Page 1416 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1416
If you’re interested in learning more about DevOps, the
authors highly recommend the book The Phoenix Project: A Novel
About IT, DevOps, and Helping Your Business Win by Gene Kim,
Kevin Behr, and George Spafford (IT Revolution Press, 2013). This
book presents the case for DevOps and shares DevOps strategies in
an entertaining, engaging novel form.
Application Programming Interfaces
Although early web applications were often stand-alone systems that
processed user requests and provided output, modern web
applications are much more complex. They often include interactions
between a number of different web services. For example, a retail
website might make use of an external credit card processing service,
allow users to share their purchases on social media, integrate with
shipping provider sites, and offer a referral program on other websites.
For these cross-site functions to work properly, the websites must
interact with each other. Many organizations offer application
programming interfaces (APIs) for this purpose. APIs allow
application developers to bypass traditional web pages and interact
directly with the underlying service through function calls. For
example, a social media API might include some of the following API
function calls:
Post status
Follow user
Unfollow user
Like/Favorite a post
Offering and using APIs creates tremendous opportunities for service
providers, but it also poses some security risks. Developers must be
aware of these challenges and address them when they create and use
APIs.
First, developers must consider authentication requirements. Some
