George Bernard Shaw was witty and fun. He was famous for being quotable – very much like Oscar Wilde. One of the quotes I love, and I thought was perfect for this blog: “The single biggest problem in communication is the illusion that it has taken place.” In the real world, communication is an illusion. People talk but they don’t listen. …
Category: API Security
Applying and Extending DHARMA
This post gives some practical examples of the DHARMA method for API Security in a Microservice Architecture, and also shares some opportunities for extending the model. This article shares concepts from the O’Reilly book Securing Microservice APIs. If you’re attending OSCON next week, Rob Wilson and Matt McLarty will be signing and giving away print copies during lunch…
How the facebook API led to the Cambridge Analytica Fiasco
How weak API terms of service, lack of transparency, and permissive API scopes led to the Facebook-Cambridge Analytica scandal The Facebook-Cambridge Analytica data scandal from earlier this year was not about a data breach. Nothing was hacked. It was more nuanced than that. Think: permissive API scopes, a lack of awareness about the data being accessed…
Securing Microservice APIs
Matt McLarty, Rob Wilson & Scott Morrison Sustainable and Scalable Access Control There are several techniques for controlling access to web APIs in microservice architectures, ranging from network controls to cryptographic methods and platform-based capabilities. This short ebook introduces an API access control model that you can implement on a single platform or across multiple…
A Digital Transformation Overview and API Security
We know that in the software business, experience is everything. 83% US consumers said that having a positive customer experience with a brand is more important than the actual product. And we all know that making customers happy today can be tricky. They’re very sophisticated, with high expectations, and they want to make an emotional…
A Microservices Primer
The technical definition is….microservices are design patterns to turn complex applications into simple, fine-grained, reusable, and interoperable processes that can be modified and deployed independently of each other. Ok, a bit heavy…so let’s translate that, using some mental visuals. Imagine you’re 30 years in the future and you have a great family home, Jetson’s style…
Implementing Microservices
I recently wrote about what microservices were, and why they are becoming so important. In this discussion, we’ll talk about implementing microservices, as well as touch on APIs and API Management – turns out they are crucial to a microservice architecture. Just a quick note – while you may see microservice and microservice architecture used…
Five Simple Strategies for Securing Your APIs, Revisited
I’ve been updating assets recently, and had scheduled a refresh of Scott Morrison’s eBook, Five Simple Strategies for Securing APIs. As I read through it, I found myself nodding my head over and over – Scott was just spot on. Each of his strategy points have been proven to be sound – and as importantly,…
Security vs Time to Market – What’s More Important?
If you’re involved with launching new apps, you’ve likely heard of “API Security” – the need to provide a security model that protects the APIs (and corporate and customer data within them) you expose to developers for mobile/cloud/IoT integration. And yet, some of you will likely point out that applying security to your APIs can…
The Internet of Things and Security – Redux
The recent debacle of the Nissan Leaf triggered memories. Twenty three months ago, I wrote a blog entitled The Internet of Things – Today. In that posting, I mused about the rapidly emerging IoT, and some of the cool new things that were beginning to appear, such as Anki Drive and Nest solutions. I also…