Most organizations want to move quickly, but aren’t willing to trade uptime or quality in order to move faster. The desire for innovation and speed puts pressure on developers to shorten their release cadence, which could leave errors undetected. When the world of developers and operations collide, the organizational boundaries can create roadblocks. Two common…
Category: App Development
SRE vs DevOps for APIs
How do you expand API functionality while also ensuring existing mission-critical features continue to operate under stress? API development teams tend to focus on new features, while operations teams focus on stability. In the past, this difference in focus often led to these teams working at cross-purposes and made API development difficult. In recent years,…
How To Protect Your Web Applications from OWASP Top Ten (part two)
In my first blog on How to Protect Your Web Applications from OWASP Top Ten, I discussed both OWASP and the OWASP Top Ten project, as well as how a properly configured API management solution can protect you against the first five of these threats. In this blog we’ll complete the Top Ten. A6 Security…
NA API Academy Virtual Workshop 2020 Replay
Here’s the replay of the North America API Academy Virtual Workshop from July 15, 2020. The agenda was the keynote on API strategy with John Cocke of HCL, followed by a discussion on API design with Academy members Jaime Ryan and Aran White. Jay Thorne of the Academy then discussed microservices and service mesh, and…
The Longest Stage of the API Lifecycle
Right now someone is powering up an original iPhone. On their home screen, they’re tapping the icon for a 10 year old app. As it loads, it calls an endpoint that a development team would rather not maintain. For many APIs, a life of suspended animation is a big part of their story. In API…
TechTalk: A Panel Discussion on OWASP Top 10/API Top 10
June 2020’s TechTalk had Joe Krull from Aite Group and API Academy’s own Jay Thorne join hosts Aran and Bill on a discussion around OWASP Top 10 and the newer API Top 10 and how enterprises can address common security issues around these problem areas. They also discussed the relationship between app developers and security…
A Solid Investment – Don’t Skimp on Security Training for Developers
Over the past months in API Academy blogs I’ve provided my observations and recommendations on the importance of event and access logging and the compelling reasons why you want to avoid security misconfigurations. This month, I’ll focus on security training for developers and why you should make this investment. To remind, I’m a bit of…
You Bet That APIs Power DevOps Tools
Which came first, APIs or DevOps? Though the two are complementary, the answer here is clear. There are major benefits of DevOps in your API lifecycle, but APIs are likely responsible for the growth in DevOps methodologies. The Cloud, modern code reviews, and continuous integration all depend on APIs. APIs Cause Cloud Formations Plenty has…
Istio and Mesh are a Microservices Deployment Framework
And Together, They Need to have Business Context The industry and our customers have expressed a great interest in Istio and service mesh over the past couple of months. I find this interesting because the tool represents the next evolutionary step, but is not without a few downsides. My focus in API management has sharpened…
Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…