API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have
invested almost two decades of engineering effort and significant capital in
building API Security stacks to lockdown APIs. The API Security stack diagram
shown below is a building block for rapidly locking down APIs. The four
fundamental pillars of API Security - SSL, Identity, Content Validation and
deployment architecture - are discussed in detail below.
Here are four fundamental steps that an enterprise can take to ensure that
their APIs attack surface area is significantly reduced. To implement API
Security:
Enable SSL: One can rapidly protect API traffic by enabling SSL and changing
http to https. This is a good first step in protecting the traffic from an
API consumer to an API producer, however, the following items should be
considered in tightening secure API communication: Check X... (more)
API Security has finally entered our security zeitgeist. OWASP Top 10 2017 -
RC1 recognized API Security as a first class citizen by adding it as number
10, or A-10 on its list of web application vulnerabilities. We believe this
is just the start. The attack surface area offered by API is orders or
magnitude larger than any other attack surface area. Consider the fact the
APIs expose cloud services, internal databases, application and even legacy
mainframes over the internet. What could go wrong?
API Security has been added to OWASP Top 10 2017 - RC1. This is a
commendable step... (more)
Gateway Sessions at Cloud Expo
Security has been on the forefront of discussion in the technology community
as being the primary concern gating enterprise adoption of cloud computing.
Although this is a valid concern, most cloud providers, owing to the security
demands of maintaining a multi-tenant infrastructure, provide strong security
provisions, perhaps better than an enterprise's own data center.
Legal, compliance and process issues become more significant rather than
technical security concerns.
Moving into 2010, reliability will be a higher concern for enterprises.
Recent ou... (more)
According to Massimo Pezzini, VP and Gartner Fellow, "Federated SOA is a
systematic approach to large-scale, enterprise wide SOA that enables
organizations to integrate semi-independent SOA initiatives.
Often used to fix an initial lack of coordination, federated SOA should be
proactively pursued from the inception of major, strategic SOA initiatives."
-- Divide and Conquer: Taming Complexity Through Federated SOA.
Successful enterprise SOA implementations build on a set of localized,
project-level efforts with services that have clearly identified and
accountable business and te... (more)
I. INTRODUCTION
Throwing its hat in the Platform as a Service (PaaS) ring, Microsoft has
joined the likes for Salesforce.com and Google with its annoucement of
Microsoft Azure Platform. Microsoft Windows Azure Platform provides three
primary components:
Windows Azure: A cloud services operating system that serves as the
development, service hosting and service management environment for the
Windows Azure platform. SQL Azure: A cloud hosted relational database that
removes the burdens of RDBMS installation, patching, upgrades and overall
software management for relational databas... (more)
Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of 
Rizwan Mallal
Jason Macy
Otto Berkes
Ayman Sayed
Girish R
Jignesh Solanki
John Walsh
Kevin Sides
Business As Usual
Simon Hill
