API Security

Featured image for When your modern IAM platform isn't modern: the case for authorization and identity microservices.

When your modern IAM platform isn't modern: the case for authorization and identity microservices.

By Nathanael Coffing, CSO and co-founder of Cloudentity A couple of weeks ago, a leading identity provider suffered a zero-day vulnerability that was immediately used maliciously to compromise financial, retail and healthcare customers.   The big question is— why was this "modern" IAM platform so appealing to security researchers and hackers alike, and how can we,...
Read More
Featured image for The Experian Credit Score Breach: What Happened and How to Prevent Future API Data Breaches

The Experian Credit Score Breach: What Happened and How to Prevent Future API Data Breaches

Last week, the public was notified about a pretty serious Experian API-related incident leading to the potential public exposure of credit scores for millions of Americans. What Went Wrong? Experian’s credit score API drew the attention of a security researcher Bill Demirkapi. It started innocently with him looking around for student loan options. He bumped...
Read More
Featured image for How to Unlock the Potential of the API Economy. (Part 1)

How to Unlock the Potential of the API Economy. (Part 1)

By Gary Zimmerman, TechVision Marc Andreessen famously said, “Software is eating the world”, but what does this mean? In short, software is a digital means to drive marginal costs of transactions of any kind – human-to-human, human-to-machine, business-to-human, and machine to machine, et al. – to zero. And as companies become digital enterprises, they are...
Read More
Featured image for How to Unlock the Potential of the API Economy. (Part 2)

How to Unlock the Potential of the API Economy. (Part 2)

By Gary Zimmerman, TechVision Research In part 1 of this API economy blog series, we described how companies are becoming API-first companies in how they are addressing the emerging API economy and how API management is key to the success of those efforts. Another key to success is addressing resource access and data protection policy...
Read More
Featured image for OB 101: A Quick and Simple Guide to Open Banking Adoption

OB 101: A Quick and Simple Guide to Open Banking Adoption

Open Banking is globally disruptive and growing exponentially, spurring innovation in financial services. It was developed to create software standards and industry guidelines to drive competition and innovation in the financial services industry. Successful Open Banking APIs have increased by ,10x over the last 18 months and continues to accelerate during the pandemic. Now, Open...
Read More
Featured image for Object level Authorization for s3 buckets with the Authorization Control Plane

Object level Authorization for s3 buckets with the Authorization Control Plane

What do CapitalOne, Prestige Software,  ManageCartUber, Accenture and the DOD all have in common?  Major breaches through Amazon S3 buckets.   Amazon’s regular security updates in 2017, 2018, 2019 and 2020 have done little to slow the tide of data leaks.     The core problem for S3 is one of authorization both from a scale and a granularity/management perspective. ...
Read More
Featured image for What is OAuth 2.1?

What is OAuth 2.1?

Introduction The challenge with creating web standards and frameworks is that technology evolves so quickly that within a short amount of time your framework is already out of date. This is especially true for web-based application development, given how different the world looks today than it did in 2012 when the spec was first introduced....
Read More
Featured image for API Security? Your API Gateway is not enough.

API Security? Your API Gateway is not enough.

In a review of the API Threat landscape and OWASP API top 10 one finds a diverse spectrum of threats across variety of disciplines including Identity, Inspection, Policy Management, Enforcement and Audit. Unfortunately, a similar review of architecture teams reveals a complex problem.  Architecture teams are expecting API Gateways to provide security protection mechanisms to...
Read More
Featured image for Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

APIs are the lifeblood of modern web applications. They’re crucial elements of any digital transformation as the provide the sinew that allows data to flow freely between internal development teams and external customers with agility and speed. But, their usage comes with a tradeoff, as their complexity can lead to security, risk, and privacy nightmares...
Read More