LF_APIStrat17_Keep Your Swagger On

•

1 like•34 views

Behold the magic of the next-gen of the OSS Swagger tooling, now with OpenAPI V3 support! Learn how we improved developer experience, making the tools even easier to use. With our enhanced infrastructure, you can make it your own - configure, customize and extend to suit your needs. This talk will cover what changed in our ecosystem and provide a glimpse of the roadmap ahead. Come and get a demo of what the future of Swagger and OpenAPIV3 looks like!

Keep Your Swagger On
Ron Ratovsky (@webron)

Swagger is…
-An open source toolset
-Covering portions of the API lifecycle
-Supports both code-first and design-first approaches
-Focused around the OpenAPISpecification
Swagger is not…
The OpenAPISpecification

Driving the API Lifecycle with OAS
Design
Implementation
Testing
Mocking
Documentation
Virtualization
Deployment
/ Runtime
Clients
Security, Usage policies,
Monitoring, Caching, etc
Developer portals,
Code samples, User guides, etc.
Functional / Runtime simulations
Functional, Security,
Load, Compliance, etc.
Generated server code/artifacts
Prototyping
Generated client libraries
Object reuse, linking,
Callbacks, etc.

The Swagger Projects
1. Swagger-core
2. Swagger-parser
3. Swagger-inflector
4. Swagger-codegen
5. Validator-badge
6. Swagger-converter
7. Swagger-js
8. Swagger-ui
9. Swagger-editor
10. Swagger-node
11. …

- Code-first approach
- Java JAX-RS
- Basis for other projects (annotations, models)
- OAS3 (swagger-core 2.0):
- Rewrite of annotations and models
- Cleanup of set up process
- Built to co-exist with 1.5
- Support utility for deserializingOpenAPIdocuments
- Depends on Swagger-core’s models.
- OAS3 (swagger-parser 2.0):
- Convert previous versions to 3.0
- Provides 3.0 validation
- More customizable with options
Swagger-core Swagger-parser

- Design-first approach
- Java JAX-RS (Jersey)
- Depends on Swagger-parser
- OAS3 (swagger-inflector 2.0):
- Modified for OAS3 support (*)
- Plans to co-exist with OAS2 support
- Improved mocking capabilities
- Client/Server generation
- Depends on Swagger-parser
- Available as a library, CLI and a service
- WIP Changes (swagger-codegen3.0):
- Support for 3.0 versions and older (through
conversion)
- Moving to handlebars
- Improved CLI
- Breaking out the templates
- And more…
Swagger-inflector Swagger-codegen

- Definition validation
- Runs as a service
- Depends on Swagger-parser
- OAS3 (validator-badge 2.0):
- Modified for OAS3 support (*)
- Plans to co-exist with OAS2 support
- New and improved API
- OAS2àOAS3 conversion
- Runs as a service
- Depends on Swagger-parser
- WIP (swagger-converter 1.0):
- Pushing out the first version
Validator-badge Swagger-converter

- Parser, resolver, client
- Was recently written from scratch (prior to OAS3)
- OAS3 (swagger-client 3.X):
- Parse and resolve OAS3 documents
- Client functionality partially implemented,
still WIP.
- Visualization
- Depends on Swagger-js
- Uses the Validator-badge
- Swagger-UI 3.X:
- Was recently written from scratch
- Provides easier customization
- Improved performance and visuals
- OAS3:
- Support for rendering OAS3 documents (*)
- Exciting plans for links
- Sandbox functionality is still WIP
Swagger-js Swagger-UI

- OAS IDE
- Depends on Swagger-UI
- Uses Swagger-codegen
- Swagger-Editor 3.X:
- Was recently written from scratch
- Provides easier customization
- Improved auto-suggest
- Improved validation
- OAS3:
- Supports OAS3 completion
- OAS3 structural validation
- Semantic validation is WIP
- Design-first approach
- Plans:
- Provide support for OAS3 based on
swagger-js
- Break the dependency on Editor/UI
- Implement similar features to Swagger-
Inflector
Swagger-Editor Swagger-node

Thank you!
http://swagger.io
https://github.com/swagger-api
@SwaggerAPI
Visit us at the
booth to hear more about
Swagger and SwaggerHub

Similar to LF_APIStrat17_Keep Your Swagger On

AppSec & OWASP Top 10 Primer

ThreatReel Podcast

AppSec & OWASP Top 10 Primer By Matt Scheurer (@c3rkah) Cincinnati, Ohio Date: 03/21/2019 Momentum Developer Conference Sharonville Convention Center #momentumdevcon Abstract: Are you testing the security of your web applications, web sites, and web servers? The malicious threat actors on the Internet almost certainly are. We will cover AppSec along with a brief review of the 2017 OWASP Top 10 List. The focus of the presentation is how to get started with AppSec and where to continue learning more. Accompanying the presentation are live demos of Nikto and the OWASP Zed Attack Proxy (ZAP). Bio: Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG) and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences all over the Ohio, Indiana, and Kentucky Tri-State. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), and Information Systems Security Association (ISSA).

