (database)Row (database)Parameter (computer programming)Crash (computing)Open setProduct (business)MassStrategy gameRobotNumeral (linguistics)QuicksortParameter (computer programming)Physical systemCategory of beingSoftware frameworkPresentation of a groupType theoryConstraint (mathematics)Computer animation
12:52
Product (business)Query languageError messageSide channel attackDependent and independent variablesSet (mathematics)View (database)Row (database)File formatNumberType theoryTouch typingOrder (biology)FreewareParameter (computer programming)Web pageDescriptive statisticsConstraint (mathematics)CASE <Informatik>Numeral (linguistics)Maxima and minimaInjektivitätProduct (business)Dependent and independent variablesoutputDatabaseComputer configurationString (computer science)Right angleQuery languagePhysical systemSequelLevel (video gaming)Object (grammar)Enumerated typeAuthorizationComputer animation
13:50
EstimationView (database)Row (database)Dependent and independent variablesServer (computing)CodeError messageLink (knot theory)HypermediaOrder (biology)Parameter (computer programming)DisintegrationAuthorizationLevel (video gaming)Power (physics)Object (grammar)Order (biology)LaptopComputer animation
14:15
Decision tree learningDefault (computer science)Link (knot theory)Dependent and independent variablesDesign of experimentsElectronic mailing listOrder (biology)Parameter (computer programming)Query languageDot productHypermediaGUI widgetError messageUniform resource locatorServer (computing)CodeEmailCodierung <Programmierung>Token ringAuthorizationGoogolUser profileInformationProduct (business)Web pageComputer configurationMilitary operationOrder (biology)Token ringInjektivitätoutputRight angleInterpolationSequelString (computer science)Computer animation
14:57
Computer configurationMilitary operationServer (computing)OvalDependent and independent variablesQuery languageGamma functionComputer engineeringPlastikkarteQuery languageInterpolationString (computer science)Parameter (computer programming)Statement (computer science)InjektivitätEqualiser (mathematics)Order (biology)SequelPhysical systemComputer animationLecture/Conference
15:22
Computer configurationServer (computing)Military operationParameter (computer programming)Dependent and independent variablesQuery languageOrder (biology)Uniform resource locatorPhysical systemDatabase2 (number)Type theoryMultiplication signStatement (computer science)Computer animation
15:56
Computer configurationServer (computing)Military operationParameter (computer programming)Dependent and independent variablesQuery languageCodeUniform resource locatorDatabaseConnected space2 (number)Physical systemTouchscreenComputer animationLecture/Conference
16:23
Stochastic differential equationDependent and independent variablesServer (computing)CodeMetreComputer configurationMilitary operationQuery languageAuthorizationParameter (computer programming)InjektivitätData typeRootComputer-assisted translationAlgebraRow (database)View (database)Order (biology)Electronic mailing listDemonInjektivitätDatabaseInterpolationCartesian coordinate systemVirtual machineRow (database)Physical systemSemiconductor memoryQuery languagePoint (geometry)Product (business)2 (number)String (computer science)Statement (computer science)SequelComputer clusterComputer animation
17:10
Value-added networkQuery languageInjektivitätOrder (biology)Error messageDependent and independent variablesDesign of experimentsView (database)File formatRow (database)CodecPersonal identification numberASCIIObject-relational mappingMultiplication signParametrische ErregungRight anglePhysical systemRow (database)CASE <Informatik>Compilation albumQuery languageSoftware developeroutputDependent and independent variablesInjektivitätMassEnumerated typeConstraint (mathematics)Computer animationLecture/Conference
18:17
Computer configurationServer (computing)Dependent and independent variablesQuery languageOrder (biology)Product (business)CodeEmailAerodynamicsGUI widgetLink (knot theory)Error messageHypermediaMassBuildingFunction (mathematics)outputLibrary (computing)Endliche ModelltheorieValidity (statistics)Plug-in (computing)Computer animationLecture/Conference
18:39
