11 Shield Right for APIs with Runtime Protection

In the previous chapter, we examined how to secure APIs using best practices for frameworks and languages. While this is important for improving API security, ensuring that your APIs are protected at runtime in production is equally important. This chapter will examine various methods to shield right (by shield right, I am referring to various protections for APIs that can be deployed at runtime, as opposed to design or development time) for API security.

First, we will examine basic practices to harden and secure the host platforms your APIs run on, whether Docker containers or operating systems. Then, we will examine the stalwart of runtime defense: the Web Application Firewall (WAF), and how ...

Get Defending APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Defending APIs by Colin Domoney

11

Shield Right for APIs with Runtime Protection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly