API Security Archives - Page 2 of 8

OAuth mTLS Adoption Challenges

By Adam DuVanderPosted on November 21, 2022November 21, 2022

This article discusses adoption challenges with OAuth mTLS, steps one can take to mitigate those challenges.

OAuth mTLS – An Introduction to Mutual TLS for APIs

By Adam DuVanderPosted on November 4, 2022November 7, 2022

This blog introduces mTLS and discusses the advantages of combining it with OAuth 2.0 for additional security.

API Academy Workshop with Apidays NYC 2022: API Security Deep Dive

By Francois LascellesPosted on August 30, 2022September 1, 2022

In this session, Francois takes a deep dive into how to better protection your enterprise from bad actors. He’s following by Skip Hovsmith (Approov) who dives into API client attestation.

Apidays NYC 2022: Friends Don’t Let Friends Centralize Authorization Enforcement

By Francois LascellesPosted on August 10, 2022September 1, 2022

Achieving an identity-centric security model is no small feat. The composable enterprise needs to be secured across multiple clouds, while providing end-users with delightful experiences, yet still maintain high levels of assurance. Oh yea… it has to scale too. This presentation shares lessons learned from our journey towards automating the distributed enforcement of access control rules, and how leveraging a symbiotic relationship between identity management and runtime API security infrastructure enables an identity mesh that spans across applications.

Scaling Token Revocation with Continuous Access Evaluation

By Balaji Radhakrishnan, PMP, CISSPPosted on May 15, 2022January 10, 2023

In his latest blog, Balaji discusses continuous access evaluation and how to validate token revocation when deploying this model.

Q1 TechTalk

By Bill Oakes, CISSPPosted on January 27, 2022November 7, 2022

Our Q1 TechTalk had API Academy members Francois, Aran, and myself reminiscing about the 20th anniversary of Layer7 and the 10th anniversary of API Academy – and many of the “things” that have come and gone over the last 20 years – with a dive into protocols – past, present, and emerging. Definitely worth a watch!

How-to Protect Your APIs from OWASP API Security Top Ten (part two)

By Francois LascellesPosted on January 11, 2022January 11, 2022

In this second part of a two-part series, Francois takes a look at #’s 6-10 of the OWASP API Security Top 10 risks and how to best mitigate them through a secured API management solution.

Can You Pattern-detect Your Way Out of the Log4j Exploit Risk?

By Francois LascellesPosted on December 13, 2021December 13, 2021

In his latest blog, Francois Lascelles takes a look at the rather stunning log4j exploit currently impacting enterprises, and how a properly configured API management solution can mitigate the risk.

How-to Protect Your APIs from OWASP API Security Top Ten – (part one)

By Francois LascellesPosted on November 30, 2021November 30, 2021

In a recent blog series, my colleague, Bill Oakes, discussed the OWASP Top Ten web-based threats and how a proven API management solution can help mitigate against those threats. So, that covers web applications, but what about APIs? Several analysts are pinpointing APIs as one of the top attack vectors over the next four to […]

API Gateway Cipher Suite Best Practices – Part 1

By Daniel GaudetPosted on October 18, 2021October 18, 2021

In this three part article, we’ll cover some of the best practices in selecting the best TLS cipher suite algorithms with your API gateways.