Blog

Featured image for What is OAuth 2.1?

What is OAuth 2.1?

Introduction The challenge with creating web standards and frameworks is that technology evolves so quickly that within a short amount of time your framework is already out of date. This is especially true for web-based application development, given how different the world looks today than it did in 2012 when the spec was first introduced....
Read More
Featured image for CCPA Compliance with Privacy Ledger

CCPA Compliance with Privacy Ledger

New consumer data privacy regulations seem to be emerging monthly, at a time when most companies are struggling to keep up with existing legal requirements and growing demands from consumers. Embracing customer privacy is increasingly an indication of a healthy brand, providing consumers the confidence needed to share their personal data. This generates consumer trust and builds brand loyalty, allowing brands to be more competitive through an increased level...
Read More
Featured image for API Security? Your API Gateway is not enough.

API Security? Your API Gateway is not enough.

In a review of the API Threat landscape and OWASP API top 10 one finds a diverse spectrum of threats across variety of disciplines including Identity, Inspection, Policy Management, Enforcement and Audit. Unfortunately, a similar review of architecture teams reveals a complex problem.  Architecture teams are expecting API Gateways to provide security protection mechanisms to...
Read More
Featured image for Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

APIs are the lifeblood of modern web applications. They’re crucial elements of any digital transformation as the provide the sinew that allows data to flow freely between internal development teams and external customers with agility and speed. But, their usage comes with a tradeoff, as their complexity can lead to security, risk, and privacy nightmares...
Read More
Featured image for Dynamic Data Sharing Agreements and Progressive Consent

Dynamic Data Sharing Agreements and Progressive Consent

Consumers are increasingly demanding companies become more thoughtful with their privacy and data. The fact that companies like Facebook have failed to put proper safeguards on “who sees what when” has created an increase in consumer data protection laws driven by the very subjects of that data – people. Of course, it’s almost impossible for...
Read More
Featured image for OAuth at 100, 200...500k flows per second and Beyond

OAuth at 100, 200...500k flows per second and Beyond

OAuth and OIDC have become the center point of any API and Identity infrastructure.  OAuth2 created a framework allowing every user, device, person, service and thing to support their own distributed means of delegated authorization using a combination of scopes and grants.  From smart speakers to connected cars, OAuth and APIs connect everything in the...
Read More
Featured image for Securely Modernizing traditional applications into multi-cloud aware services using Cloudentity & HashiCorp Consul

Securely Modernizing traditional applications into multi-cloud aware services using Cloudentity & HashiCorp Consul

Organizations are developing and deploying distributed services across the hybrid cloud and are facing four major issues which we will be addressing in this two-part series. Bridging traditional and cloud-native API services with an identity-centric security and request routingStandardized approach for authorization and sensitive privacy data security in cloud-first organizationsMeeting compliance standards for authorization and...
Read More
Featured image for Where AuthN becomes AuthZ

Where AuthN becomes AuthZ

Cloudentity provides a robust set of tools to manage Identity and API security, or the complete chain from Authentication with our CIAM platform and Authorization with our API security enforcement gateways, sidecars and other tools. But even when we think of Authentication as Identity and Authorization as Enforcement, there’s still confusion about where AuthN leaves...
Read More
Featured image for Recommendations for the OWASP API Security Top 10 Vulnerability List

Recommendations for the OWASP API Security Top 10 Vulnerability List

Abstract: This white paper examines the OWASP API Security Top 10 list providing analysis and recommendations for enterprises, including how a context-aware security model can protect you against these vulnerabilities.  About the OWASP and the Top 10 Web Application Security Risks  Open Web Application Security Project (OWASP) is a non-profit, collaborative organization that publishes awareness...
Read More
Featured image for DoorDash Breach: 4.9 Million Customers and Merchants

DoorDash Breach: 4.9 Million Customers and Merchants

DoorDash, the folks who bring you your Big Macs and local fresh mex, disclosed that the personal data of 4.9 million customers, workers and merchants was compromised including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords (it wasn't made clear what kind of algorithm they use to hash...
Read More