Neil Madden

SE Radio 383: Neil Madden On Securing Your API

Neil Madden, author of the API Security in Action book and Security Director of ForgeRock, discusses the key technical features of securing an API. Host Gavin Henry spoke with Madden about API versus Web App security, choice of authentication tokens, the various security models you can follow, NIST-800-92, ISO27001, STRIDE, CIA Triad, audit log best practices, mistakes that have been made, what to log, how to protect yourself from bad users, when to log something, the benefits of HTTPS, using Encrypted JWT, which is harder; API or Web App dev and the ongoing security battle of change.

Show Notes

Related Links

SE Radio theme: “Broken Reality” by Kevin MacLeod ( — Licensed under Creative Commons: By Attribution 3.0)

Join the discussion

More from this show