Denial of Service Attacks on The Rise!

Current industry reports for 2019 regarding Distributed Denial of Service (DDoS) attacks indicate a 776% increase for loads between 100 Gbps and 400 Gbps*.  As the demand rises for companies to expose more API’s to the public, it becomes much more important to be able to quickly respond to cybercrime threats and changing tactics.   We have recently introduced…

5 Pillars of API Management

API Academy Manage security and performance risks created by opening enterprise systems via APIs Traditional enterprise are blurring, as organizations open their on-premise data and application functionality for use in new internal and external applications. APIs form the foundation of this open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. To realize the business…

A How-to Guide to OAuth & API Security

API Academy Make OAuth implementation simple for your organization OAuth is an emerging Web standard that lets users grant third-party clients restricted access to resources they own. In the past, it was common to ask a user to share username and password information with the client. OAuth authentication is more secure as it allows the user to grant…

5 OAuth Essentials for API Access Control

API Academy Create a framework to address the complex challenges associated with implementing OAuth There are a number of important access-related challenges for API publishers. However, deploying OAuth as an authorization mechanism for enterprise APIs raises challenges around scalability, correct usage and integration. To make matters worse, OAuth is not supported by existing infrastructure and is poorly understood…

Applying and Extending DHARMA

This post gives some practical examples of the DHARMA method for API Security in a Microservice Architecture, and also shares some opportunities for extending the model. This article shares concepts from the O’Reilly book Securing Microservice APIs. If you’re attending OSCON next week, Rob Wilson and Matt McLarty will be signing and giving away print copies during lunch on Tuesday, July…

Securing Microservice APIs

Matt McLarty, Rob Wilson & Scott Morrison Sustainable and Scalable Access Control There are several techniques for controlling access to web APIs in microservice architectures, ranging from network controls to cryptographic methods and platform-based capabilities. This short ebook introduces an API access control model that you can implement on a single platform or across multiple platforms to provide…

API Management 301: OAuth-Based Access Control

Learn how OAuth provides standard patterns upon which you can deliver API access control In API Management Lesson 201: API Security, we examine typical areas of API vulnerability and share best practices for addressing these vulnerabilities – including the use of OAuth as an access control mechanism. In this lesson, we describe how OAuth provides standard patterns upon which…

Scroll to top