Security Zeitgeist: Unprotected APIs are at high-risk and should be protected by enforcing API Security Policies

API Security

Subscribe to API Security: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get API Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

api security Authors: Pat Romanski, Madhavan Krishnan, VP, Cloud Solutions, Virtusa, Elizabeth White, SmartBear Blog, Mamoon Yunus

Related Topics: API Security

api security: Blog Feed Post

API Security - protecting yourself from being the next breach - Boston API Craft Meetup

Over on ProgrammableWeb, Jennifer Wiggins has written a great round-up of discussion about the Buffer API security breach. Although it happened back in 2013, it continues to be a widely-cited API security issue. As Jennifer mentions, one of the recommendations is to use standards, such as OAuth. Ironically, the implementation of those standards themselves has to be secure.

Another good practice is to take advantage of two essential approaches: (a) API Security Testing to proactively probe for vulnerabilities, and (b) an API Gateway to provide protection.

API Security testing is an emerging category, and it's one which I'd argue is distinct from its cousin, Web Application Security. API Security testing has been a big interest of mine for a long time - I recall presenting about REST security at OWASP back in (yikes) 2005. Fast forward to today, and Smartbear is a vendor which provides API Security testing products (see this great blog post on the topic from them: API Security Testing: Think like a bad guy). This, alongside the fact that they are spread between Boston and Ireland, means they are a vendor after my own heart :). API Security testing complements API Gateways very well, as the yin and yang of security - testing and protection.

Next Thursday, June 18, I'm speaking alongside Mike Giller from Smartbear on the topic of "Beyond the OWASP Top Ten – protecting your API from new threats". It's at the Boston API Craft meetup, at 6.30pm at the Smartbear offices in Somerville. Come along if you're interested in API Security (and in not being the next big API Security publicized breach...)

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.