arrow_back What makes JSON Web Tokens (JWT) secure?
Demystifying Web Application Security arrow_forward
Building a secure BFF at Postman
Submitted by Ankit Muchhala (@ankit-muchhala) on Thursday, 30 August 2018
Section: Full Talk Technical level: Intermediate
Introduce audience to security implications while writing application code for public facing gateway services. The talk will not be a tutorial on security best practices. Instead, it will focus on building an understanding for developing secure applications and outline ways to do so.
- How to build secure APIs
- Understand security challenges while building BFF (Backend For Frontend)
- Security should be a part of writing code - not a separate
- Rise of BFFs in microservices architecture
- Purpose of these gateway services
- Security challenges and considerations
Security core components in terms of an API
Responsibilities of a BFF
- Managing public access to internal services
- Validation and sanitisation on requests and responses
- Deferring certain responsibilities to downstream services
Building with security in mind
- Architecture as a forcing function for security
- Principle of least privilege
- Content security
- Testing for security
Case Study - Postman BFF
- Abstracting out security from business logic
- Security as development stage
- Enforcing best practices using tests and linting
- Continuous monitoring for security
The talk assumes basic familiarity with HTTP concepts.
I am a Software Developer at Postman. I have been developing web applications for the past 4 years. Currently, I spend my time building, optimizing and maintaining the web products of Postman.