In today’s digital ecosystem, enterprises are monetizing their valuable digital assets byconverting and exposing them as APIs. While APIs are building blocks of a digitalecosystem, exposing them to the outside world effectively and securely is key for theirsuccess. This business strategy accomplishment (exchange of information and creatingan ecosystem, etc.,) is dependent on an API management […]
API Security
API Security – Today’s Virtual Moat
This blog takes a look at medieval methods to secure the castle – and how those methods actually translate directly to how modern enterprises protect their resources.
OAuth mTLS – Added Security Challenges
This latest article in a series discusses the additional security issues that arise when using mTLS, and how to mitigate those issues by combining mTLS with OAuth.
OAuth mTLS Adoption Challenges
This article discusses adoption challenges with OAuth mTLS, steps one can take to mitigate those challenges.
OAuth mTLS – An Introduction to Mutual TLS for APIs
This blog introduces mTLS and discusses the advantages of combining it with OAuth 2.0 for additional security.
API Academy Workshop with Apidays NYC 2022: API Security Deep Dive
In this session, Francois takes a deep dive into how to better protection your enterprise from bad actors. He’s following by Skip Hovsmith (Approov) who dives into API client attestation.
Apidays NYC 2022: Friends Don’t Let Friends Centralize Authorization Enforcement
Achieving an identity-centric security model is no small feat. The composable enterprise needs to be secured across multiple clouds, while providing end-users with delightful experiences, yet still maintain high levels of assurance. Oh yea… it has to scale too. This presentation shares lessons learned from our journey towards automating the distributed enforcement of access control rules, and how leveraging a symbiotic relationship between identity management and runtime API security infrastructure enables an identity mesh that spans across applications.
Scaling Token Revocation with Continuous Access Evaluation
In his latest blog, Balaji discusses continuous access evaluation and how to validate token revocation when deploying this model.
Q1 TechTalk
Our Q1 TechTalk had API Academy members Francois, Aran, and myself reminiscing about the 20th anniversary of Layer7 and the 10th anniversary of API Academy – and many of the “things” that have come and gone over the last 20 years – with a dive into protocols – past, present, and emerging. Definitely worth a watch!
How-to Protect Your APIs from OWASP API Security Top Ten (part two)
In this second part of a two-part series, Francois takes a look at #’s 6-10 of the OWASP API Security Top 10 risks and how to best mitigate them through a secured API management solution.