Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

Intel recently released what we call a composite API platform with our new API Manager product. What exactly do we mean by this? A composite platform is a single platform for API management that handles both Public (sometimes called “Open”) APIs and Enterprise APIs. It’s composite because it exhibits both the cost savings of “cloud” through a multi-tenant SaaS partner portal coupled with the control of on-premises gateway for traffic management. Like a composite material, the mingling of two or more constituents gives the final solution different properties not found in either alone. For a public or open API it’s important to have developers interact in a shared manner, generally done through a public SaaS partner management portal. True multi-tenant SaaS offerings gives the Enterprise cost advantages, as the partner management piece is akin to running a website fo... (more)

Elastic Scaling of APIs in the Cloud

As an Enterprise Architect for Intel IT, I worked with IT Engineering and our Software and Services group on the elastic scaling of the APIs that power the Intel AppUp® center. Our goal was to scale our APIs to at least 10x our baseline capacity (measured in transactions per second) by moving them to our private cloud, and ultimately to be able to connect to a public cloud provider for additional availability and scalability. Here’s a quick set of practices we used to achieve our goal: Virtualize everything.  This may seem obvious and is probably a no-op for new APIs, but in our... (more)

Hadoop Security: Internal or External? Why Not Both!?

I saw a conversation today on Twitter that asked why we don’t just embed proper security into Hadoop instead of suggesting the API gateway approach to Hadoop security that my colleague Blake proposed.  The same could be asked about any number of applications and services, but the bottom line is that we believe that a two-pronged approach is best. Internally, we have dramatically improved Hadoop’s security capabilities via Project Rhino.  This enables best security practices like encryption at rest, which cannot be implemented anywhere else.  We are also working to standardize th... (more)

The API Economy

The API Economy is launched and it’s not too late to join in the fun. According to Pew Research, 91% of American adults have a cell phone and 34% of American adults own a tablet computer. The proliferation of mobile devices opens up a multitude of business growth opportunities through the exposure of Application Programming interfaces (APIs). API Economy leaders are generating real revenues from APIs. Salesforce.com generates more than half of its revenue through APIs’. Twitter, Google and Amazon are deriving revenue from API transactions that number in the billions. How can my b... (more)

Enterprise APIs and OAuth: Have it All

Enterprises often frustrate developers. Why do Enterprises always seem so behind when it comes to the very latest technology? In particular, a trend we are seeing is the continued struggle to marry Enterprise authentication with the burgeoning world of REST APIs. Developers want to use REST, but Enterprises need enterprise grade API security. We think this problem will only worsen as Enterprises continue their rapid adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade authentication through X.509 and SAML, will be left behind as the “Skinny jeans Faceboo... (more)