API Security Architect Certification

The new certification course for API Security Architect is now available. This is an in-depth, self-paced course, and by completing this course, you will be able to: Explain the unique security risks of APIs and identify typical areas of API vulnerabilities  Explain the purpose of OAuth 2.0 as a framework for authorization  Describe the current…

API Keys are not API Security

I recently had an interesting article show up in my Google newsfeed on API Keys, their generation, and their distribution. A group of developers posed the following question to the community: how do you build and distribute your API keys to your API consumer audience? Being immersed in APIs and API developer communities every day,…

TechTalk: A Panel on API Security

May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested…

Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain

Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…