ALW-5258 How to get along with HATEOAS without letting the bad guys steal your lunch? | Voxxed Days

Voxxed Days Luxembourg 2019
from Thursday 20 June to Friday 21 June 2019.

   How to get along with HATEOAS without letting the bad guys steal your lunch?

Conference

Server Side
Server Side
Beginner & novice level
AmigaOS Thursday from 16:15 til 17:05

How to get along with HATEOAS without letting the bad guys steal your lunch?

It’s a cool idea - decouple the client from the server and let the application tell the client what it can do dynamically. This approach should allow much more flexibility and resilience as the client and server can evolve separately. Unfortunately, the HATEOAS approach can be a free lunch for cybercriminals unless you understand the simple steps needed to secure your design.

The question is - how to achieve the balance of design flexibility and security in practice?

This session will show you how to create a secure hypermedia-driven RESTful web service using HATEOAS principles. You’ll learn how HATEOAS works, understand how it can be exploited by the bad guys and discover why HATEOAS is still a really good approach .

With code and examples this session will leave you more informed and possibly a little wiser.

APIs   security best practices   Java  
Subscribe to Voxxed Days on YouTube
Steve Poole
Steve Poole
From IBM

Developer Advocate, DevOps practitioner (whatever that means) Long time IBM Java developer, leader and evangelist. I’ve been working on IBM Java SDKs and JVMs since Java was less than 1. Also had time to work on other things including representing IBM on various JSRs, being a committer on various open source projects including ones at Apache, Eclipse and OpenJDK. Also member of the Adopt OpenJDK group championing community involvement in OpenJDK. A seasoned speaker and regular presenter at JavaOne / CodeOne and other conferences on technical and software engineering topics.


Graham Charters
Graham Charters
From IBM

Graham is an Architect and IBM Senior Technical Staff Member for Open Liberty at IBM's R&D Laboratory in Hursley, UK. He takes a keen interest in emerging technologies and practices and in particular programming models. His past exploits include establishing and contributing to open source projects at PHP and Apache and participation in, and leading, industry standards.


Sign-in
Make sure to download the Android or iOS mobile schedule.