Server Side JavaScript on the JVM - Project Avatar - QCon London March 2014

David Delabassee

The document discusses Project Avatar, which aims to run server-side JavaScript (Node.js) applications on the Java Virtual Machine (JVM). It introduces Avatar.js, which provides 95% compatibility with Node.js modules and libraries while allowing access to Java frameworks and libraries. Project Avatar builds on this with additional features like integrated messaging, database access via a modeling framework, and support for REST, WebSocket and server-sent events. It allows building event-driven JavaScript services that leverage Java EE capabilities on the JVM.

WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business

WSO2

The document discusses the WSO2 Application Development Platform for building connected businesses. It provides an overview of key capabilities including publishing APIs, offering developer portals, creating mobile and web applications, and fostering customer communities. It also describes trends in RESTful services, WebSockets, and SaaS application development. The WSO2 Application Server and User Engagement Server are presented as core components that enable developing and engaging applications.

WSO2 AppDev platform

Sagara Gunathunga

Next-generation JavaScript - OpenSlava 2014

Oscar Renalias

AUTH - SEAF

Caroline Milne

The document describes the software development process for a social enterprise architecture (SEAF) platform. It will use an Agile/Scrum methodology with sprints of 30 days each to continuously deliver working software. User interfaces will be developed for contractors, investors, and administrators. The technologies used will be the MEAN stack along with DevOps practices. Quality, reliability, and security are emphasized through testing, code quality practices, infrastructure reliability, and a documented security plan.

Running an app sec program with OWASP projects_ Defcon AppSec Village

Vandana Verma

This document outlines how to run an application security (AppSec) program using various open source tools from the Open Web Application Security Project (OWASP). It discusses tools for requirements gathering, threat modeling, source code review, vulnerability testing, defect tracking, defensive controls, training and awareness, and knowledge management. Many of the tools are linked, including the OWASP Security Knowledge Framework, Dependency Check, ModSecurity Core Rule Set, Juice Shop, DevSlop, the OWASP Top 10, and the OWASP Testing guides. The document provides an open source framework for implementing an AppSec program.

OISC 2019 - The OWASP Top 10 & AppSec Primer

ThreatReel Podcast

Technology First 16th Annual Ohio Information Security Conference OISC 2019 #OISC19 The OWASP Top 10 & AppSec Primer By Matt Scheurer (@c3rkah) Dayton, Ohio Date: 03/13/2019 Abstract: Are you testing the security of your web applications, web sites, and web servers? The malicious threat actors on the Internet almost certainly are. We will cover AppSec along with a brief review of the 2017 OWASP Top 10 List. The focus of the presentation is how to get started with AppSec and where to continue learning more. Accompanying the presentation are live demos of Nikto and the OWASP Zed Attack Proxy (ZAP). Bio: Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG) and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences all over the Ohio, Indiana, and Kentucky Tri-State. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), and Information Systems Security Association (ISSA).

Owasp london training course 2010 - Matteo Meucci

Matteo Meucci

Here are some examples of how to test for authentication vulnerabilities: - Try logging in with default credentials, common credentials or by enumerating users (OWASP-AT-002, OWASP-AT-003) - Attempt to bypass authentication by modifying cookies, tokens or other parameters used to maintain session state (OWASP-AT-005) - See if strong passwords are enforced or if weak, common or default passwords can be guessed (OWASP-AT-003, OWASP-AT-004) - Verify credentials are transmitted only over an encrypted channel and sensitive data is not exposed (OWASP-AT-001) - Test if password reset and "remember me" functions are secure

we45 DEFCON Workshop - Building AppSec Automation with Python

Abhay Bhargav

Server Side JavaScript on the Java Platform - David Delabassee

JAXLondon2014

This document provides an overview of Project Avatar, which is Oracle's implementation of server-side JavaScript (Node.js) that runs on the Java Virtual Machine (JVM). It discusses how Avatar bridges Node.js and Java by allowing thousands of Node packages and Java libraries to be used together. It also describes Avatar's enterprise features like advanced multithreading, state sharing, persistence, and Java EE interoperability that allow building enterprise applications in JavaScript while leveraging existing Java infrastructure. The document concludes with a demo of Avatar's capabilities.

Securing your web applications a pragmatic approach

Antonio Parata

Extend soa with api management spoug- Madrid

Vinay Kumar

Vinay Kumar is an Oracle ACE, Enterprise Architect, and co-author of a book on Oracle WebCenter Portal. He will present on Oracle API platform introduction, including the evolution of API management, extending SOA with API management, API management architecture and components, configuring API policies, APIMATIC for developer experience, API Fortress, best practices and benefits, and a demo. The Oracle API platform provides full lifecycle management of APIs from design to decommissioning. It is built on REST principles and supports integration with popular API tools. Key components include the management console, developer portal, API gateway, and API design tool APIARY.

Ten Commandments of Secure Coding

Mateusz Olejarka

OWASP - Open Web Applications Security Project to fundacja której celem jest eliminacja problemów bezpieczeństwa aplikacji. OWASP działa w duchu "open source" i dostarcza narzędzi, informacji i wiedzy pozwalających podnieść poziom bezpieczeństwa aplikacji. W trakcie wykładu przedstawię krótko OWASP Top 10 w wydaniu dla programistów, czyli "Top 10 Proactive Controls" a więc najważniejsze zalecenia pozwalające na uniknięcie kluczowych błędów bezpieczeństwa.

Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls

SecuRing

An Introduction to WSO2 Microservices Framework for Java

Sagara Gunathunga

any organizations today are leveraging microservices architecture (MSA) which is becoming increasingly popular because of its many potential advantages. This webinar introduces WSO2 Microservices Framework for Java (MSF4J), which provides the necessary framework and tooling to build an MSA solution. During this webinar, Sagara will Introduce WSO2 MSF4J programming model and deployment options Discuss the key strengths and performance measures of WSO2 MSF4J over other frameworks Demonstrate security, analytics and service discovery Highlight tooling, Swagger support and its seamless integration with rest of the platform

Effective DevSecOps

Pawel Krawczyk

- Modern web application frameworks have powerful security features built-in like template escaping, database abstraction, session management, and authentication that help prevent vulnerabilities like XSS and SQL injection. These features are standard, well-tested, and usually more robust than custom code. - Libraries and dependencies make up a large portion of modern applications. It is important to keep dependencies up-to-date with security patches and be careful about dependencies from untrusted sources like some examples on StackOverflow. - Different security scanners like SAST, DAST, and IAST scan applications in different ways and at different stages, but an important factor is how well they understand the specific programming languages, frameworks, and technologies used in the application being

Building Services with WSO2 Microservices framework for Java and WSO2 AS

Kasun Gajasinghe

This document provides an overview of building microservices with WSO2 technologies. It introduces microservices architecture and the WSO2 Microservices Framework for Java (MSF4J). MSF4J allows developing microservices using Java annotations in a lightweight and high-performance way. The document demonstrates hands-on examples of creating microservices with MSF4J and deploying them to Kubernetes. It also discusses the current and future state of the WSO2 Application Server, including its integration with other WSO2 products.

Application Monitoring with WSO2 App Server

Sagara Gunathunga

This document discusses application monitoring with WSO2 Application Server. It describes the key components of application monitoring including message capturing, publishing, storing, analysis, and presentation. It provides details on how application monitoring is implemented at both the container and application levels in WSO2 Application Server using techniques like servlet filters. The architecture of application monitoring in WSO2 is also shown, and the WSO2 Business Activity Monitor dashboard is discussed for visualizing monitoring data.

Owasptunisiawebday2011 120112072523-phpapp02

Abwebnet

This document summarizes the Open Web Application Security Project (OWASP). It describes OWASP as an international non-profit organization that produces open-source documentation, standards, and tools related to web application security. It provides an overview of OWASP's governance structure, initiatives like the Top 10 project, tools for different phases of the secure software development lifecycle, and chapters around the world.

Similar to LF_APIStrat17_Keep Your Swagger On (20)

AppSec & OWASP Top 10 Primer

Server Side JavaScript on the JVM - Project Avatar - QCon London March 2014

WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business

WSO2 AppDev platform

Next-generation JavaScript - OpenSlava 2014

AUTH - SEAF

Running an app sec program with OWASP projects_ Defcon AppSec Village

OISC 2019 - The OWASP Top 10 & AppSec Primer

Owasp london training course 2010 - Matteo Meucci

we45 DEFCON Workshop - Building AppSec Automation with Python

Server Side JavaScript on the Java Platform - David Delabassee

Securing your web applications a pragmatic approach

Extend soa with api management spoug- Madrid

Ten Commandments of Secure Coding

Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls

An Introduction to WSO2 Microservices Framework for Java

Effective DevSecOps

Building Services with WSO2 Microservices framework for Java and WSO2 AS

Application Monitoring with WSO2 App Server

Owasptunisiawebday2011 120112072523-phpapp02

More from LF_APIStrat

LF_APIStrat17_OWASP’s Latest Category: API Underprotection

LF_APIStrat

OWASP’s 2017 top ten adds a new category called 'underprotected APIs', reflecting the growth of RESTful Web APIs and richer front-end clients which stress current security and access authorization approaches. You’ll learn about potential threats resulting from undersecured Web APIs and techniques to strengthen your API security posture. You'll gain a clear understanding of user authorization via OAuth2, software authorization via static API keys and the critical interplay between them. Of particular concern are mobile API consumers whose code is statically published with secrets which are often poorly concealed. Practical advice with code examples will show how to improve mobile API security. TLS is necessary but insufficient to fully secure client-server communications. Certificate pinning is explained with code examples to show how to strengthen channel communications. Some advanced techniques will be discussed such as app hardening, white box cryptography and mobile app attestation. You should gain a good understanding of the underprotected API problem, with some immediately practical tips to improve your API security posture and a sense of emerging tools and technologies that enable a significant step change in API security.

LF_APIStrat17_Creating Communication Applications using the Asterisk RESTFul ...

LF_APIStrat

The document provides an overview of the Asterisk RESTful Interface (ARI) and demonstrates how to build communication applications using ARI. It discusses the history and purpose of ARI and compares it to other Asterisk APIs like AGI and AMI. The document then demonstrates connecting to ARI via a WebSocket connection to receive events and making REST requests to play audio on a channel. It provides examples of the resources and categories available in the ARI specification.

