TechTalk: Common OAuth Security Mistakes and Threat Mitigations

With vulnerabilities recently surfacing in the OAuth implementations of popular service providers like Yammer, Instagram and Facebook, it’s hard to blame anyone for getting the impression that there are fundamental security flaws in the OAuth protocol. Francois Lascelles, Chief Architect at Layer7, answered OAuth questions live, discussed the common security mistakes made in OAuth implementations […]

API Management 301: OAuth-Based Access Control

Learn how OAuth provides standard patterns upon which you can deliver API access control In API Management Lesson 201: API Security, we examine typical areas of API vulnerability and share best practices for addressing these vulnerabilities – including the use of OAuth as an access control mechanism. In this lesson, we describe how OAuth provides standard […]

API Management 201: API Security

Identify typical areas of API vulnerability and learn best practices for securing APIs In Lesson 103: Choosing a Solution, we discuss the importance of considering functional and operational security characteristics when choosing an API Management solution. Regardless of the solution, understanding the risk profile of APIs is vital to protecting an API against attack. In this […]

API Management 102: Architectural Components

To architect an effective API Management infrastructure, it is necessary to adopt and deploy some new technology components. In this lesson, we look into specific requirements and features associated with the components of an effective API Management architecture, including security, performance, data transformation and developer management. In Lesson 101: API Management Basics, we give an overview […]

API Management 103: Choosing a Solution

In Lesson 102: Architectural Components, we explain the key technology components required for a full-featured API Management solution. There are various solutions currently on the market, a number of which meet these basic requirements. In this lesson, we provide more practical advice on how to choose between specific solutions. A large enterprise with extensive IT resources […]

API Management 101: API Management Basics

In API Design Lesson 202: Architectural Layers, we explain how key API functionality can be abstracted away from the implementation itself and handled via centralized server architecture. Here, we explain the technology components needed for this architecture and how they create the basis for an ongoing process of API Management. When launching an API program, it […]

TechTalk: Avoiding Data Silos Using Linked APIs

Practical problems that software architects on modern product teams face increasingly go far beyond the familiar. Case in point: “Big Data” doesn’t just mean petabytes of data or a data-set that doesn’t fit in a single large RDBMS, anymore. A “distributed system” doesn’t just mean a clever multi-tier architecture or even an AWS deployment happily […]