diff --git a/docs/class4/module2/lab1/lab1.rst b/docs/class4/module2/lab1/lab1.rst index 126a8fe..c30b577 100644 --- a/docs/class4/module2/lab1/lab1.rst +++ b/docs/class4/module2/lab1/lab1.rst @@ -1,10 +1,62 @@ -Enable API discovery -==================== +Enable API Validation +===================== -Enable Endpoint Discovery -------------------------- +In the previous section, we enabled AOU Protection. API Protection is based on rules (allow, deny), but API Validation goes deeper into the validation. +API Validation validates the requests and the responses, but also the content (JSON payload) based on the OpenAPI Specifications. -Enable PII Discovery --------------------- +As a reminder, this is the difference between Protection and API Validation. + +.. image:: ../pictures/slide-api-protection.png + :align: center + :scale: 40% + +.. note:: As an example, API Validation validates if the value of a JSON key matches the specifications (integer, string, array ...) + +Example below + +.. code-block:: YAML + :emphasize-lines: 24, 36, 38 + + /adjectives: + get: + description: List all adjectives + tags: + - adjectives + responses: + '200': + description: a list of adjectives with their index + content: + application/json: + schema: + $ref: "#/components/schemas/Adjectives" + post: + description: create an adjective + tags: + - adjectives + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + example: + name: worried + responses: + '201': + description: adjective created + content: + application/json: + schema: + type: object + properties: + id: + type: integer + name: + type: string + example: + id: 4 + name: worried diff --git a/docs/class4/module2/lab2/lab2.rst b/docs/class4/module2/lab2/lab2.rst index 95e141c..126a8fe 100644 --- a/docs/class4/module2/lab2/lab2.rst +++ b/docs/class4/module2/lab2/lab2.rst @@ -1,18 +1,10 @@ -API Discovery outcomes -====================== +Enable API discovery +==================== -Endpoint Discovery ------------------- +Enable Endpoint Discovery +------------------------- -PII Discovery -------------- +Enable PII Discovery +-------------------- - - -Authentication Discovery ------------------------- - - -AI/ML Security Posture ----------------------- \ No newline at end of file diff --git a/docs/class4/module2/lab3/lab3.rst b/docs/class4/module2/lab3/lab3.rst new file mode 100644 index 0000000..95e141c --- /dev/null +++ b/docs/class4/module2/lab3/lab3.rst @@ -0,0 +1,18 @@ +API Discovery outcomes +====================== + +Endpoint Discovery +------------------ + + +PII Discovery +------------- + + + +Authentication Discovery +------------------------ + + +AI/ML Security Posture +---------------------- \ No newline at end of file diff --git a/docs/class4/module2/module2.rst b/docs/class4/module2/module2.rst index 2bc3786..13c5e25 100644 --- a/docs/class4/module2/module2.rst +++ b/docs/class4/module2/module2.rst @@ -1,7 +1,7 @@ Dynamic API Protection ###################### -In this section, we will protect the same modern application with F5 Distributed Cloud, but we will enable the **dynamic** protection where SecOps apply the API Discovery and validation. +In this section, we will protect the same modern application with F5 Distributed Cloud, but we will enable the **dynamic** protection where SecOps apply the API Discovery and Validation. **Module 2 - All sections** diff --git a/docs/class4/module2/pictures/slide-api-protection.png b/docs/class4/module2/pictures/slide-api-protection.png new file mode 100644 index 0000000..b851124 Binary files /dev/null and b/docs/class4/module2/pictures/slide-api-protection.png differ