LF_APIStrat17_Super-Powered REST API Testing

LF_APIStrat

Let's talk testing. You know you should do it, but you probably don't enjoy it very much. I'll try to change your mind about that by showing you just how easy – and fun – it can be to test REST APIs. Whether you prefer the command line, a text editor, or a GUI, I'll show you tools that will fit nicely into your workflow. In this workshop, you'll get hands-on experience with multiple API testing tools. We'll test the same API in each tool to compare the differences between them, including features, limitations, and ease of use. So bring your laptop, or just watch me. Either way, I'll send you home with sample code, working demos, and a better understanding of API testing.

LF_APIStrat17_How Mature are You? A Developer Experience Maturity Model

LF_APIStrat

How confident are you that your developer experience matches the expectations of your customers? How can you judge if you’re providing an adequate or best-in-class experience? What about your competition? How do you compare? We had the same questions at Arity, and so developed a maturity model for API programs. Based on a year of user testing with developers, this model covers categories such as support and documentation. This maturity model helps you focus your time and effort on the areas that will provide the greatest value for your customers. It’s a way to distill all the elements of the developer experience into an easily consumable document to give to stakeholders, helping you explain why the things you do as a manager of the developer community translate to increased sales for your organization. We’ll go through the model together so you can score your company’s program. You’ll leave the session with a score and roadmap of how this can help you influence your stakeholders.

LF_APIStrat17_Connect Your RESTful API to Hundreds of Others in Minutes (Zapi...

LF_APIStrat

You may have seen the articles or blog posts claiming something outrageous like how you can connect to hundreds of other Apps and enable thousands of use cases within a few hours of development. They’re true. In this workshop, the Left Hook team will walk you through how to connect your App to hundreds of others on Zapier’s platform in a matter of minutes. There are a few big asterisks to achieve this speed: 1) Your API needs to be RESTful using either API token or OAuth2.0; 2) You’ll need to choose only a few basic use cases; 3) You need to be comfortable in a Node.js environment; 4) You need to be comfortable using a CLI tool.

LF_APIStrat17_Things I Wish People Told Me About Writing Docs

LF_APIStrat

"Have you ever read a piece of API documentation and thought it was a mess? Maybe it was incomplete, badly organized, or in general just not great. There’s a good chance it was quickly thrown together by someone who had no idea what they were doing. In this talk, we will discuss the things Taylor wished she knew before starting to dive into the world of writing docs and developer focused content. We will discuss how people actually read documentation, different types of docs and when they are appropriate, and docs navigation techniques using design principles. Also, we will learn more about the importance of focusing on language, including why naming matters and error messages as a form of documentation. Lastly, we will talk about tools and tactics to enable other team members to write documentation."

LF_APIStrat17_Lifting Legacy to the Cloud on API Boosters

LF_APIStrat

Congratulations, you have a project to migrate a large legacy software system to the cloud. Also it needs some updates and the clients have a whole list of feature requests. Are you experiencing feelings of dread or exciting visions of the possibilities? The good news is that it can and should be the latter. The Open API ecosystem makes it easier than ever to take on a project like this and be successful. In this talk Seth will introduce his team’s ongoing migration project as a case study. He will discuss the primary benefits of open APIs as part of the migration and how they contribute to velocity, visibility, team focus, and feature development. He will examine strategies for identifying APIs, validating APIs, and integrating APIs into a legacy migration project. He will then discuss the layers of a legacy application that APIs can be used to address (hint: more than you may think).

LF_APIStrat17_Contract-first API Development: A Case Study in Parallel API Pu...

LF_APIStrat

The idea of designing an API first, then having both the publishing developer teams and consuming client developer teams do their work in parallel is a pattern that the standards & tooling of the Open API ecosystem make worth considering. However, this approach is not without its challenges especially when it comes to governance and communication. This session will present a real-world case study where this approach was executed successfully, going over how the work, teams, and deliverables were structured and presenting lessons learned that will be useful to anyone else considering this working model.

LF_APIStrat17_Don't Repeat Yourself - Your API is Your Documentation

LF_APIStrat

"If you find yourself maintaining a set of documents explaining the use of your API, you haven't finished it's design yet. This talk will compare various strategies with examples, while discussing ways to determine the most appropriate method for your API. We will explore OAS (Swagger), Json-LD, Schema.org, HAL, Hydra, Siren, Semantic profiles, and other formats while comparing their relative strengths and weaknesses. After these options, we will arm you with a series of questions which direct you to the appropriate tool for your API. Discover how you can save considerable time and headaches by incorporating a self documenting method in your API design."

LF_APIStrat17_How We Doubled the Velocity of Our Developer Experience Team

LF_APIStrat

We ruthlessly prioritize everything we do and automate away anything we have to do more than a couple times. This has helped the SendGrid DX team to maintain libraries for 7 different programming languages and their github communities with a single engineer. We challenge ourselves to always be working on the highest impact items for our users. Our goals are to maintain engagement with our developer community, manage our libraries at the highest possible level, all while sustaining our lean team.

LF_APIStrat17_API Marketing: First Comes Usability, then Discoverability

LF_APIStrat

This document discusses strategies for increasing API discoverability and developer onboarding. It recommends focusing first on usability by improving documentation, API definitions, and developer portals. It also stresses the importance of visibility strategies like SEO, metadata standards, and profiling APIs in directories. Finally, it highlights advocacy approaches like evangelism, community building, and thought leadership content to promote APIs. The overall message is that a balanced approach across usability, visibility, and advocacy is key to making APIs discoverable and attracting developers.

