Blog

Featured image for Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

APIs are the lifeblood of modern web applications. They’re crucial elements of any digital transformation as the provide the sinew that allows data to flow freely between internal development teams and external customers with agility and speed. But, their usage comes with a tradeoff, as their complexity can lead to security, risk, and privacy nightmares...
Read More
Featured image for Dynamic Data Sharing Agreements and Progressive Consent

Dynamic Data Sharing Agreements and Progressive Consent

Consumers are increasingly demanding companies become more thoughtful with their privacy and data. The fact that companies like Facebook have failed to put proper safeguards on “who sees what when” has created an increase in consumer data protection laws driven by the very subjects of that data – people. Of course, it’s almost impossible for...
Read More
Featured image for OAuth at 100, 200...500k flows per second and Beyond

OAuth at 100, 200...500k flows per second and Beyond

OAuth and OIDC have become the center point of any API and Identity infrastructure.  OAuth2 created a framework allowing every user, device, person, service and thing to support their own distributed means of delegated authorization using a combination of scopes and grants.  From smart speakers to connected cars, OAuth and APIs connect everything in the...
Read More
Featured image for Securely Modernizing traditional applications into multi-cloud aware services using Cloudentity & HashiCorp Consul

Securely Modernizing traditional applications into multi-cloud aware services using Cloudentity & HashiCorp Consul

Organizations are developing and deploying distributed services across the hybrid cloud and are facing four major issues which we will be addressing in this two-part series. Bridging traditional and cloud-native API services with an identity-centric security and request routingStandardized approach for authorization and sensitive privacy data security in cloud-first organizationsMeeting compliance standards for authorization and...
Read More
Featured image for Where AuthN becomes AuthZ

Where AuthN becomes AuthZ

Cloudentity provides a robust set of tools to manage Identity and API security, or the complete chain from Authentication with our CIAM platform and Authorization with our API security enforcement gateways, sidecars and other tools. But even when we think of Authentication as Identity and Authorization as Enforcement, there’s still confusion about where AuthN leaves...
Read More
Featured image for Recommendations for the OWASP API Security Top 10 Vulnerability List

Recommendations for the OWASP API Security Top 10 Vulnerability List

Abstract: This white paper examines the OWASP API Security Top 10 list providing analysis and recommendations for enterprises, including how a context-aware security model can protect you against these vulnerabilities.  About the OWASP and the Top 10 Web Application Security Risks  Open Web Application Security Project (OWASP) is a non-profit, collaborative organization that publishes awareness...
Read More
Featured image for The Three Types of Breaches

The Three Types of Breaches

We frequently post news about data breaches. Sometimes it seems almost too frequently because companies are suffering hacking, data exposure and extortion almost every day.  While the news becomes almost repetitive, the frequency of these breaches shows a definite trend. There are really three main ways that bad actors are getting access to corporate data....
Read More
Featured image for DoorDash Breach: 4.9 Million Customers and Merchants

DoorDash Breach: 4.9 Million Customers and Merchants

DoorDash, the folks who bring you your Big Macs and local fresh mex, disclosed that the personal data of 4.9 million customers, workers and merchants was compromised including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords (it wasn't made clear what kind of algorithm they use to hash...
Read More
Featured image for YouTube Hack: When 2FA isn’t quite enough

YouTube Hack: When 2FA isn’t quite enough

Hackers targeted a number of high-profile, “influencer” YouTube accounts using a coordinated phishing attack. “Phishing” is where a notification (email, text, etc.) pretends to be the provider, leads the individual to a site that looks very, very much like the real site. Then they get the individual to enter valid credentials, which they steal and...
Read More
Featured image for Open Banking and Cloudentity Walkthrough

Open Banking and Cloudentity Walkthrough

Open Banking is coming to the rest of the world, and Cloudentity's Identity and Authorization for APIs provides the required mix of tools to automate the process of developers connecting to banking APIs while securing access down the the consumer consent of individual kinds of activities. Here's a walkthrough of how some of these features...
Read More
Featured image for Breach: Ticketing company Get exposes 50,000 Australian Students

Breach: Ticketing company Get exposes 50,000 Australian Students

For the second time, University ticketing company Get exposed student data by leaving it exposed through an unsecured API; we know the balance of security and convenience can slow down development, but to have the website use a completely unsecure API is unconscionable. A user on Redit was able to probe the API without any...
Read More