Why Insufficient Logging and Monitoring Can Help Attackers Hide in Plain Sight

I’ve been working in information security for nearly 45 years and started my long journey with punch cards and mainframes leading to today’s cloud and zero-trust. Our world of computing has certainly evolved, and I can’t even recall how many post-security breach investigation teams I’ve been part of or how many cyber incident management teams…

API Monitoring Across the API Lifecycle

Developers often can’t control API downtime, but they can certainly monitor for it. Yet, sending periodic pings to a service is only one of many ways to use API monitoring. To avoid common API headaches, you can apply monitoring principles across the entire API lifecycle, starting before you’ve written a single line of code. Design…

API Design Best Practices for Enterprises

Your API program will see more success with a thoughtful API design phase. Effort spent on architecture often returns as time saved during other phases of your project. These efficiencies add up across the hundreds or thousands of APIs you support. Your API design should be backed by your company’s strategy and focused on real…

Managing the Effect of Slow Back-end Systems

Introduction: API deployments need to maintain a stable network behaviour, with widely varying back end systems. In a previous article, I talked about the need to maintain user experience. In a Layer7  API Gateway based deployment, back end systems that have high latency have some very interesting side effects. To effectively manage a gateway in…

How To: Validate Your OAuth Implementation

Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that you’ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, it’s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access…