LF_APIStrat17_Standing Taller with Technology: APIs, IoT, and the Digital Wor...

LF_APIStrat

How can we extend everyone's technological reach, no matter where they're starting from? How can IT become a platform that lets everyone stand taller? I'll talk about the critical role APIs play in creating more digital workforces. As organizations spend billions on various digital transformation efforts, they need to empower more of their people, not just developers and IT staff, to understand and interact with their data and technologies through APIs. The key is providing tools to people that make APIs more accessible to more people. APIs enable all sorts of combinations and linkages between data and technologies, and giving people streamlined access to APIs enables them to combine and extend their own expertise in innovative ways. Illustrative examples from working in IoT and APIs include academic research projects in many disciplines and business implementations across industries.

LF_APIStrat17_REST API Microversions

LF_APIStrat

The document discusses versioning challenges for open source services deployed across multiple cloud platforms. It describes typical REST API versioning that works for single vendors but breaks down when different teams develop and deploy the software. The document introduces the concept of microversions to allow incremental feature updates while maintaining backwards compatibility. It also questions how to manage raising minimum versions and backwards compatibility over time.

LF_APIStrat17_I Believe You But My Enterprise Don't: Adopting Open Standards ...

LF_APIStrat

To many of us in the API community, open standards seem like a no-brainer: they promote interoperability, extensibility, and longevity, all while helping you reap the benefits of being part of a larger ecosystem. These benefits include greater and more rapid adoption by developers and being in sync with and a contributor to best practices. But what happens when the clients consuming your APIs are enterprise healthcare companies, whose teams will develop integrations with your APIs regardless of best practices and who want things done their way rather than the open standard way? This talk draws on the speaker’s experiences integrating with enterprise healthcare systems to illustrate the value of projects such as the Open API Specification, open data model standards (e.g. Open Referral), and hypermedia formats, and how to communicate these benefits to reluctant enterprise clients.

LF_APIStrat17_Case Study: Cold Decision Trees

LF_APIStrat

Disclaimer: This talk is about the models, processes, and algorithms that power machine learning APIs rather than about the API itself. Machine learning is fast becoming ubiquitous, from large enterprises to small startups. In this talk, we’ll embark on a journey with a small risk management startup, and we’ll talk about how snowflakes & trees and chickens & eggs came together to help the startup implement its own flavor of machine learning. This is the story of the cold decision tree and how it solved the cold start problem.

LF_APIStrat17_Getting Your API House In Order

LF_APIStrat

"Is your organization getting maximum impact from the technical talent and API experience that you already have? What is stopping you from turning that potential into results? Ryan will share some of the steps that that GSA is taking in implementing an agency-wide API Strategy. Early successes include publishing API Standards, reviving an internal API Working Group, and creating an API documentation template and reference prototype API. Learn about the journey that GSA is on, and how you can apply similar strategies across your organization."

LF_APIStrat17_Diving Deep into the API Ocean with Open Source Deep Learning T...

LF_APIStrat

"The world is full of seas of data. Some of these seas are created and exchanged by APIs; some of them are even about APIs. Since 2014, APImetrics has accumulated over 100 GB of data on API test calls made to over 5000 API endpoints by agents deployed in cloud locations on 5 continents. There's a huge amount of insight trapped at the bottom of that sea of (in our case unlabelled) data. Getting at it would've been nearly impossible before the emergence of powerful open source deep learning libraries in the mid-2010s. APImetrics will share how we chose a deep learning library and the data munging we did to get our data to work with the library. We will explain how we were able carry out unsupervised and semi-supervised learning and discuss the insights on global API performance and quality we were able to dredge from the bottom of our sea of data. We'll provide pointers on how organizations, from startups like APImetrics to megacorporations, can use deep learning to create oceans of knowledge from their own seas of data."

LF_APIStrat17_Supporting SDKs in 7 Different Programming Languages While Main...

LF_APIStrat

Many companies that provide an API also include SDKs. In this talk, learn from SendGrid’s Developer Experience Engineer, Elmer Thomas about how he re-built their 7 open source SDKs (Python, PHP, C#, Ruby, Node.js, Java and Go) to support 233 API endpoints. This tale involves automated integration test creation and execution with a Swagger/OAI powered mock API server, documentation, code, examples, CLAs, backlogs and sending out swag along with some insights on what should not be automated, like HTTP clients. He will dig into the technologies that made these automations possible along with lessons learned from the various programming communities.

LF_APIStrat17_Open Data vs. the World

LF_APIStrat

"Despite open data's potential to change the world, it seems that developers and open data providers are constantly in an uphill battle to make open data not only available, but usable and actively used. The obstacles facing open data’s growth and adoption vary from technical infrastructure concerns, including maintenance, APIs, open data formats, to societal ones, including the ethical and security challenges of open data and the political climate shift in some countries causing antagonism towards open data. In this talk, Shelby Switzer will dive into the origins and current state of open data globally and in the US, using concrete stories to illustrate the value of open data and its potential impact on our communities, governments, and businesses. She will explore the challenges facing the open data ecosystem, and discuss how key open source projects and standards, including Open API, have the potential to be instrumental in changing the game and positively impacting the open data movement."

