In this three part article, we’ll cover some of the best practices in selecting the best TLS cipher suite algorithms with your API gateways.
The Push for Zero Trust
The Zero Trust model is founded on the belief that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its resources before granting access—based on identity, trustworthiness, and context. This blog discusses the Zero Trust model and its components.
How To Protect Your Web Applications from OWASP Top Ten (part two)
In my first blog on How to Protect Your Web Applications from OWASP Top Ten, I discussed both OWASP and the OWASP Top Ten project, as well as how a properly configured API management solution can protect you against the first five of these threats. In this blog we’ll complete the Top Ten. A6 Security […]
How To Protect Your Web Applications from OWASP Top Ten (part one)
The Open Web Application Security Project (OWASP) is a non-profit foundation that works the improve the security of software through open-source projects. One such project is outlining the ten most critical security concerns for application security, known as the OWASP Top Ten. This two-part blog will take a look at each of these, and how […]
The Most Common API Authentication Methods
Unless your API is a public feed of read-only data, you likely need authentication. There are many options you could choose, which may vary depending on your use case. However, it’s unlikely you’ll need to go out and create your own authentication method. Whenever possible, use a standard that is widely implemented. Otherwise, developers will […]
API Authentication Best Practices
In this post, we’ll explore authentication methods, how to keep tokens safe, and what comes next.
API Security in a Multi-Cloud Environment
In today’s app economy, more and more client interactions and transactions are occurring via the web and mobile applications, where predominantly APIs are been used for Information Exchange. Which enables modern enterprise to break the traditional barriers and expose their on-premises and cloud-based digital assets and applications to the outside world in a secure manner. […]
API Security Architect Certification
The new certification course for API Security Architect is now available. This is an in-depth, self-paced course, and by completing this course, you will be able to: Explain the unique security risks of APIs and identify typical areas of API vulnerabilities Explain the purpose of OAuth 2.0 as a framework for authorization Describe the current […]
TechTalk: A Panel Discussion on OWASP Top 10/API Top 10
June 2020’s TechTalk had Joe Krull from Aite Group and API Academy’s own Jay Thorne join hosts Aran and Bill on a discussion around OWASP Top 10 and the newer API Top 10 and how enterprises can address common security issues around these problem areas. They also discussed the relationship between app developers and security […]
A Solid Investment – Don’t Skimp on Security Training for Developers
Over the past months in API Academy blogs I’ve provided my observations and recommendations on the importance of event and access logging and the compelling reasons why you want to avoid security misconfigurations. This month, I’ll focus on security training for developers and why you should make this investment. To remind, I’m a bit of […]