Parameter (computer programming)Order (biology)Spherical capDependent and independent variablesServer (computing)CodeLink (knot theory)Error messageHypermediaSoftware testingoutputMultiplication signEndliche ModelltheorieCategory of beingOrder (biology)Computer wormRandomizationProduct (business)Real numberRight angleComputer animation
19:05
Dependent and independent variablesUniform resource locatorServer (computing)CodeOrder (biology)GoogolString (computer science)Parameter (computer programming)LaceOrder (biology)State of matterIntrusion detection systemMathematicsProduct (business)outputOperator (mathematics)Real numberCASE <Informatik>Computer animation
19:30
Value-added networkDependent and independent variablesCodeLink (knot theory)VolumenvisualisierungServer (computing)Software testingGame theoryGoogolGUI widgetUniform resource locatorOrder (biology)Content (media)Codierung <Programmierung>Endliche ModelltheorieOrder (biology)Category of beingComputer wormDependent and independent variablesComputer animation
19:53
Rule of inferenceServer (computing)Dependent and independent variablesError messageServer (computing)Right angleComputer animation
20:16
Dependent and independent variablesServer (computing)CodeUniform resource locatorOrder (biology)Mountain pass19 (number)Vulnerability (computing)Similarity (geometry)Error messageOrder (biology)Computer animationLecture/Conference
20:41
HypermediaDependent and independent variablesLink (knot theory)CodeServer (computing)View (database)Row (database)Order (biology)Parameter (computer programming)Revision controlDefault (computer science)Endliche ModelltheorieCategory of beingDirection (geometry)Software developerAdditionoutputComputer wormDemosceneDifferent (Kate Ryan album)Computer animation
21:38
Router (computing)OvalArc (geometry)Row (database)Order (biology)View (database)String (computer science)Parameter (computer programming)LengthServer (computing)CurveGrass (card game)Error messageDependent and independent variablesWindowOrdinary differential equationCondition numberImplementationSoftware testingRun time (program lifecycle phase)Fuzzy logicInformation securitySteady state (chemistry)Functional (mathematics)Revision controlCategory of beingKey (cryptography)Software testingHypothesisRun time (program lifecycle phase)outputRow (database)Multiplication signBitLatent heatCombinational logicEndliche ModelltheorieComputer animationLecture/Conference
22:45
Software repositoryStaff (military)BEEPLatent heatImplementationView (database)Right angleType theoryPoint (geometry)Spektrum <Mathematik>Lecture/ConferenceComputer animation
23:15
WebsiteSuite (music)HTTP cookieRow (database)View (database)Spektrum <Mathematik>Information securitySoftware testingError messageBit ratePattern languageString (computer science)LengthSoftware developerIntegerFile formatFlagConfiguration spaceVulnerability (computing)Latent heatSoftware testingMathematicsSpektrum <Mathematik>Computer animation
23:52
Musical ensembleRow (database)State of matterComponent-based software engineeringContent (media)Computer wormPersonal digital assistantPermianString (computer science)LengthFile formatComputer iconPattern languageIntegerMaxima and minimaTelephone number mappingRing (mathematics)Suite (music)View (database)Euclidean vectorPressureHTTP cookieChaos (cosmogony)Condition numberComputing platformComputer programParameter (computer programming)Hacker (term)Web pageUser profileComputer-generated imageryControl flowCodeDiscounts and allowancesSystems engineeringBit rateSpectrum (functional analysis)Vulnerability (computing)Shape (magazine)Arithmetic progressionGoodness of fitSpektrum <Mathematik>CodeInformation securitySimilitude (model)WebsiteSource codeHacker (term)Web-DesignerDiscounts and allowancesMultiplication signBitComputing platformInformationWeb 2.0Socket-SchnittstelleLecture/ConferenceComputer animation
25:17
Web 2.0State of matterMultiplication signConnected spaceSocket-SchnittstelleNetwork socketMathematicsDifferent (Kate Ryan album)Lecture/Conference
25:49
outputConnected spaceRoundness (object)Category of beingEndliche ModelltheorieComputer wormCommunications protocolCodeCASE <Informatik>InjektivitätValidity (statistics)Multiplication signServer (computing)Dependent and independent variablesProjective planeQuery languageSoftware developerCartesian coordinate systemDemosceneBuffer solutionOnline helpRight angleVirtual machineLecture/ConferenceMeeting/InterviewComputer animation
Transcript: English(auto-generated)