LF_APIStrat17_Practical DevSecOps for APIs

LF_APIStrat

In DevSecOps “shift left” applies to application security too: developers should commit to provide API security at the earliest stages of development. In this session, Isabelle will propose an innovative strategy to address API security, in which developers collaborate with security teams and bring their business knowledge of the APIs to: 1/ Assess the API risk in terms of data and operation sensitivity 2/ Specify the input/output data formats 3/ Describe the application flow logic From the data gathered previously, tools can then generate automatically the appropriate security policies, respecting the rules set by the security teams. Isabelle will also explain how the CI/CD pipeline can leverage a containerized PEP (Policy Enforcement Point) in the different testing / QA / Pre-Production / Production environments.

More from LF_APIStrat (20)

LF_APIStrat17_OWASP’s Latest Category: API Underprotection

LF_APIStrat17_Creating Communication Applications using the Asterisk RESTFul ...

LF_APIStrat17_Super-Powered REST API Testing

LF_APIStrat17_How Mature are You? A Developer Experience Maturity Model

LF_APIStrat17_Connect Your RESTful API to Hundreds of Others in Minutes (Zapi...

LF_APIStrat17_Things I Wish People Told Me About Writing Docs

LF_APIStrat17_Lifting Legacy to the Cloud on API Boosters

LF_APIStrat17_Contract-first API Development: A Case Study in Parallel API Pu...

LF_APIStrat17_Don't Repeat Yourself - Your API is Your Documentation

LF_APIStrat17_How We Doubled the Velocity of Our Developer Experience Team

LF_APIStrat17_API Marketing: First Comes Usability, then Discoverability

LF_APIStrat17_Standing Taller with Technology: APIs, IoT, and the Digital Wor...

LF_APIStrat17_REST API Microversions

LF_APIStrat17_I Believe You But My Enterprise Don't: Adopting Open Standards ...

LF_APIStrat17_Case Study: Cold Decision Trees

LF_APIStrat17_Getting Your API House In Order

LF_APIStrat17_Diving Deep into the API Ocean with Open Source Deep Learning T...

LF_APIStrat17_Supporting SDKs in 7 Different Programming Languages While Main...

LF_APIStrat17_Open Data vs. the World

LF_APIStrat17_Practical DevSecOps for APIs

Recently uploaded

Accelerating Migrations = Recommendations

isBullShit

"Hands-on development experience using wasm Blazor", Furdak Vladyslav.pptx

Fwdays

Keynote : AI & Future Of Offensive Security

Priyanka Aash

In the presentation, the focus is on the transformative impact of artificial intelligence (AI) in cybersecurity, particularly in the context of malware generation and adversarial attacks. AI promises to revolutionize the field by enabling scalable solutions to historically challenging problems such as continuous threat simulation, autonomous attack path generation, and the creation of sophisticated attack payloads. The discussions underscore how AI-powered tools like AI-based penetration testing can outpace traditional methods, enhancing security posture by efficiently identifying and mitigating vulnerabilities across complex attack surfaces. The use of AI in red teaming further amplifies these capabilities, allowing organizations to validate security controls effectively against diverse adversarial scenarios. These advancements not only streamline testing processes but also bolster defense strategies, ensuring readiness against evolving cyber threats.

UX Webinar Series: Aligning Authentication Experiences with Business Goals

FIDO Alliance

kk vathada _digital transformation frameworks_2024.pdf

KIRAN KV

I'm excited to share my latest presentation on digital transformation frameworks from industry leaders like PwC, Cognizant, Gartner, McKinsey, Capgemini, MIT, and DXO. These frameworks are crucial for driving innovation and success in today's digital age. Whether you're a consultant, director, or head of digital transformation, these insights are tailored to help you lead your organization to new heights. 🔍 Featured Frameworks: PwC's Framework: Grounded in Industry 4.0 with a focus on data and analytics, and digitizing product and service offerings. Cognizant's Framework: Enhancing customer experience, incorporating new pricing models, and leveraging customer insights. Gartner's Framework: Emphasizing shared understanding, leadership, and support teams for digital excellence. McKinsey's 4D Framework: Discover, Design, Deliver, and De-risk to navigate digital change effectively. Capgemini's Framework: Focus on customer experience, operational excellence, and business model innovation. MIT’s Framework: Customer experience, operational processes, business models, digital capabilities, and leadership culture. DXO's Framework: Business model innovation, digital customer experience, and digital organization & process transformation.

CheckPoint Firewall Presentation CCSA.pdf

ssuser137992

LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf

SelfMade bd

Choosing the Best Outlook OST to PST Converter: Key Features and Considerations

webbyacad software

When looking for a good software utility to convert Outlook OST files to PST format, it is important to find one that is easy to use and has useful features. WebbyAcad OST to PST Converter Tool is a great choice because it is simple to use for anyone, whether you are tech-savvy or not. It can smoothly change your files to PST while keeping all your data safe and secure. Plus, it can handle large amounts of data and convert multiple files at once, which can save you a lot of time. It even comes with 24*7 technical support assistance and a free trial, so you can try it out before making a decision. Whether you need to recover, move, or back up your data, Webbyacad OST to PST Converter is a reliable option that gives you all the support you need to manage your Outlook data effectively.

