For App Developers
OAuth mTLS Adoption Challenges
This article discusses adoption challenges with OAuth mTLS, steps one can take to mitigate those challenges.
GraphQL Schemas – From Design-time Introspection to Runtime Content Validation
This blog takes a look at GraphQL from a security perspective, and how to design a schema that meets CSO requirements.
Anti-patterns in Microservices (Don’t Do These)
Microservices are a popular approach to software architecture that aim to break up monolithic code into maintainable chunks. These discrete chunks allow for continuous delivery of a service while developing on top of what is in production. That flexibility is exciting in an agile environment, but rushing into deploying your code as a suite of microservices can put you at risk of incorporating anti-patterns that may cause significant problems down the line. In this blog, Adam discusses four common pitfalls as you start building your own microservices.
What are API Anti-Patterns?
Software design patterns are the solutions used to tackle common software development problems. Design Patterns aren’t strictly required for running code but they are essential to avoiding problems in your code. In this article, Adam takes a look at the other side – anti-patterns – a sneaky but common poor software development technique.
Continuous API Management Requires Continuous API Documentation
In his latest blog, Adam discusses the importance of continuous API documentation as your API collection grows (and likely becomes more complex).
Scaling Token Revocation with Continuous Access Evaluation
In his latest blog, Balaji discusses continuous access evaluation and how to validate token revocation when deploying this model.
Key Use Cases for GraphQL APIs
Our API Academy quarterly TechTalk is April 28th at 9:00AM PDT/12:00PM EDT, and has Noname Security experts joining the API Academy team for what promises to be a most interesting discussion. Our team will be talking about API Security – not only from an API management perspective (i.e. locked down gateways, best practices, secured mobile apps) but also enterprise-wide API security tactics, as well as emerging threat vectors.
The Push for Zero Trust
The Zero Trust model is founded on the belief that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its resources before granting access—based on identity, trustworthiness, and context. This blog discusses the Zero Trust model and its components.