Upload File

case study: aaramshop—top five lessons learned about accelerating e-commerce with data and apis

  • Home
  • Technology
  • Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs
28
World ® ’1 6 Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs Jin Zhang - Founder - Forty2.io Scott Morrison - Distinguished Engineer - CA Technologies DO3X15S DEVOPS

Upload: ca-technologies

Post on 10-Jan-2017

48 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

World®’16

CaseStudy:Aaramshop—TopFiveLessonsLearnedAboutAcceleratingE-CommerceWithDataandAPIsJin Zhang- Founder- Forty2.ioScottMorrison- DistinguishedEngineer- CATechnologies

DO3X15S

DEVOPS

Page 2: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

Page 3: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract

Aaramshop isanonlinestorethatpromoteslocalandorganicsupplies.Intheone-yearjourneysinceCAWorld2015,Forty2.io,aCAAccelerator,hasworkedcloselywithAaramshop toidentifybusinessgrowthopportunities.Thetwoalsocollaboratedtoalertwebapplicationbottlenecksandtoprotectwebresources,includingAPIs.Allofthesearefueledbydata-drivenpredictionandprescription,includingpatternrecognition,anomalydetection,automaticshieldagainstAPIhijacking,scalingandabuse.Inthissession,wesharelessonslearnedabouthowyourbusinesscantrulybenefitfromdataandAPIs.

ScottMorrisonCATechnologiesDistinguishedEngineer

JinZhangForty2.ioFounder

Page 4: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Agenda

AARAMSHOPANDFORTY2.IO

5LESSONSLEARNED

WHATWEAREEXPLORINGNEXT

1

2

3

Page 5: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

AboutCAAccelerator

“Enterprisestartups”

CA’sinnovationengine

Visitca.com/accelerator

Page 6: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

FocusonOrganicProductInnovation

§ Listentocustomers

§ USEastandWestincubation

§ Failfast– andsafe

§ Freshblood

§ Reviewprocess,justlikeventurecapitalistsJ

§ Forty2.ioisoneoftheincubationprojects

Page 7: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

DigitalTransformation

Creatingsomethingnew—newmarkets,newproductsandnewareasofgrowthandrevenues.

=OpportunitiesforCompaniesThatEmbraceIt

Companieswhoarenotembracing thischangearequicklybecomingirrelevantandwilllikelynolongerplayasignificantroleinthenext5–10years.

Page 8: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Protectionofrevenue,brandanddata

MaximizationofITutilization:costsavings,abilitytoservemoretocustomers

Increaseofproductivity:abilitytoidentifyrisksandtheftsquicker

ASolution:forty2.io

forty2.io isananalyticsdrivenappwhichprotectsdigitalbusinesseswithoneclickresolution:

Page 9: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Aaramshop

§ AimingtobetheUberforgrocers

§ Aplatformconnectinglocalgrocersandconsumers

§ Fresh,easy,local,relationship-based

§ MobileappcampaignfollowingDiwaliseason

Page 10: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

OurLearningandDiscovery

GrowthOpportunity CustomerExperience GTMChannel

Page 11: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ThreeInitialDiscoveries– GrowthOpportunity

Page 12: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ThreeInitialDiscoveries– CustomerExperience

Page 13: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ThreeInitialDiscoveries– GTMChannel

Page 14: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhatWeAreExploringNext

§ Singlepaneofglass

§ Moregrowthopportunity

§ APIProtection– APIHijacking– ScriptInsertion– SQLInjection

Page 15: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

APIsAreBasedontheArchitectureoftheWebSocanwejustre-useourwebsecuritystrategies?

Weneedtobewaryofbadwebdevelopmentpracticesmigratingto

APIs…

APIDevelopment!=WebDevelopment

Page 16: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TraditionalWebAppsConstrainInteraction

HTTPServer

UsersBrowser App

ServerDatabase

Pages Objects RecordsRenderedView

ConstraintSpace

Firewall1 Firewall2

Page 17: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

APIsinContrastOfferaMoreDirectConduittoData

HTTPServer

AttackerBrowser App

ServerDatabase

Objects RecordsRenderedWebView

Often:• Self-documenting• Closelymappedtoobject

space,datastructure,etcAPIscanleakinformation

Page 18: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

APIsIncreaseAttackSurfaceHTTPServer

AttackerBrowser

AppServer Database

UsersBrowser

TraditionalWeb

APIs

GranularityBoundary

GranularityBoundary

Page 19: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

InsertionAttacksAreACommonAttackVector

Source:https://xkcd.com/327/

ExploitsofaMom

Insertionattacksarereallyaboutusingleveragingunconstrainedparameterstoexploitremoteprocessing

engines(bothserverorotherclients)

Page 20: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

SoAreMan-In-The-MiddleAttacks

HTTPServer

UsersApp App

ServerDatabase

Breechesin:• Integrity• Confidentiality

Page 21: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TheBestPracticeIsToUseAPIGatewaysForSecurity

