In my first blog on How to Protect Your Web Applications from OWASP Top Ten, I discussed both OWASP and the OWASP Top Ten project, as well as how a properly configured API management solution can protect you against the first five of these threats. In this blog we’ll complete the Top Ten. A6 Security…
Category: API Academy for All Roles
How To Protect Your Web Applications from OWASP Top Ten (part one)
The Open Web Application Security Project (OWASP) is a non-profit foundation that works the improve the security of software through open-source projects. One such project is outlining the ten most critical security concerns for application security, known as the OWASP Top Ten. This two-part blog will take a look at each of these, and how…
How to Identify Your Organization’s API Landscape
Your company provides a lot of APIs to both external and internal consumers. Your API landscape is every API you’ve built, plus those in the early stages of design and development. Before you can make decisions within this landscape—such as which APIs are working well, which may need to be shelved, and which may need…
Six Health Checks for Your API
Organizations of all sizes depend on APIs to decrease time to market, achieve business goals, and connect important systems. In order to count on those APIs, they need to stay operational. You’ll want to consider the six health checks in this post to prevent issues and other interruptions. The first four are related to the…
Continuous Monitoring for API Reliability
Anyone building APIs should know how well they perform. Without a view into your API reliability, you’ll be gambling that everything works as expected. API consumers—internal collaborators, partners, or other external developers—will discover if your API breaks and let you know about it. Continuous Monitoring can help you uncover these issues proactively. Developers that use…
API Virtualization for Robust Testing
Testing is an essential part of software development. It’s similarly an important part of the API lifecycle and it helps developers discover errors in their APIs before it even gets to production. One of the most effective methods to test production-grade APIs is through API virtualization. In this article, I’ll briefly explain the concept of…
How HTTP/2 & Protobuf Paved the Way for gRPC
with Raju Gurram In 2015, Google open-sourced a new RPC (remote procedure call) framework named gRPC. The fact that this was built and adopted by the company that has one of the largest (if not the largest) ecosystem of microservices should speak volumes about its efficacy. Google makes tens of billions of gRPC calls per…
Securing the Digital Record
Recently, I was chatting with a group of colleagues – we were all complaining about doctors and waiting rooms, etc. During the conversation, I mentioned something that I thought was pretty interesting. Being over 40 and blonde hair/blue eyed, AND having spent my teens and 20s soaking up the sun, I’m basically putting my dermatologist’s children through…
Modern API Description Formats
For many organizations, the days of undocumented APIs are mostly gone. There are now several formats used to describe APIs. These machine-readable files can be converted into documentation and even be used to test integrations. While there are several formats, the most well-known is OpenAPI. In this article, we’ll provide a highlight of that and…
Kafka Integration with API Management
Kafka messaging busses are becoming more prevalent in today’s enterprises. In this video, I briefly discuss why, and then demonstrate integration with an API management solution (using Layer7 as the example – if you use a different API management solution, this will likely have differences).