This article discusses adoption challenges with OAuth mTLS, steps one can take to mitigate those challenges.
For Enterprise Architects
OAuth mTLS – An Introduction to Mutual TLS for APIs
This blog introduces mTLS and discusses the advantages of combining it with OAuth 2.0 for additional security.
Three Questions for API Change Management
Adam’s latest blog discusses API Change management and how it allows us to create a process or a set of rules that shapes the way the API grows as more endpoints are added and as existing functionality changes. He then discusses the three factors to consider whenever making changes to an API.
Anti-patterns in Microservices (Don’t Do These)
Microservices are a popular approach to software architecture that aim to break up monolithic code into maintainable chunks. These discrete chunks allow for continuous delivery of a service while developing on top of what is in production. That flexibility is exciting in an agile environment, but rushing into deploying your code as a suite of microservices can put you at risk of incorporating anti-patterns that may cause significant problems down the line. In this blog, Adam discusses four common pitfalls as you start building your own microservices.
API Reliability: How SRE Yields Better APIs
In his latest article, Adam explores the role of the SRE as it relates to API strategy/design, and some of the advantages adopting this role brings to both APIs and business.
Adapting Continuous API Management for Cloud Architecture
In his latest blog, Adam discusses best practices for Continuous API Management , including several significant ways that drives change when the API is operating on cloud architecture. API management, whether on the cloud or off, comes down to discovery, documentation, monitoring, alerting, and authentication/security. How well you implement best practices in these areas will make or break your service. In this article, we’ll summarize several considerations for adapting to the cloud.
Q2 TechTalk
Our API Academy quarterly TechTalk is April 28th at 9:00AM PDT/12:00PM EDT, and has Noname Security experts joining the API Academy team for what promises to be a most interesting discussion. Our team will be talking about API Security – not only from an API management perspective (i.e. locked down gateways, best practices, secured mobile apps) but also enterprise-wide API security tactics, as well as emerging threat vectors.
Three Very Different Categories of APIs
The latest blog from Adam covers the three primary categories of APIs (Single Implementation, Internal Utility, and External Extension) and when best to choose each.
How-to Protect Your APIs from OWASP API Security Top Ten (part two)
In this second part of a two-part series, Francois takes a look at #’s 6-10 of the OWASP API Security Top 10 risks and how to best mitigate them through a secured API management solution.
How-to Protect Your APIs from OWASP API Security Top Ten – (part one)
In a recent blog series, my colleague, Bill Oakes, discussed the OWASP Top Ten web-based threats and how a proven API management solution can help mitigate against those threats. So, that covers web applications, but what about APIs? Several analysts are pinpointing APIs as one of the top attack vectors over the next four to […]