Mastering OnlyFans Clone App Development: Key Strategies for Success

David Wilson

Acumatica vs. Sage Intacct _Construction_July (1).pptx

BrainSell Technologies

Latest Tech Trends Series 2024 By EY India

EYIndia1

Stay ahead of the curve with our comprehensive Tech Trends Series! Explore the latest technology trends shaping the world today, from the 2024 Tech Trends report and top emerging technologies to their impact on business technology trends. This series delves into the most significant technological advancements, giving you insights into both established and emerging tech trends that will revolutionize various industries.

It's your unstructured data: How to get your GenAI app to production (and spe...

Zilliz

So you've successfully built a GenAI app POC for your company -- now comes the hard part: bringing it to production. Aparavi addresses the challenges of AI projects while addressing data privacy and PII. Our Service for RAG helps AI developers and data scientists to scale their app to 1000s to millions of users using corporate unstructured data. Aparavi’s AI Data Loader cleans, prepares and then loads only the relevant unstructured data for each AI project/app, enabling you to operationalize the creation of GenAI apps easily and accurately while giving you the time to focus on what you really want to do - building a great AI application with useful and relevant context. All within your environment and never having to share private corporate data with anyone - not even Aparavi.

Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...

Snarky Security

How wonderful it is that in our modern age, every bit of our biological data can be digitized, stored, and potentially pilfered by cyber thieves! Isn't it just splendid to think that while scientists are busy pushing the boundaries of biotechnology, hackers could be plotting the next big bio-data heist? This delightful scenario is brought to you by the ever-expanding digital landscape of biology and biotechnology, where the integration of computer science, engineering, and data science transforms our understanding and manipulation of biological systems. While the fusion of technology and biology offers immense benefits, it also necessitates a careful consideration of the ethical, security, and associated social implications. But let's be honest, in the grand scheme of things, what's a little risk compared to potential scientific achievements? After all, progress in biotechnology waits for no one, and we're just along for the ride in this thrilling, slightly terrifying, adventure. So, as we continue to navigate this complex landscape, let's not forget the importance of robust data protection measures and collaborative international efforts to safeguard sensitive biological information. After all, what could possibly go wrong? ------------------------- This document provides a comprehensive analysis of the security implications biological data use. The analysis explores various aspects of biological data security, including the vulnerabilities associated with data access, the potential for misuse by state and non-state actors, and the implications for national and transnational security. Key aspects considered include the impact of technological advancements on data security, the role of international policies in data governance, and the strategies for mitigating risks associated with unauthorized data access. This view offers valuable insights for security professionals, policymakers, and industry leaders across various sectors, highlighting the importance of robust data protection measures and collaborative international efforts to safeguard sensitive biological information. The analysis serves as a crucial resource for understanding the complex dynamics at the intersection of biotechnology and security, providing actionable recommendations to enhance biosecurity in an digital and interconnected world. The evolving landscape of biology and biotechnology, significantly influenced by advancements in computer science, engineering, and data science, is reshaping our understanding and manipulation of biological systems. The integration of these disciplines has led to the development of fields such as computational biology and synthetic biology, which utilize computational power and engineering principles to solve complex biological problems and innovate new biotechnological applications. This interdisciplinary approach has not only accelerated research and development but also introduced new capabilities such as gene editing and biomanufact

The History of Embeddings & Multimodal Embeddings

Zilliz

Keynote : Presentation on SASE Technology

Priyanka Aash

Secure Access Service Edge (SASE) solutions are revolutionizing enterprise networks by integrating SD-WAN with comprehensive security services. Traditionally, enterprises managed multiple point solutions for network and security needs, leading to complexity and resource-intensive operations. SASE, as defined by Gartner, consolidates these functions into a unified cloud-based service, offering SD-WAN capabilities alongside advanced security features like secure web gateways, CASB, and remote browser isolation. This convergence not only simplifies management but also enhances security posture and application performance across global networks and cloud environments. Discover how adopting SASE can streamline operations and fortify your enterprise's digital transformation strategy.

Camunda Chapter NY Meetup July 2024.pptx

ZachWylie3

Demystifying Neural Networks And Building Cybersecurity Applications

Priyanka Aash

In today's rapidly evolving technological landscape, Artificial Neural Networks (ANNs) have emerged as a cornerstone of artificial intelligence, revolutionizing various fields including cybersecurity. Inspired by the intricacies of the human brain, ANNs have a rich history and a complex structure that enables them to learn and make decisions. This blog aims to unravel the mysteries of neural networks, explore their mathematical foundations, and demonstrate their practical applications, particularly in building robust malware detection systems using Convolutional Neural Networks (CNNs).

Finetuning GenAI For Hacking and Defending

Priyanka Aash

Generative AI, particularly through the lens of large language models (LLMs), represents a transformative leap in artificial intelligence. With advancements that have fundamentally altered our approach to AI, understanding and leveraging these technologies is crucial for innovators and practitioners alike. This comprehensive exploration delves into the intricacies of GenAI, from its foundational principles and historical evolution to its practical applications in security and beyond.

