Sponsored by Layer7
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having […]
In Part 1 of this 2 part series, I discussed the challenges of the open sharing of data, and consent management model. Now I’ll wrap it up with the need for a common authentication model, shareability, and we’ll start with the most important part – who’s paying for this? Banks have to foot the billThe […]
The terms, OpenBanking and PSD-2 (Payment Services Directive-2) are largely used interchangeably nowadays to summarise the very significant challenges that are being experienced by the Global financial and Banking sector today. As a response to global financial crisis of 2006, the European Banking Association, 4000+ member banks were mandated, under the regulation, PSD-2, to empower […]
Hosts Aran and Bill were joined by Aric Day, Layer7 Solution Strategist, for an introduction to OAuth and OpenID Connect, and how these work together to ensure a hardened solution.
APIs are more important than ever in these challenging times where everything is being operated remotely. APIs make it easy to provide access to information and keep businesses running smoothly. They can also create new challenges and risks if they are not properly managed. First, security is paramount to ensure only those that are allowed […]
Like any software, APIs are subject to bugs and other errors. That makes API testing at least as important as other software testing, likely more-so. With potentially hundreds or thousands of consumers, an issue in your API could have a magnifying effect. To maintain software quality, it makes sense to have a robust approach to […]
Today more and more enterprises are jumping into the bandwagon of digital transformation. To be competitive and aligned with this digital strategy, many enterprises started converting their monolithic and/or legacy applications into microservices to achieve: Speed to market Improve evolvability Scalability Enhance composability API’s, which are the building blocks of digital transformation, have become the […]
I’ve been working in information security for nearly 45 years and started my long journey with punch cards and mainframes leading to today’s cloud and zero-trust. Our world of computing has certainly evolved, and I can’t even recall how many post-security breach investigation teams I’ve been part of or how many cyber incident management teams […]
In today’s digital world, API gateways are often the first interaction of incoming requests from the outside world. In most scenarios, enterprises place the gateways in DMZ strategically to secure, protect and throttle their internal digital assets. Hence, security for these gateways becomes crucial and they need to be properly configured and hardened. Whether it […]
Feel free to jot this down: RFC7519. We all have our favourite IETF standards, don’t we? Something we read again and again in front of the roaring fireplace with our slippers on. Something to chuckle at in darker times, to ponder over, and oh yes, to shed a tear for, whilst contemplating the sheer brilliance […]
