Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

There has been some recent chatter about the lack of strong, proven standards for API authentication when using the REST paradigm. Recent discussions seem to suggest that 2-Legged OAuth2 is the de-facto champion for securing so called lightweight web services based on the REST paradigm. The trouble is, for all it's hype, Enterprises looking to secure critical parts of their B2B communication and supply chain tend to view OAuth2 similar to an excited, overanxious know-it-all teenager, one that you just don't trust quite yet. In fact, in talking with some of our potential customers the chief complaint is that OAuth2 doesn't have the same trusted track record as other established standards, most notably SAML. The problem is, SAML has no official binding for REST based API communication and it is often accused of being too heavyweight due to the XML and XML security pro... (more)

Next Gen Enterprise API Architecture for Mobile

The Enterprise software industry has grown up around the standard three tier-architecture for web applications, which pioneered circa 1995. This architecture is ideal for web browsers, which have become the universal client of the Enterprise. With the introduction of Enterprise mobile applications, we are seeing new avenues for innovation, new user experiences and increased convenience. In some ways, however, we are rolling back the clock. Allow me to clarify: If we accept the premise that native mobile applications deliver the best functionality on disparate mobile platforms, w... (more)

Intel Expressway API Manager and The Rise of Mobile Middleware

I just returned from an exhilarating trip to the Gartner AADI show in Las Vegas last week. There are a lot of exciting things happening at Intel in the Data-center Software Division (DSD), especially with respect to the Expressway Product Line. First, we had our first live demo of the integrated solution that showcases Intel(R) Expressway API Manager and the Mashery API Management Portal. This is a true best of breed match between what we think is one of the best security gateways in the market and the de-facto market leader in API management, bringing the best possible product ... (more)

What’s in a Composite API Platform?

Intel recently released what we call a composite API platform with our new API Manager product. What exactly do we mean by this? A composite platform is a single platform for API management that handles both Public (sometimes called “Open”) APIs and Enterprise APIs. It’s composite because it exhibits both the cost savings of “cloud” through a multi-tenant SaaS partner portal coupled with the control of on-premises gateway for traffic management. Like a composite material, the mingling of two or more constituents gives the final solution different properties not found in either a... (more)

Elastic Scaling of APIs in the Cloud

As an Enterprise Architect for Intel IT, I worked with IT Engineering and our Software and Services group on the elastic scaling of the APIs that power the Intel AppUp® center. Our goal was to scale our APIs to at least 10x our baseline capacity (measured in transactions per second) by moving them to our private cloud, and ultimately to be able to connect to a public cloud provider for additional availability and scalability. Here’s a quick set of practices we used to achieve our goal: Virtualize everything.  This may seem obvious and is probably a no-op for new APIs, but in our... (more)