APIGateway

UsersApps

TakesCareof:• Authentication• Authorization• Integrity• Confidentiality• Audit

• KeyManagement• IAMintegration• Parameterhygiene• Filtering• etc…

Directory

Page 22: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

APIMBringsAboutaPositive ShiftinResponsibility

Developers SecurityPros

Page 23: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Summary

CAAcceleratorsLeanStartup

AaramshopLearning

APIProtectionMitigationtipsSolverealproblem,fast

Page 24: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

RecommendedSessions

SESSION# TITLE DATE/TIME

SCX71STheanswerisForty2- HowAnalytics-backedBotMitigationHelpedInsillicum

11/16/2016at03:00pm

DO3T05S

CaseStudy:LG&E/KU—HowMobileApps,APIsWithMicroservices andCAAPIManagementareHelpingtoShapetheCompany’sFuture

11/16/2016at03:45pm

IET02TLeveragingMachineLearningtoProtectwebAppsfromCyber-attacks

11/17/2016at03:00pm

Page 25: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MustSeeDemos

APIInsightsCAAPIManagementDevOps– APIManagement

ProtectAPIs IntegrateIoTCAAPIManagementDevOps– APIManagement

LaunchFasterCAAPIManagementDevOps– APIManagement

Page 26: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Questions?

Page 27: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Thankyou.

Stayconnectedatcommunities.ca.com

Page 28: Case Study: Aaramshop—Top Five Lessons Learned About Accelerating E-Commerce With Data and APIs

28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

DevOps– APIManagementandApplicationDevelopment

FormoreinformationonDevOps– APIManagementandApplicationDevelopment,pleasevisit:http://cainc.to/DL8ozQ


Growth Hacking APIs (Nordic APIs conference 2014)

HTML Hypermedia APIs and Adaptive Web Design - Nordic APIs

APIs in the Enterprise -Lessons Learned

APIs and Restful APIs

The Forrester Wave™: Global API Strategy And Delivery ... · APi project can deliver value, true success with APis is a portfolio-level phenomenon, with value accelerating over

Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)

Accelerating Innovation with APIs: Social TV case study at Orange

Lessons Learned from Building Enterprise APIs (Gustaf Nyman)

1 Documents > J2SE APIs > J2EE APIsJ2SE APIsJ2EE APIs

Accelerating and Protecting APIs | Akamai · ACCELERATING AND PROTECTING APIs WITH AKAMAI ... For a deep dive into accelerating and securing your APIs, check out this …

KLASIFIKASI SAYAP LEBAH APIS CERANA DAN APIS …

Web APIs & Google APIs

APIs for Scripting - 2014 - Perforce · APIs for Scripting APIs for Scripting v Instance Methods ..... 32

Mediating Mature Services, ESBs and APIs: Lessons Learned from Five Years of API Management Implementation Success at Unum

Poetic APIs

Janus, or: How I Learned to Stop Worrying and Love WebRTC ...opensips.org/pub/events/2016-05-10_OpenSIPS-Summit_Amsterdam/... · WebRTC Standardization ... Modules and APIs What about

Brochure: Drug Development - Accelerating time to market · Active Pharmaceutical Ingredients (APIs), to the delivery and application characteristics of creams and ointments for product

Customer Case Studies on Accelerating Their Path to Hybrid ... · VMware Storage and vCenter Ø Virtual Volumes (VVOL) Ø VASA (vSphere Storage APIs for Storage Awareness) Ø Site

APICULTURA - eadgraduacaounitau.com.br · 1.4 Raças de Abelhas Apis mellifera ... Biologia de Apis mellifera Anatomia interna e externa de Apis mellifera Comportamento de Apis mellifera

Accelerating Search-Based Program Synthesis using Learned ...alur/PLDI18.pdfspecific languages; Programming by example; Keywords Synthesis, Domain-specific languages, Statisti-cal

Championing Nanotech Innovation: Lessons Learned Presented by Christine Peterson Vice President, Foresight Institute Accelerating Change 2004 November

Khronos Standard APIs for Accelerating Vision and Inferencing

Mobile APIs: Optimizing APIs for Many Devices

What I learned about APIs in my first year at Google

Accelerating Opportunity: Lessons Learned November 14, 2013 National College Transitions Network Effective Transitions Conference

Webhooks do's and dont's: what we learned after integrating +100 APIs

By Syed Muhammad Faraz Ali There are some lessons learned for accelerating the progress in achieving the Millennium development Goals: National

APIS DHS NCTC APIS Memorandum of Agreement (Redacted)

APIs in the Enterprise - Lessons Learned

Accelerating Application Programming Interfaces for ......May 28, 2020  · standards-based application programming interfaces (APIs). Put simply, an API is a software intermediary

Webhooks do's and dont's: what we learned after integrating +100 APIs - Giuliano Iacobelli - Codemotion Rome 2017

Www.powernoodle.com Accelerating Business Analysis Lessons Learned Process

Managing APIs and microservices - axway.com · axway.com 2 Understanding the business climate for APIs and microservices Businesses face an accelerating pace of change and technological

Accelerating Vegetable Productivity Improvement (AVPI) · 2018-12-11 · Accelerating Vegetable Productivity Improvement (AVPI) ANNUAL REPORT ... Drawing upon the lessons learned

Managing private, partner & public APIs (Nordic APIS April 2014)