Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

Enterprises often frustrate developers. Why do Enterprises always seem so behind when it comes to the very latest technology? In particular, a trend we are seeing is the continued struggle to marry Enterprise authentication with the burgeoning world of REST APIs. Developers want to use REST, but Enterprises need enterprise grade API security. We think this problem will only worsen as Enterprises continue their rapid adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade authentication through X.509 and SAML, will be left behind as the “Skinny jeans Facebook generation” puts the final nail in SOAP’s coffin. The Dilemma Among our own customers and the stories we’ve heard, Enterprises are left with a dilemma with four horns concerning the protection of REST APIs: (a) Use mutual authentication with client-side SSL (b) Use HTTP authentication (passwo... (more)

Intel® SOA Expressway as Secure Token Service for Lightweight Clients

Most of you are familiar with deploying Intel® SOA Expressway as a xml gateway for protecting your SOAP and REST services. I wanted to blog about another very interesting use case where SOA Expressway acts as a Secure Token Service (STS) for a lightweight client requestor. While a formal STS generally assumes WS-Trust aware clients and SOAE can support that, this need not be the case and imposes additional requirements on a lightweight client. Instead of a formal WS-Trust request, the client can pass a simple credential in the form of a username/password token and retrieve the p... (more)

Essential Elements of API Management

Here’s a question – do we really care about SOAP or REST any longer? With the advent of cloud and the increased focus on the rapidly changing software consumption model, it seems like Enterprises should come full circle back to API. What do I mean by API in this context? Yes, it’s a programming interface, but as I’ll argue in this post, it’s a generalized programming interface accessible over HTTP. I’m not talking about a .NET DLL or Java RMI interface here. General interfaces can be implemented in a few ways and the specific implementation (while important) is no longer the sal... (more)

From ESBs to API Portals, an Evolutionary Journey | Part 2

In this article series we would like to build a case that API portals, with the Intel® API Manager and Intel® Expressway Service Gateway, powered by Mashery are representative examples, are the contemporary manifestations of the SOA movement that transformed IT in the early 2000s from IT as a cost center to an equal partner in a company’s  execution of a business strategy and revenue generation.  In the introductory article in Part 1 we discussed some of the business dynamics that led to cloud computing and the service  paradigm.  Let’s now take a closer look  at the SOA transf... (more)

All Eyes on HTML5

Visionmobile released a new info-graphic earlier this week that puts some spotlight back on HTML5. While HTML5 is in third place compared to Android and iOS for development and deployment platforms, the most interesting aspect of the survey is the “App Monetisation” panel. I think the data here confirms what we intuitively already know – if you release your app on more platforms, all things being equal, you will have higher average monthly revenue. This is simply because you can expose your product to a larger unit demand. In other words, the ultimate app is the one that can qui... (more)