API Keys are not API Security

I recently had an interesting article show up in my Google newsfeed on API Keys, their generation, and their distribution. A group of developers posed the following question to the community: how do you build and distribute your API keys to your API consumer audience? Being immersed in APIs and API developer communities every day,…

Next TechTalk Session is June 24

On June 24, Aran and Bill are joined by researchers from Aite Group to talk about both the OWASP Top 10 web-based threats and the OWASP Top 10 API threats. Every month, join hosts Aran White and Bill Oakes for the reboot of our popular live webinar series, where we discuss both industry trends and…

TechTalk: A Panel on API Security

May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested…

Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain

Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…

Top Ten GraphQL Myths Debunked

There are a lot of myths out there (flying horse, anyone?). There’s even myths about GraphQL, which can lead to misunderstandings around it’s use cases, and even at times unwarranted fears over it’s usage. Let’s take a look at the top 10 most common GraphQL myths and see if we can’t assuage some worries and…