REST, SOAP, GraphQL: API Security and Go(lang)

So you're building an API? Have you thought about how you're going to secure it to keep the data of your users safe?

It doesn't matter if it is REST, SOAP, or something modern like GraphQL, security is often overlooked or an after-thought during development. Do you encrypt your data in the database and if so, which data should be encrypted? Do you limit who has access to the data through API endpoints and query-able fields and if so, are you using something like JSON Web Tokens (JWT), OAuth, or something else? There's a lot to consider for API security, far beyond the points listed here.

**Disclaimer:** This talk does not reflect the views of my current or previous employer(s) and there is no affiliation with them either. These are on my own!

[Speaker]

Alain Mbuku - Senior Security Engineer at CircleCI

[About the Speaker]

My name is Alain Mbuku, Senior Security Engineer at CircleCI as part of the Security Operations Engineering.

Fun fact, I am fluent in five (5) languages and I've often been asked in what language do I think. Well, that depends on the situation, but it's fun because sometimes I can start speaking in English and finish the sentence in French or Swahili.

[Basic Information]

Due to COVID-19 and everyone's personal safety, we're making this event an online stream through YouTube. You don't need an account to watch the stream, but you'll need one to participate in the chat. Creating an account doesn't cost anything and it will add warmth to the event.