Walking the Tight Rope of REST API Security: Best Practices Will Hold You Steady

October, besides being peak fall season is also national cyber security month, hence along with enjoying ‘pumpkin spiced chai’, it’s also a good time to discuss security of the APIs we create and work with everyday. I work with APIs a lot, particularly REST APIs, which … [Read more...]

Balancing Android Openness With Mobile Security

As one my favorite characters from the video game Deus Ex, Prichard would say, “You don't fix an entire firewall Jensen, you find the hole and you plug it.” The same can really be said about anything else in the world of technology. All software is doomed to be insecure in … [Read more...]

Secure Your API…Like A Castle

It’s been three years since I compared medieval security to web security, and a few things have happened. Mobile and wireless have evolved as the dominant platforms, while the life between personal computing and business computing has continued to fray. And, of course, … [Read more...]

API Security in REST vs SOAP

Web application and API security is paramount to digital exchanges in the connected world: the balance transfer you just made from your bank’s mobile app, those notes your doctor just entered in during your check-up, the password you just sent over SMS;  they all need to be … [Read more...]

Barcelona Speaks Out on APIs, IoT, Hypermedia and More! [Video]

APIdays Mediterranean in Barcelona Spain May 6-7 was far from just another conference. It was a unique experience to have so many talented, passionate, and dedicated professionals all in one place collaborating on APIs, microservices, and hypermedia. I had a chance to chat … [Read more...]

Ready! API 1.3 Empowers Teams with Continuous Security

Imagine that the world around you is connected together by a network of data and software. Your location, your financial information, your family photos, your musingsare all floating out there up in the cloud. Now imagine that the pipes connecting all of your personal data … [Read more...]

Is Continuous Security Part of Tinder’s API Strategy?

Have we completely forgotten that some doors need locks…that work? With companies like Apple, Tinder, and SnapChat releasing APIs that have significant security concerns, it makes you wonder what, if any, process do app and service providers have to make sure they’re safe … [Read more...]

IT Security’s Perfect Storm is Brewing

30 foot waves crashing all around. Constant rain. Cold. Hope is lost. This is the scene in George Clooney's tragic film, the Perfect Storm, which climaxes in the vain efforts of a group of sailors trying to push through a raging hurricane to get a boatful of fish to port. As … [Read more...]

Avoid Pulling a Moonpig by Security Testing Your API

What do you do to ensure that your APIs are as secure as possible and still meet your release deadlines? A major UK-based online greeting card provider, Moonpig, has been found to contain numerous security flaws in their front-facing REST API. Developer Paul Price posted … [Read more...]

The Most Common API Security Hacks of 2014 [Infographic]

2014 was the year of the API security hack. Snapchat, Twitter, Tinder – these companies and more all experienced malicious API security attacks that compromised their users’ data, and as a result, their credibility. So we looked at the hard numbers this year to determine the … [Read more...]