This latest article in a series discusses the additional security issues that arise when using mTLS, and how to mitigate those issues by combining mTLS with OAuth.
API Security
OAuth mTLS Adoption Challenges
This article discusses adoption challenges with OAuth mTLS, steps one can take to mitigate those challenges.
OAuth mTLS – An Introduction to Mutual TLS for APIs
This blog introduces mTLS and discusses the advantages of combining it with OAuth 2.0 for additional security.
API Academy Workshop with Apidays NYC 2022: API Security Deep Dive
In this session, Francois takes a deep dive into how to better protection your enterprise from bad actors. He’s following by Skip Hovsmith (Approov) who dives into API client attestation.
Apidays NYC 2022: Friends Don’t Let Friends Centralize Authorization Enforcement
Achieving an identity-centric security model is no small feat. The composable enterprise needs to be secured across multiple clouds, while providing end-users with delightful experiences, yet still maintain high levels of assurance. Oh yea… it has to scale too. This presentation shares lessons learned from our journey towards automating the distributed enforcement of access control rules, and how leveraging a symbiotic relationship between identity management and runtime API security infrastructure enables an identity mesh that spans across applications.
Scaling Token Revocation with Continuous Access Evaluation
In his latest blog, Balaji discusses continuous access evaluation and how to validate token revocation when deploying this model.
Q1 TechTalk
Our Q1 TechTalk had API Academy members Francois, Aran, and myself reminiscing about the 20th anniversary of Layer7 and the 10th anniversary of API Academy – and many of the “things” that have come and gone over the last 20 years – with a dive into protocols – past, present, and emerging. Definitely worth a watch!
How-to Protect Your APIs from OWASP API Security Top Ten (part two)
In this second part of a two-part series, Francois takes a look at #’s 6-10 of the OWASP API Security Top 10 risks and how to best mitigate them through a secured API management solution.
Can You Pattern-detect Your Way Out of the Log4j Exploit Risk?
In his latest blog, Francois Lascelles takes a look at the rather stunning log4j exploit currently impacting enterprises, and how a properly configured API management solution can mitigate the risk.
How-to Protect Your APIs from OWASP API Security Top Ten – (part one)
In a recent blog series, my colleague, Bill Oakes, discussed the OWASP Top Ten web-based threats and how a proven API management solution can help mitigate against those threats. So, that covers web applications, but what about APIs? Several analysts are pinpointing APIs as one of the top attack vectors over the next four to […]