Discovery Series - Zero to Hero - Task Mining Session 1

DianaGray10

Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making

DianaGray10

The power of Snowflake analytics enables CRM systems to improve operational efficiency, while gaining deeper insights into closed/won opportunities. In this webinar, learn how infusing Snowflake into your CRM can quickly provide analysis for sales wins by region, product, customer segmentation, customer lifecycle—and more! Using prebuilt connectors, we’ll show how workflows using Snowflake, Salesforce, and Zendesk tickets can significantly impact future sales.

Recently uploaded (20)

Accelerating Migrations = Recommendations

"Hands-on development experience using wasm Blazor", Furdak Vladyslav.pptx

Keynote : AI & Future Of Offensive Security

UX Webinar Series: Aligning Authentication Experiences with Business Goals

kk vathada _digital transformation frameworks_2024.pdf

CheckPoint Firewall Presentation CCSA.pdf

LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf

Choosing the Best Outlook OST to PST Converter: Key Features and Considerations

Mastering OnlyFans Clone App Development: Key Strategies for Success

Acumatica vs. Sage Intacct _Construction_July (1).pptx

Latest Tech Trends Series 2024 By EY India

It's your unstructured data: How to get your GenAI app to production (and spe...

Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...

The History of Embeddings & Multimodal Embeddings

Keynote : Presentation on SASE Technology

Camunda Chapter NY Meetup July 2024.pptx

Demystifying Neural Networks And Building Cybersecurity Applications

Finetuning GenAI For Hacking and Defending

Discovery Series - Zero to Hero - Task Mining Session 1

Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making

LF_APIStrat17_Keep Your Swagger On

1. Keep Your Swagger On Ron Ratovsky (@webron)

2. Swagger is… -An open source toolset -Covering portions of the API lifecycle -Supports both code-first and design-first approaches -Focused around the OpenAPISpecification Swagger is not… The OpenAPISpecification

3. Driving the API Lifecycle with OAS Design Implementation Testing Mocking Documentation Virtualization Deployment / Runtime Clients Security, Usage policies, Monitoring, Caching, etc Developer portals, Code samples, User guides, etc. Functional / Runtime simulations Functional, Security, Load, Compliance, etc. Generated server code/artifacts Prototyping Generated client libraries Object reuse, linking, Callbacks, etc.

4. The Swagger Projects 1. Swagger-core 2. Swagger-parser 3. Swagger-inflector 4. Swagger-codegen 5. Validator-badge 6. Swagger-converter 7. Swagger-js 8. Swagger-ui 9. Swagger-editor 10. Swagger-node 11. …

5. - Code-first approach - Java JAX-RS - Basis for other projects (annotations, models) - OAS3 (swagger-core 2.0): - Rewrite of annotations and models - Cleanup of set up process - Built to co-exist with 1.5 - Support utility for deserializingOpenAPIdocuments - Depends on Swagger-core’s models. - OAS3 (swagger-parser 2.0): - Convert previous versions to 3.0 - Provides 3.0 validation - More customizable with options Swagger-core Swagger-parser

6. - Design-first approach - Java JAX-RS (Jersey) - Depends on Swagger-parser - OAS3 (swagger-inflector 2.0): - Modified for OAS3 support (*) - Plans to co-exist with OAS2 support - Improved mocking capabilities - Client/Server generation - Depends on Swagger-parser - Available as a library, CLI and a service - WIP Changes (swagger-codegen3.0): - Support for 3.0 versions and older (through conversion) - Moving to handlebars - Improved CLI - Breaking out the templates - And more… Swagger-inflector Swagger-codegen

7. - Definition validation - Runs as a service - Depends on Swagger-parser - OAS3 (validator-badge 2.0): - Modified for OAS3 support (*) - Plans to co-exist with OAS2 support - New and improved API - OAS2àOAS3 conversion - Runs as a service - Depends on Swagger-parser - WIP (swagger-converter 1.0): - Pushing out the first version Validator-badge Swagger-converter

8. - Parser, resolver, client - Was recently written from scratch (prior to OAS3) - OAS3 (swagger-client 3.X): - Parse and resolve OAS3 documents - Client functionality partially implemented, still WIP. - Visualization - Depends on Swagger-js - Uses the Validator-badge - Swagger-UI 3.X: - Was recently written from scratch - Provides easier customization - Improved performance and visuals - OAS3: - Support for rendering OAS3 documents (*) - Exciting plans for links - Sandbox functionality is still WIP Swagger-js Swagger-UI

9. - OAS IDE - Depends on Swagger-UI - Uses Swagger-codegen - Swagger-Editor 3.X: - Was recently written from scratch - Provides easier customization - Improved auto-suggest - Improved validation - OAS3: - Supports OAS3 completion - OAS3 structural validation - Semantic validation is WIP - Design-first approach - Plans: - Provide support for OAS3 based on swagger-js - Break the dependency on Editor/UI - Implement similar features to Swagger- Inflector Swagger-Editor Swagger-node

10. It’s Demo Time!

11. Thank you! http://swagger.io https://github.com/swagger-api @SwaggerAPI Visit us at the booth to hear more about Swagger and SwaggerHub

LF_APIStrat17_Keep Your Swagger On

More Related Content

Similar to LF_APIStrat17_Keep Your Swagger On

Similar to LF_APIStrat17_Keep Your Swagger On (20)

More from LF_APIStrat

More from LF_APIStrat (20)

Recently uploaded

Recently uploaded (20)

LF_APIStrat17_Keep Your Swagger On